There is a virus Trojan Agent.ATJA in the actually downloadeable file of Course Lab. Why? Anybody scan the file with an antivirus and found this trojan?
Regards[:mad:]
There is a virus Trojan Agent.ATJA in the actually downloadeable file of Course Lab. Why? Anybody scan the file with an antivirus and found this trojan?
Regards[:mad:]
|
|
|
Ladies and gentlemen!
Since all trojan reports came from AVG users we sent report to AVG tech support on the issue. Today I got response from AVG tech support on this issue (BTW, their support seems to be good[:)]). They said it is false alarm. Here is the quote:
<i>The suspicion file has been analyzed by our virus laboratory. We can
inform you that the detected file is a false alarm. This means that
the file is clean and virus-free, but AVG detects it as a virus.</i>
<i>We will release new virus update that will remove the false positive
on this application. Then please update your AVG and check your files
again. Unfortunately false alarms do appear from time to time in every
Anti-Virus software.</i>
Ladies and gentlemen!
Since all trojan reports came from AVG users we sent report to AVG tech support on the issue. Today I got response from AVG tech support on this issue (BTW, their support seems to be good[:)]). They said it is false alarm. Here is the quote:
<i>The suspicion file has been analyzed by our virus laboratory. We can
inform you that the detected file is a false alarm. This means that
the file is clean and virus-free, but AVG detects it as a virus.</i>
<i>We will release new virus update that will remove the false positive
on this application. Then please update your AVG and check your files
again. Unfortunately false alarms do appear from time to time in every
Anti-Virus software.</i>
|
|
|
I did. And I also found Trojan Agent.ATJA in the Course Lab files.
Regards
I did. And I also found Trojan Agent.ATJA in the Course Lab files.
Regards
|
|
| |
Note the last post I made on this.
Does anyone remember the last major version release of the JVM from SUN also had this problem. There were a huge number of posts reporting there was a virus in the installer. There wasn't and never had been, it was just a section of code resembling one. Sun stated this almost at once but a lot of people believed their scanners.
A case of something big yellow and black not being a tiger but a banana!!
Push this to your respective AV scanner suppliers so they can either verify or fix the fault!!!
Note the last post I made on this.
Does anyone remember the last major version release of the JVM from SUN also had this problem. There were a huge number of posts reporting there was a virus in the installer. There wasn't and never had been, it was just a section of code resembling one. Sun stated this almost at once but a lot of people believed their scanners.
A case of something big yellow and black not being a tiger but a banana!!
Push this to your respective AV scanner suppliers so they can either verify or fix the fault!!!
|
|
|
I did. And I also found Trojan Agent.ATJA in the Course Lab files.
Regards
I did. And I also found Trojan Agent.ATJA in the Course Lab files.
Regards
|
|
|
Tried to download zipped installer from site and scan it with Norton (with latest virus signature base update), Kaspersky and Dr.Web - no results. Compared file in zip-archive with original build (made on clean PC) - it is exactly the same. And there's no MSIIcon.exe in the package[:confused:].
Please let me know if the file in zip-archive has size 17 547 264 bytes and CRC32 92C0B4A0 (it can be found when opened with WinRAR, or in context menu in WinZIP).
If not, then trojan is possibly there, but it seems that it is not on the CourseLab site (by the way - was it downloaded directly from our site or through some "freesoftware directory" or similar site?).
If the checksums are the same, please let us know - we will try to solve this AVG issue.
Tried to download zipped installer from site and scan it with Norton (with latest virus signature base update), Kaspersky and Dr.Web - no results. Compared file in zip-archive with original build (made on clean PC) - it is exactly the same. And there's no MSIIcon.exe in the package[:confused:].
Please let me know if the file in zip-archive has size 17 547 264 bytes and CRC32 92C0B4A0 (it can be found when opened with WinRAR, or in context menu in WinZIP).
If not, then trojan is possibly there, but it seems that it is not on the CourseLab site (by the way - was it downloaded directly from our site or through some "freesoftware directory" or similar site?).
If the checksums are the same, please let us know - we will try to solve this AVG issue.
|
|
| |
Hi! Not zip file containing virus but CourseLab installer package (.msi file)contain file MsiIcon.exe (86 528 Bytes).
Hi! Not zip file containing virus but CourseLab installer package (.msi file)contain file MsiIcon.exe (86 528 Bytes).
|
|
| |
I've been download the file from the Course Lab Site again and AVG still alert me that there is a virus Trojan Agent.ATJA in the file. The CRC and size of the file is Ok. I have 5 pc's on my office, all of them with AVG Internet Security and with the ultimate Service Packs and antivirus definitions. One of them with Windows VISTA and the rest of the pcs with Windows XP SP3 (2 with PRO and 2 with Home Edition). (I have bought 2 pc's last week so they all evidently installed cleaned and I haven't got any malware or any unlicensed software). In all of them I have tested and download the file again and AVG alerts me too that in the CourseLab installer there is a Trojan.ATJA.[:confused:]
I've been download the file from the Course Lab Site again and AVG still alert me that there is a virus Trojan Agent.ATJA in the file. The CRC and size of the file is Ok. I have 5 pc's on my office, all of them with AVG Internet Security and with the ultimate Service Packs and antivirus definitions. One of them with Windows VISTA and the rest of the pcs with Windows XP SP3 (2 with PRO and 2 with Home Edition). (I have bought 2 pc's last week so they all evidently installed cleaned and I haven't got any malware or any unlicensed software). In all of them I have tested and download the file again and AVG alerts me too that in the CourseLab installer there is a Trojan.ATJA.[:confused:]
|
|
| | |
NG do you understand how virus scanners work??
Have you noticed that FROM THE SAME SOURCE a range of virus signatures (signature is the important word OK)are detected.
That means either there are two versions of the same file on the courselab server each with a different trojan virus OR something entirely different is happening.
Virus scanners are reactive, that is they look for things that they know. For the things they don't know thwy rely on a HEURISTICS ENGINE which works on the principle that viruses will usually use certain "tricks" or methods of infecting a PC, and therefore if a program looks like it MIGHT be using those tricks, there is a possibility that the program might be a virus. An aggressive heuristics engine will raise lots of FALSE POSITIVE results.
I'd suggest you try this on a PC.... As these hits are for a KNOWN virus payload they will be in the scanners database so it is perfectly safe to switch off the heuristics engine and rescan the file. If it reports it clean then rescan with the heuristics on. If there is no virus found with heuristics off, but is detected with the heuristics on then what you have is a fragment of code that looks like something else. For example it writes to a file in a certain way, or writes changes to a file or registry value(s). Unfortunately virus coding is very efficient so you are likely to find the same code sequences in use in many innocent pieces of software and they often need to add or change the same files or registry values to work.
********
If you got the file from the courselab site the submit it to AVG or whoever makes your scanner and they will check it make sure the false positives are fixed in an update sometime.
NG do you understand how virus scanners work??
Have you noticed that FROM THE SAME SOURCE a range of virus signatures (signature is the important word OK)are detected.
That means either there are two versions of the same file on the courselab server each with a different trojan virus OR something entirely different is happening.
Virus scanners are reactive, that is they look for things that they know. For the things they don't know thwy rely on a HEURISTICS ENGINE which works on the principle that viruses will usually use certain "tricks" or methods of infecting a PC, and therefore if a program looks like it MIGHT be using those tricks, there is a possibility that the program might be a virus. An aggressive heuristics engine will raise lots of FALSE POSITIVE results.
I'd suggest you try this on a PC.... As these hits are for a KNOWN virus payload they will be in the scanners database so it is perfectly safe to switch off the heuristics engine and rescan the file. If it reports it clean then rescan with the heuristics on. If there is no virus found with heuristics off, but is detected with the heuristics on then what you have is a fragment of code that looks like something else. For example it writes to a file in a certain way, or writes changes to a file or registry value(s). Unfortunately virus coding is very efficient so you are likely to find the same code sequences in use in many innocent pieces of software and they often need to add or change the same files or registry values to work.
********
If you got the file from the courselab site the submit it to AVG or whoever makes your scanner and they will check it make sure the false positives are fixed in an update sometime.
|
|
| |
Not a thing on the copy of the install msi current and older versions on my PC or laptop either.
Scanned with AVG, McAfee and Norton
Not a thing on the copy of the install msi current and older versions on my PC or laptop either.
Scanned with AVG, McAfee and Norton
|
|
| | |
My firewall is blocking the dl from both the main site, and alternate site due to Agent.BCCC Trojan. The firewall is a sonicwall TZ190 with the gateway av service installed. I am currently downloading it outside of the fw and am going to run a few tests on it to see if it is just a false positive, or ...
My firewall is blocking the dl from both the main site, and alternate site due to Agent.BCCC Trojan. The firewall is a sonicwall TZ190 with the gateway av service installed. I am currently downloading it outside of the fw and am going to run a few tests on it to see if it is just a false positive, or ...
|
|
| | | |
Sounding more like the heuristics finding something that 'looks like'.
Bear in mind that there is ONLY the main site for downloads. Any alternative is going to be outside of the Courselab teams control and so can't be assured free of anything.
Sounding more like the heuristics finding something that 'looks like'.
Bear in mind that there is ONLY the main site for downloads. Any alternative is going to be outside of the Courselab teams control and so can't be assured free of anything.
|
|
|
It's more than likely that its just a file signature and the heuristics are interpreting a line or block of code as a virus signature.
The heuristics are there for when something new pops up that uses some lines of code the look like a known virus. Being as most of these things are mods of previous versions its a reasonable way to go to trap new variations.
So it is more than likely there's a block of code in courselab that 'looks like' it's something else. Often this wil be something like sending a message off to a remote IP address, changing some particular registry settings or similar.
If it does worry you then have your virus scanner fix it, the install probably won't work after that though.
It's more than likely that its just a file signature and the heuristics are interpreting a line or block of code as a virus signature.
The heuristics are there for when something new pops up that uses some lines of code the look like a known virus. Being as most of these things are mods of previous versions its a reasonable way to go to trap new variations.
So it is more than likely there's a block of code in courselab that 'looks like' it's something else. Often this wil be something like sending a message off to a remote IP address, changing some particular registry settings or similar.
If it does worry you then have your virus scanner fix it, the install probably won't work after that though.
|
|
| |
Today, I have installed Course Lab in other machine with AVG and the antivirus delete a file that comes with CourseLab that is a trojan (MSIIcon.exe) identified as trojan Agent.ATJA [:mad:][:mad:][:mad:]
Today, I have installed Course Lab in other machine with AVG and the antivirus delete a file that comes with CourseLab that is a trojan (MSIIcon.exe) identified as trojan Agent.ATJA [:mad:][:mad:][:mad:]
|
|
| |
Which AV are you using??
Just out of interest and a bit of a warning to others I've just spent a few hours fixing VISTA after Norton 360 corrupted the registry on a friends laptop. There wer BSD's, failure to install updates and a big range of errors (10 different ID signatures) some which MS didn't even list :(
It usually happens after installing SP1 on VISTA or SP3 on XP. Not all systems are affected but when they are it's a real pain to sort out.
MS and Norton suggest reformat and install from a clean drive.
Nice solution I don't think.
Which AV are you using??
Just out of interest and a bit of a warning to others I've just spent a few hours fixing VISTA after Norton 360 corrupted the registry on a friends laptop. There wer BSD's, failure to install updates and a big range of errors (10 different ID signatures) some which MS didn't even list :(
It usually happens after installing SP1 on VISTA or SP3 on XP. Not all systems are affected but when they are it's a real pain to sort out.
MS and Norton suggest reformat and install from a clean drive.
Nice solution I don't think.
|
|
| | |
My antivirus is AVG Internet Security.
Regards.
My antivirus is AVG Internet Security.
Regards.
|
|
