AVG ver 7.0 [02/18/05 virus db]

A while back, I DL'ed a file from DougKnox site (XP Security Console). It is a zip file which I extracted and ran the exe and had a look at the program. Didn't use it for anything.

Fast forward to Virus scan of 02/18/05 0800hrs - nothing found. Auto update of latest virus database happened on 02/18/05 later in the day. Virus scan of 02/19/05 0800hrs found "Trojan Horse IRC/Backdoor.SdBot.131.AZ" in the zip file and in the exe file. AVG deleted the one in the exe and moved the other one in the zip file to the virus vault.

I sent Doug Knox an email about it so he could check his file for this thing.

Anyone had the same experience?

 

If you downloaded the file from Doug Knox's site I really doubt there's anything wrong with the file. I had a look at it and scanned it with my AV (Etrust) and it found nothing. I believe the program is written by Doug. If you got it from his site, I would guess AVG has come up with a false positive. Maybe you should submit the file to them and see what they have to say about it.

 

I have a batch file that I created that is judged to be a virus but only by the online scan done by Panda at this time. Originally it was also detected as such by McAfee (when I used it) and I reported it to them. They took steps to correct that false positive. I received good service from them although they seemed a bit dense at the time.

I leave it unreported to Panda since it's a nice check to see if their scan is thorough. It's kinda like my own personal Eicar Test File.

These one-eyed monsters can fool any virus checker made.

 

I have DL'ed the file again and extracted again and AVG says it is a virus again. I scanned with Housecall on line and it passes. I went to the AVG forum and did a search for the "virus" and they disavow all knowledge of it.

I scanned with Heuristics turned off and it still found the thing. I'll try some more online scan and see if I can get a consensus reading.

Any other AVG users getting the same results? Link

 

Stick around and I'll set it up and see if it treats me the same way...

 

It's Ok Bill, they're not picking on you. It shows up as a Trojan for me too! I didn't install it, just unzipped and then checked the folder. I'm a little miffed that AVG didn't alert me as soon as it was unzipped. I'll have to check that out since I rarely ever manually scan things - just assume I'm protected. Maybe it would if it was a real trojan and not a false positive.

 

Ok, further testing reveals that if I try to open the expanded folder, AVG alert me about the Trojan within so I guess that's good enough for me.

I'm using base # 266.1.0 which was the latest update as of 2/18. Nothing newer today yet.

 

Thanks 'Dude.

Luckily it's a program I decided I didn't need but still they ought not to pick on Doug Knox's stuff.

 

I couldn't agree more, he and Kelly Theriot are the masters as far as I'm concerned and I'd trust them above any AV proggy.

BTW, I found out why AVG7 wasn't catching this sooner, the enemy was probably me. I checked the settings in the "Resident Shield" and noticed that "Check All Files" wasn't tagged. That did it! I don't know if I changed that setting from the default or not but I'll cop to it anyway.

 

With today's AVG7 update, and the required reboot, Doug's creation now passes with flying colors! False positives, they come and hopefully they go.

oops! Spoke too soon. It passes in the zipped mode, it passes when it gets unzipped. It passes when scanning the newly created folder. But it fails when the folder is opened. Born loser.

 

Downloaded Doug's Windows XP Security Console 1.43
Running AVG 7 free - Virus Database version 266.4.0 released 2-22-05

No AVG hits when scanning ...
Zip file
Folder with zip file Unzipped (folder contents / 2x files ).
Opened folder (not sure what you mean - but folder is open to view)
Scanned each file xp_secconsole.chm and xp_secconsole.exe
Although not an issue - when Doug's program loaded / run, no AVG hits.

 

Opened folder (not sure what you mean - but folder is open to view)

Hi Dennis!

I just meant to double click the folder that Winzip created so as to open it to view the two files therein. That triggered AVG7 and rendered the "Virus Detected" message.

Flaky thing though, this morning it passes all tests. Go figure. Same AVG7 database and all. It just needed some rest I guess.

 

Good Morning surferdude2

Thanks for the explanation.
It's good to know Doug's program was always clean.
It's good AVG's new virus Def's are behaving.
It's good to know you got a good night snoze!!
Keep up the good work, that's a "true positive" in anyone's def.