AVG Antispyware false positive?

[Guest]

My AVG scan today picked up what it called "Worm.Fujack.ac" in C:\Program
files\WinRAR\Default.FSX.

I'm pretty sure this is a false positive. Googling 'Fujack.ac' brings up a
little rash of forum posts, all related to AVG during the last couple of
days, discussing the same detection. The online multiple scanners are too
busy to test the file at the moment, but I'll check it out when they settle
down a bit.

Anyone else out there with AVG AS and WinRAR getting this?

 

[Guest]

My latest update from AVG also found something :Trojan Horse
Downloader.small.57.ba and T.H. Small.2.ab . Just left the forum and other
people are just starting to talk, but no answers yet that i saw. Ron

 

[Guest]

oops, my AVG-AV found my problem not my AVG-AS. Scanning now with AS, I'll
see if anything shows up.

 

[Guest]

Alan a full scan found only cookies.

 

[Robinb]

same here-two computers- only found cookies
robin

Alan a full scan found only cookies.

 

[Robinb]

Alan, send the file to AVG and they will check it out.
I just had one last week and i sent it to AVG
they told me it was a false positive after (it showed up as a registry file)
I sent them that part of my registry and told me they would fix it in their
next updates.
robin

 

[Guest]

Alan, send the file to AVG and they will check it out.

Done that this morning, Robin. I also scanned the quarantined file at
virustotal and they all found nothing (including Ewido, so AVG may have
already fixed it).

As a general point - maybe you or someone else can tell me Robin? When a
file is quarantined, is it changed or 'sterilised' in any way? It seems odd
that I can simply attach it to an email and send it off to AVG if it had
really been infected. If it really were infected, wouldn't the email
antivirus checker prevent me from sending it?

Similarly, the file I sent to Virustotal was the quarantined file. (It
seemed daft to release it first). Is that the right thing to do?

 

[Guest]

Alan a full scan found only cookies.

Thanks Ron. Do you have WinRAR installed, though? It seems to be a
particular WinRAR file that may be triggering the AVG scanner.

 

[Guest]

Alan, don't use WinRAR but you ask a question that bothers me to. I feel that
when a program quarantines a file it renders it useless untill you restore or
delete it by the program that quarantined it in the first place. So i would
think by sending a quarantined file for a scan your sending a encrypted file,
useless for a malware scan. I've sent 3-4 quarantined files in the past and
they have come back neg. only to find out they were f.p.'s later. But if i
need to i won't quarantine so fast and then check and see. This is what i
think and i'm open for correction if i'm wrong.

 

[Robinb]

just like an virus, when it is quarantined it basically means a "bubble" is
placed around it and it cannot spread its venim anymore. It is basically
taken out of commission. You can still send it off in an email, it is only
quarantined on your computer. The anti virus/malware program will not allow
you to open it but it does allow you to email it. (where you are sending it
ie a virus check company, etc- I am sure they have mega protection up when
they receive these files)
If it is a false positive (and you know that for a fact) you can take it out
of quarantine and it goes back to where it came out of.
Sometimes the OS or a program actually needs that file to work so when you
quarantine it you might have problems with your OS or the program. the best
thing is to see what happens on your computer to see what starts to act
funky.
Also once in quarantine the best practice is to do a search and see if
anyone knows of a cleaner to clean the file. Some virus protections if they
cannot clean it they just quarantine it and you need to do some
investigating on the internet to find a way to actually clean or replace
this particular file.
In this case you can actually send it to AVG through your program.
I know you have the suite but in there in "Help"/Technical Support and read
on how to send a file to AVG. If you are not sure how to send it you can
just send them the path and they will explain how to send it to them.
robin

 

[Guest]

Robinb, Thank you for that. enjoy what i think is going to be a very busy day
for you.

 

[Guest]

Alan, don't use WinRAR

If this is a false positive, as seems likely, AVG is being misled by one
particular file which is part of WinRAR. If you don't have WinRAR installed,
you won't get the fp.

So i would
think by sending a quarantined file for a scan your sending a encrypted file,
useless for a malware scan. I've sent 3-4 quarantined files in the past and
they have come back neg. only to find out they were f.p.'s later.

Not sure what you mean here, Ron. If they really were false positives than
they would indeed came back negative from the online scanners. Or did you
really mean you found out later that they were actually infected, even though
the scanners said the quarantined files were clean?

 

[Guest]

just like an virus, when it is quarantined it basically means a "bubble" is
placed around it and it cannot spread its venim anymore. It is basically
taken out of commission.

What I was unsure about is whether the file is temporarily 'scrambled' in
some way under quarantine, so that - as Ron wonders also - if the quarantined
file is scanned, it will come up clean anyway because of the scrambling.

If it is a false positive (and you know that for a fact) you can take it out
of quarantine and it goes back to where it came out of.
Sometimes the OS or a program actually needs that file to work so when you
quarantine it you might have problems with your OS or the program. the best
thing is to see what happens on your computer to see what starts to act
funky.

No great loss. In this case I know the file is part of WinRAR - which, if
necessary I could just uninstall. I think I only ever used it once.

 

[Robinb]

lol, that depends on when MS sends out these security updates (and what it
did or did not to others)- so far i have not seen them on any of the 6
computers i have here now.
My day will prolly be busy tomorrow when i am sure i can put them on with no
problems
robin

 

[Guest]

Alan, like you i sent quarantined files to who i think was Virustotal (don't
remember) and the responce was the files were clean. They were clean because
days later i read in a forum that they were F.P.'s. Now my question is what
if the files were infected and i sent the quarantied files to Virustotal,
would they be able to find that the files are infected after the quarantined
process from the AV or AS program. I would like to know how the file is
altered to protect your system and is it now being protected from an online
scan. Is there a difference between sending a file that has been quarantied
and a file that hasn't been quarantied yet ?

 

[Guest]

I would like to know how the file is
altered to protect your system and is it now being protected from an online
scan. Is there a difference between sending a file that has been quarantied
and a file that hasn't been quarantied yet ?

Yess. That, in a nutshell, is what I'd like to know too.
Can anyone tell us, please?

 

[Guest]

Alan, send the file to AVG and they will check it out.

Just heard from them - it was a false positive, and today's update has fixed
it.

 

[Robinb]

see?
robin

Just heard from them - it was a false positive, and today's update has
fixed
it.

 

[Guest]

see?

Yes. Of course Muggins, here, released the file before updating AVG, and
thereby set off all the alarms again!