PDA

View Full Version : AVG detected a trojan in sb server - false positive?



discocarp
2010-03-19, 05:05
This morning I booted up to AVG detecting "Trojan horse Dropper.Agent.RGJ" in squeezeboxcp.exe and scanner.exe. I moved them to the virus vault, scanned my entire machine (it's clean), uninstalled squeezebox server, and redownloaded and reinstalled the server. Same result. AVG flagged the new download with the same trojan.

This is my work machine, and I am RELIGIOUS about security on it and rarely download anything at all, don't run attachments, the works. I suspect a false positive. I submitted the "infected" files to AVG as a possible false positive. Is anyone else with AVG getting this problem?

mherger
2010-03-19, 05:45
> Is anyone else with AVG getting this problem?

Yes, there have been other reports of this, and only for AVG. Thus I'd imagine it's a false positive. Thanks for supplying the file to AVG for testing.

discocarp
2010-03-19, 06:56
This e-mail is an auto-response message. Please do not reply.

AVG Research Lab has analyzed the file(s) you have sent from your AVG Virus Vault. Below you can find the results for each file. The final verdict on the file is either a correct detection or a false positive detection.

Further information about the verdicts are available at our website:
http://www.avg.com/faq-1184

"C:\Program Files\Squeezebox\server\scanner.exe" - detection is correct


Best regards,

AVG Customer Services
AVG Technologies
website: http://www.avg.com


Bolding is mine. REAL helpful there AVG...

Mnyb
2010-03-19, 10:20
Bolding is mine. REAL helpful there AVG...

Like a chinese extension cord someone found, labeled for "outdoor and indoor use only" ;)

gcurrie
2010-03-19, 12:08
I actually read the AVG response a little differently. Everything above this line:

"C:\Program Files\Squeezebox\server\scanner.exe" - detection is correct

is boilerplate. The line itself indicates that AVG considers the file to be ACTUALLY infected by a trojan.

Which would mean that they are NOT going to remove it from their database, and this will continue until Logitech and AVG have a conversation.

haxter1
2010-03-19, 13:38
I had the same issue. Three of them and was finally able to move them to the vault then delete them.

RDK
2010-03-19, 14:22
I had the same issue. Three of them and was finally able to move them to the vault then delete them.

Had the same issue pop up for the first time this morning. But doesn't deleting the 3 SB programs mean that you can't run the program anymore?

haxter1
2010-03-20, 06:00
After this I have another problem with my Transporter. It plays fine using my CD player but when I try to play something through Squeezeserver I get no sound but Squeezeserver on my computer works ok. I also get the listing of what I am playing on the Transporter. After trying to reconfigure settings on the Transporter the display read "Ran out of decoder memory". Can anyone help me rectify this problem. Could this be a viral infection too?

haxter1
2010-03-20, 06:05
I would add to my preceding post that the VU meters do not work at all.

avta
2010-03-20, 09:54
I'm running Mac OS 10.6.2 and did a full scan using Clam Xav and did not find any virus files.

Mnyb
2010-03-20, 10:37
I would add to my preceding post that the VU meters do not work at all.

But you have deleted core files in squeezeboxserver of-course it does not work anymore .
The files in the vault was important for squeezeboxserver they where not viruses ? This IS the problem AVG falsly flag these files as viruses

haxter1
2010-03-20, 15:43
>But you have deleted core files in squeezeboxserver of-course it does not >work anymore .
>The files in the vault was important for squeezeboxserver they where not >viruses ? This IS the problem AVG falsly flag these files as viruses


I can understand how I became a victim of this. I have been using AVG since I purchased the Transporter. Is there a solution for this. Can the files be replaced?

avta
2010-03-21, 18:45
Why not delete your current Squeezeserver software and download a new version ?

squeezeboxUser
2010-03-22, 04:05
Bolding is mine. REAL helpful there AVG...


I sent the three files to AVG the same day and today received a somewhat different response:



Dear Sir/Madam,

Thank you for your e-mail.

Please let us inform you that the sample attached to your previous e-mail is virus-free based on the analysis.

Unfortunately, the current virus database version may detect the mentioned virus on some legitimate applications. We can confirm that it is a false alarm. We would like to inform you that the false positive will be removed in the next Definitions update. Please update your AVG and if a new Definitions update was downloaded, check whether the file is still detected.

Please note that the updates are uploaded every 4 hours to the update server. We would appreciate your kind cooperation to at least try to update for another 24 hours. Should the issue still persist, please kindly contact us and we will proceed to look into the matter once more.

We truly apologize for any inconvenience caused.

Thank you for your cooperation. It is much appreciated.

squeezeboxUser
2010-03-22, 04:08
>But you have deleted core files in squeezeboxserver of-course it does not >work anymore .
>The files in the vault was important for squeezeboxserver they where not >viruses ? This IS the problem AVG falsly flag these files as viruses


I can understand how I became a victim of this. I have been using AVG since I purchased the Transporter. Is there a solution for this. Can the files be replaced?

You can go to the Virus Vault (in my version of AVG, History -> Virus Vault) and - assuming the files are still there - click each one in turn and click the "Restore" button.

haxter1
2010-03-22, 11:26
I did delete and then reinstall it. That solved the problem with the VU meters but I now get on the display, "No decoder memory left". Could this be a hangover from the AVG problem or too much music on the Transporter. All of my music is on an external hard drive (1TB) and only 25% full. To the best of my knowledge there is nothing stored on the Transporter.

Thank you for your help. Any other advice that you can offer me would be most helpful.

Phil Leigh
2010-03-22, 11:47
What format are your music files?

Phil Leigh
2010-03-22, 11:51
You need to force a system reset of the TP firmware to clear that error message.

haxter1
2010-03-22, 16:04
All of my files are either FLAC or mp3.

How do I do a "forced system reset"?

Again, thanks for the help.

Phil Leigh
2010-03-22, 23:58
All of my files are either FLAC or mp3.

How do I do a "forced system reset"?

Again, thanks for the help.

1) Xilinx reset:
* Disconnect the power
* Press and hold "1" on the remote
* Reconnect the power
* Release the "1" button when you see "Programming xilinx" on the screen

2) Factory Reset:
* Disconnect the power
* Press and hold "Add" on the remote
* Reconnect the power
* Release the "Add" button when you see "Factory reset..." on the screen
(reinstall latest firmware after this step)

If this doesn't work you need to contact Support

haxter1
2010-03-24, 12:07
Thank you avta & Phil. All seems to be all ok now.

Edj11
2010-03-24, 15:39
If you guys doubt if you have an virus, upload your to program (file) to http://www.virustotal.com and it will be checked with 30+ scanners.
It's much easier then to make an decision if it's a false alarm or not.