Closed Bug 520895 Opened 11 years ago Closed 11 years ago
AVG Finds Firefox as trojan
When you try to download firefox, AVG thinks that it is a trojan see screenshot at http://zzxc.net/sumo/pilif12p/VirusAlert.PNG
This has been reported several times in the past hour on support.mozilla.com.
taking, will work with AV-vendors on this. We are also tracking a issue with avg and thunderbird in Bug 520777
Assignee: nobody → cbook
this seems to be a problem with signatures and is a false positive i guess. Another Virus Scan (jotti.viruscan) show no indication of a virus http://virusscan.jotti.org/en/scanresult/fd8b78c273c11d45b8ecb0a99ae1556d0461a5e2/f372e4bc318e9659a57641b0e68943c352505a0f However, AVG and TheHacker (another AV that seem to have this false positive) are informed now. Will update this bug when i get a response from this vendors, should be in a few hours.
AVG confirmed this as false-positive: "Unfortunately, the current virus database version may detect the mentioned virus on some legitimate applications. We can confirm that it is a false alarm. We would like to inform you that the false positive will be removed in the next Definitions update. Please update your AVG and if a new Definitions update was downloaded, check whether the file is still detected. If you need to restore deleted files from AVG Virus Vault you can do it this way: - Open AVG user interface. - Choose "Virus Vault" option from the "History" menu. - Locate the file that was incorrectly removed and select it (one click). - Click on the "Restore" button. We are sorry for the inconvenience. " will leave this bug open till we get confirmation from users and also feedback from thehacker (i think they might use the same AV engine as AVG)
also installed avg free on a test vm tested 3.5.3 installer from various mirrors and can confirm its not detected as virus: "Scan ""Shell extension scan"" was finished." "No infection was found during this scan" "Folders selected for scanning:";"C:\Firefox Setup 3.5.3-1.exe;C:\Firefox Setup 3.5.3-2.exe;C:\Firefox Setup 3.5.3-4.exe;C:\Firefox Setup 3.5.3-5.exe;" "Scan started:";"Wednesday, October 07, 2009, 12:53:01 PM" "Scan finished:";"Wednesday, October 07, 2009, 12:53:03 PM (1 second(s))" "Total object scanned:";"4" AVG Version: 8.5.421 Anti Virus Database has the Version: 270.14.5/2419
(In reply to comment #5) Can we get this on a webpage from AVG so that we can link users to it?
A user on SUMO reported that the installer is being detected as "Trojan horse Downloader.BanloadAPJF" with virus database version 270.14.5/2419, so it appears that this is not fixed yet for all users.
(In reply to comment #10) > A user on SUMO reported that the installer is being detected as "Trojan horse > Downloader.BanloadAPJF" with virus database version 270.14.5/2419, so it > appears that this is not fixed yet for all users. also AVG Version: 8.5.421? seems they have pushed also a program update recently
also thehacker AV confirmed this problem is a result of a false-positive and now fixed "The file is considering as a false positive so that our last update corrects that detail. Yours sincerely, Victor Arroyo Cauti. Hacksoft"
I just got the same problem yesterday downloading the portuguese version. It detects it as an trojan Downloaded the english version and nothing it didn't.
It seems to be happening again, but a different name this time. Its "Trojan-Downloader - Win32 Banload.aips" See https://support.mozilla.com/en-US/forum/1/469767
(In reply to comment #14) > It seems to be happening again, but a different name this time. Its > "Trojan-Downloader - Win32 Banload.aips" > > See https://support.mozilla.com/en-US/forum/1/469767 Now its zonealarm too... I guess i should have learned to read the thread in its entirety. But can anyone reproduce?
This is no longer being reported in support, it seems to be fixed in the latest AVG updates.
(In reply to comment #16) > This is no longer being reported in support, it seems to be fixed in the latest > AVG updates. thanks , marking as works for me
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.