AVG Finds Firefox as trojan

RESOLVED WORKSFORME

Status

()

Firefox
General
--
critical
RESOLVED WORKSFORME
8 years ago
8 years ago

People

(Reporter: tanner, Assigned: Tomcat)

Tracking

({common-issue-})

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
When you try to download firefox, AVG thinks that it is a trojan

see screenshot at http://zzxc.net/sumo/pilif12p/VirusAlert.PNG
This has been reported several times in the past hour on support.mozilla.com.
Keywords: common-issue+
(Assignee)

Comment 2

8 years ago
taking, will work with AV-vendors on this.

We are also tracking a issue with avg and thunderbird in Bug 520777
Assignee: nobody → cbook
(Assignee)

Comment 3

8 years ago
this seems to be a problem with signatures and is a false positive i guess. Another Virus Scan (jotti.viruscan) show no indication of a virus 

http://virusscan.jotti.org/en/scanresult/fd8b78c273c11d45b8ecb0a99ae1556d0461a5e2/f372e4bc318e9659a57641b0e68943c352505a0f

However, AVG and TheHacker (another AV that seem to have this false positive) are informed now. 

Will update this bug when i get a response from this vendors, should be in a few hours.

Comment 4

8 years ago
http://support.mozilla.com/en-US/kb/Firefox+is+reported+to+be+infected+with+a+trojan+or+virus
(Assignee)

Comment 5

8 years ago
AVG confirmed this as false-positive:

"Unfortunately, the current virus database version may detect the
mentioned virus on some legitimate applications. We can confirm that
it is a false alarm. We would like to inform you that the false
positive will be removed in the next Definitions update. Please update
your AVG and if a new Definitions update was downloaded, check whether
the file is still detected.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience.
"

will leave this bug open till we get confirmation from users and also feedback from thehacker (i think they might use the same AV engine as AVG)
(Assignee)

Updated

8 years ago
Duplicate of this bug: 520925
(Assignee)

Updated

8 years ago
Duplicate of this bug: 520946
(Assignee)

Comment 8

8 years ago
also installed avg free on a test vm tested 3.5.3 installer from various mirrors and can confirm its not detected as virus:

"Scan ""Shell extension scan"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"C:\Firefox Setup 3.5.3-1.exe;C:\Firefox Setup 3.5.3-2.exe;C:\Firefox Setup 3.5.3-4.exe;C:\Firefox Setup 3.5.3-5.exe;"
"Scan started:";"Wednesday, October 07, 2009, 12:53:01 PM"
"Scan finished:";"Wednesday, October 07, 2009, 12:53:03 PM (1 second(s))"
"Total object scanned:";"4"

AVG Version: 8.5.421
Anti Virus Database has the Version: 270.14.5/2419

Comment 9

8 years ago
(In reply to comment #5)
Can we get this on a webpage from AVG so that we can link users to it?
A user on SUMO reported that the installer is being detected as "Trojan horse Downloader.BanloadAPJF" with virus database version 270.14.5/2419, so it appears that this is not fixed yet for all users.
(Assignee)

Comment 11

8 years ago
(In reply to comment #10)
> A user on SUMO reported that the installer is being detected as "Trojan horse
> Downloader.BanloadAPJF" with virus database version 270.14.5/2419, so it
> appears that this is not fixed yet for all users.

also AVG Version: 8.5.421?  seems they have pushed also a program update recently
(Assignee)

Comment 12

8 years ago
also thehacker AV confirmed this problem is a result of a false-positive and now fixed

"The file is considering as a false positive so that our last update corrects that detail.
Yours sincerely,
Victor Arroyo Cauti.
Hacksoft"

Comment 13

8 years ago
I just got the same problem yesterday downloading the portuguese version.
It detects it as an trojan
Downloaded the english version and nothing it didn't.
(Reporter)

Comment 14

8 years ago
It seems to be happening again, but a different name this time. Its "Trojan-Downloader - Win32 Banload.aips"

See https://support.mozilla.com/en-US/forum/1/469767
(Reporter)

Comment 15

8 years ago
(In reply to comment #14)
> It seems to be happening again, but a different name this time. Its
> "Trojan-Downloader - Win32 Banload.aips"
> 
> See https://support.mozilla.com/en-US/forum/1/469767

Now its zonealarm too... I guess i should have learned to read the thread in its entirety. But can anyone reproduce?
This is no longer being reported in support, it seems to be fixed in the latest AVG updates.
Keywords: common-issue+ → common-issue-
(Assignee)

Comment 17

8 years ago
(In reply to comment #16)
> This is no longer being reported in support, it seems to be fixed in the latest
> AVG updates.

thanks , marking as works for me
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.