AVG finds PSW.Banker.ASO trojan in all my DELL executables?

[JB]

I am using AVG. During the scan today it says that I have
the PSW.Banker.ASO trojan virus in about 75 files.
The files are all the FILENAME.EXE from my DELL
"Drivers and Utilities" CD-ROM, and also from DELL
driver updates that I downloaded from their website.
Something doesn't seem right.

I went to the DELL web site and downloaded one of the
files that AVG deleted. As soon as the download was
complete AVG popped up saying that it was infected by
PSW.Banker.ASO trojan virus.

Is it possible that DELL is distributing software that
has viruses and they do not even know about it?

Or is AVG giving a false positive on these files?

 

[Dave Cohen]

When I was evaluating AVG vs AVAST, AVG flagged a problem on a very old file
that was part of a dos mouse development package. It was a case of overly
agressive heuristic analysis I imagine.
Dave Cohen

 

[David H. Lipman]

From: "JB" <[email protected]>

| I am using AVG. During the scan today it says that I have
| the PSW.Banker.ASO trojan virus in about 75 files.
| The files are all the FILENAME.EXE from my DELL
| "Drivers and Utilities" CD-ROM, and also from DELL
| driver updates that I downloaded from their website.
| Something doesn't seem right.
|
| I went to the DELL web site and downloaded one of the
| files that AVG deleted. As soon as the download was
| complete AVG popped up saying that it was infected by
| PSW.Banker.ASO trojan virus.
|
| Is it possible that DELL is distributing software that
| has viruses and they do not even know about it?
|
| Or is AVG giving a false positive on these files?

Please submit samples to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against 18 different AV vendor's scanners.

This will help identify if this is a False Positive declaration on AVG's part.

Please post back the EXACT results.

 

[JB]

When I was evaluating AVG vs AVAST, AVG flagged a problem on a very old file

that was part of a dos mouse development package. It was a case of overly
agressive heuristic analysis I imagine.

This does not help any. What to do? Contact AVG? Dell?
Configure something? Please, give me a solution, not just comments.

 

[Ron Reaugh]

I am using AVG. During the scan today it says that I have
the PSW.Banker.ASO trojan virus in about 75 files.
The files are all the FILENAME.EXE from my DELL
"Drivers and Utilities" CD-ROM, and also from DELL
driver updates that I downloaded from their website.
Something doesn't seem right.

I'm seein that also on Dell downloaded fixes.

 

[Ron Reaugh]

I'm seein that also on Dell downloaded fixes.

Now, TrendMicro's Housecall 6 has also identified one of those Dell files
as a virus. WOW maybe Dell does have a major problem.

 

[Conor]

Now, TrendMicro's Housecall 6 has also identified one of those Dell files
as a virus. WOW maybe Dell does have a major problem.

Or non at all. NOD32 flags up XPlite as one...they even have a
statement in the readme.txt (XPLite) saying it will.

 

[adams_gomez]

I have just contacted GriSoft to alert them to this. As I am using the
free version they are ignoring me. Anyone using the paid version who
wants to tell them?

 

[JB]

Just downloaded an update from AVG and tested one
file and it no longer reports a virus. Perhaps they
fixed it. Will try all the other files too now.

 

[David H. Lipman]

From: "JB" <[email protected]>

| Just downloaded an update from AVG and tested one
| file and it no longer reports a virus. Perhaps they
| fixed it. Will try all the other files too now.
|

Did you submit the suspect file(s) to Virus Total as I requested to help verify a False
Positive declaration ?

 

[JB]

Yep, their update fixed it. I just finished a complete
scan and no viruses. Glad that AVG has that restore
file from the virus vault function.

So make sure you get all the updates.

 

[adams_gomez]

Bit tricky to submit the file to Virus Total as its a 14MB file which
blows their limit.

 

[David H. Lipman]

From: <[email protected]>

| Bit tricky to submit the file to Virus Total as its a 14MB file which
| blows their limit.

Then it is not the infector but the results of an infector.