AVG detected the BackDoor.Generic5.FOP Trojan when I attempted to run AstroMenace.
After healing the file, the game will NOT open because it says it is not registered. But it will NOT open to allow you to register it.
What is going on here folks? It seems this one slipped thru. Unfortunately, AVG does consider this a REAL threat. It will NOT allow access to the file at all.
Any ideas that do not involve shutting off my scanner?
AstroMenace Trojan
(15 posts) (8 voices)-
Posted 17 years ago #
-
Weird. I use AVG 7.5 with definition database: 268.18.5/707 and I don't get any alerts.
Posted 17 years ago # -
Hello,
I just noticed your post PapaSmurf so I checked the folder that AstroMenece is in, with
AVG 7.5 with the same definition database as tjchan and this is what it found: Threat Detected, C\programFiles\AstroMenace\Registation.exe, BackDoor.Generic5.FOP Trojan. For some reason AVG did not detect it when I installed the game.
So I started checking out BackDoor.Generic5.FOP and when I Googled it, I did not get any hits, so I went to Grisoft's site and used their virus encyclopedia and it came up with 9 differant BackDoor.Generic files, and none with the file extension .FOP. Is this particular file a false positive? With so many variants of these types of things floating around and more created every day, I certainly do not know.
I have used AVG for over 2 years now, and maybe I have been lucky, I have not gotten any false positives before, and the program has picked up on many nasty varmints along the way. So I have grown to trust the AVGs opinion on certain files I have placed on my computer, and for me it is a NO BRAINER, quarantine, then delete, delete, delete.
Oh well, I did not realy like the game much anyway.
Be careful out there,
BarryPosted 17 years ago # -
It was definitely a false positive. I use AVG and several other AV programs for both real time and on demand scanning. There are also many online scanners (supposedly with up-to-the-minute signature databases).
It is always handy when I get a "hit" on a file that "shouldn't be infected" that I run it by a few other scanners - just to check. False positives are a fact of life and more often than not - sending the file to the AV company means that over the next update or two - the file will no longer be detected as infected.
Your Antivirus software is really only a guide with rules that are written by normal people who can make mistakes. Sometimes viruses can slip through (hopefully rare) and sometimes they get false positives (thinking it's a virus when it's not).
No antivirus is 100% right all the time - but without it you are pretty sure of being 100% wrong all of the time.
Posted 17 years ago # -
Hi,
I am sorry, but I am realy not convinced, that this file is a false positive. Why would Viewizard use a Backdoor type file in their Registation.exe anyway? They had to know that Anti Virus programs would flag it, wheather it is a false positive or not, and I see, after reading the many comments and the posts about this software, not only AVG flagged it, but other Anti Virus programs found it as well.
I have no idea if all Backdoor type files are Trojans, but this is the description that Emsi Soft the makers of A-Squared malware detector has to say about them, and they have thousands of different Backdoor type files in their malware data base:"The term Backdoor describes a specific group of Trojan Horses. As Trojans, they are not able to spread itself to other computers. Backdoors allow attackers full control over the victim's PC. Mostly they are split into 3 parts:
1. Server
The part which is put on the victim's PC and takes control over the PC.
2. Client
A little program used by the attacker to connect to the server and control the computer.
3. Editor
An additional tool to create the server program. It allows the attacker to create an unique server and allows him to set all options and rules for the server."Yikes! I would not want any file with "Backdoor" attached to it, in my computer, unless I had absolute proof that it was not a trojan. I can not find any information either way about this file. I certainly would not shut my Anti Virus program down to let it in.
Have a good day,
BarryPosted 17 years ago # -
I will not try to convince you otherwise - as clearly it is safest for you to not use any software that you do not understand or trust. (And the fact you mention that you don't even like the game, it would be pointless to try).
It will certainly do no harm to refuse to install software that is reported as infected by your antivirus - and for you, this is probably a very good practice. It is your computer and you naturally decide what gets installed etc.
My point to posting is to perhaps provide some additional information to others on steps, that can be following to provide additional information so you can proceed with confidence (both for this product and all the products in the future that will report a mysterious virus infection).
IT security, intrusion detection, asset protection, and disaster recovery are areas I have worked in for many years - and having correct and current information is extermely important. As such, I encourage anyone to seek out information from multiple credible sources. Do not believe everything you hear, and as is often the case with computers, there are always people with half the story teaching it as gospel (often without any agenda or bad intent - simply trying to help).
The following talks about how someone can get an "impossible virus" or "false positive"
http://www.thenakedpc.com/articles/v04/16/0416-02.htmlor just hit google for some relevant background information
http://www.google.com/search?q=antivirus+false+positive+occurWhat to do when you suspect a false positive using AVG (and false positives explained... again).
http://forum.grisoft.cz/freeforum/read.php?4,92032,92070#msg-92070There are a number of free online virus scanners - so you can scan individual files using a wider variety of engines and signature files to assist in confirming the presence of virii/trojans/malware etc.
The easiest to use (which submits the file to most engines) is
http://virusscan.jotti.org/As you should see from the results (in this case) only 4 of the 16 products think that the file might be infected - and even they cannot agree with each other, each having a guess at a different possible infection.
This definitely looks like a false positive. I submitted the file to AVG just to be sure, and that their signatures will be updated to reflect the fact, should they agree with the findings of the other 75% of the products.
I hope the above helps some people and provides a little insight into the steps that can be taken to follow up a unusual virus or trojan report. The most important thing is not to panic and remember with legit software downloaded from reputable sources - in a vast majority of cases I have seen over the past 20 years, false positives are a fact of life.
Posted 17 years ago # -
I initially got a trojan virus alert from AVG Free 7.5. People have been saying it is a false positive but I'm not so sure. AVG has removed the registration.exe file. I have uninstalled the game and removed the folder it was installed in. I have tried doing a system restore using several different times before the game was installed and it failed every time. I'm doing a restore since AVG has twice now popped up an alert about that same virus after I have used AVG to remove it and after I have removed the game. The alert pops up on my screen very briefly when I am working on other things and it disappears before I can do anything about. Did the virus infect my system restore? I rescanned my computer using AVG and have not found any signs of the virus. Any thoughts or help on the matter? Thanks!
Posted 17 years ago # -
Quite simply - Uninstalling and deleting the game didn't remove some of the files in the system restore points. That's just how system restore interacts with antivirus (and other system software).
It's not spreading or slowly eating away at your computer from the inside - there is nothing sinister going on, and the sky is not falling.
This behaviour is common to all antivirus products and how System Restore works:
During a restoration, an active antivirus program scans for infected files. If the antivirus program detects any infected files, the antivirus program tries to modify, move, or delete the infected files. If the antivirus program successfully cleans the infected files, System Restore restores the cleaned files. However, if the antivirus software cannot clean a file, the antivirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state. As a result, System Restore reverts to the state immediately before the restoration.
Signature files for antivirus programs are updated as viruses become known. As a result, a restoration that did not work several days ago might succeed after the antivirus program is updated. However, if you undo and retry a restoration to a point that succeeded before, the restoration may not work if a new signature or definition detects a virus that the antivirus program cannot clean on a backed-up file.
http://support.microsoft.com/kb/831829
http://www.tech-recipes.com/windows_tips8.htmlThe above articles also explain how to fix this.
For a more complete FAQ on XP system restore (for those who view "system restore" as a form of "black magic")
http://www.microsoft.com/technet/prodtechnol/winxppro/plan/faqsrwxp.mspxI hope that helps.
Posted 17 years ago # -
Hi,
Bubby, thank you for giving us those links, a lot of very interesting reading, and I will agree that these files found in various softwares given out here are probably false positives. but unfortunatly PROBABLY is not good enought for me. In those links there is some very good advice given by people that seem to know what there writing about, on how to handle false positives, I will give you 3 quotes:
The moderator at AVG forum, rdsok:
"That would make it a false positive.... its a regular file that gets misidentified as a malware and its very common with antivirus programs but its better to be safe and wrong than sorry and infected."
Good advice.
Stephen J. Bigelov:
"False positives occur when a file contains an actual trace of viral code. In rare cases, some files may contain code sequences that are close enough to an existing signature to be mistaken for an actual virus. Obviously, this requires a little common sense on the part of a PC user. When a new antivirus tool reports a virus in a file or program that you've been using successfully for years, chances are that it's a false detection. When a virus is detected in a new file, however, your best course is simply to quarantine the suspect file or delete it outright.
The best strategy is to treat every virus report seriously and take the appropriate steps to isolate the suspect file or remove it from your system. When it comes to viruses, it's better to err on the side of caution."
Great advise, more or less what I do.
Mary landesman:
"Repeated warnings that are erroneous cause the same effect as the boy who cried wolf. If too many false positives occur, when a legitimate warning is presented, users may disregard it. For this reason, it is important to determine the reason for the false positive."
I love that analogy, and it brings me to my point, there has been a lot of "crying wolf" latly on this site, and one of these days if people are not careful the "wolf" is going to be at the door. Telling people to shut of their Virus detectors, without giving any proof, like I sent this file in to have it anilized by XXX company and here are the results, gives me the willys. I am sorry, but I will not take just anybodys word that these files are safe, unless they show me some proof or I have investigated these files myself, and they come up 100% clean.
A lot of the software offered here, in my opinion, is mediocre at best, and unless I realy want the software, like AstroMeanace, I will not spend the time to track down wayward files. Every once and a while GOTD offers a real Gem for software, and everyones taste on what that Gem is, will be different, and that is what makes this site so much fun, and brings them back day after day. What will happen to this site if one of these "false positives", is really not, and 100s or maybe 1000s of computers are set up to be hacked? Who is going to panic then? I think it will be GOTD.
A solution might be, to set up a category in this forum, where people can subbmit their antivirus findings, and have a expert on these type of things, give them actual proof that these files are safe or not. Would anyone agree with me on this? Personaly I would not want anything to happen to this site, and a mass infection, would have devistating consequences to GOTD.
Have a great day,
BarryPosted 17 years ago # -
Barry,
As I stated in my previous post:
I will not try to convince you otherwise - as clearly it is safest for you to not use any software that you do not understand or trust. (And the fact you mention that you don't even like the game, it would be pointless to try).
It will certainly do no harm to refuse to install software that is reported as infected by your antivirus - and for you, this is probably a very good practice. It is your computer and you naturally decide what gets installed etc.
And to put the minds at rest, of those who are worried by the talk of 1000's of computer that might have been set up to be hacked, by attempting to register this game. I received the following confirmation email:
Dear Sir/Madam,
Thank you for your email.
The AVG virus detection on the "Registration.exe" file you sent us for an
analysis was a false positive. It was already fixed by AVG Virus base update.
Please just update AVG to the latest Virus base version (268.18.7/710).Please accept our apologies for the inconvenience.
Thank you for your understanding.
Best regards,
Robin Hornicek
AVG Technical SupportBut yet once again - let me say - nobody is forcing you to install software (even if it is free) - if you don't like it, don't understand it, or get a report that your antivirus believes something might be wrong with the files - the choice is always yours to proceed as you choose. If you don't have the knowlege, time, or inclination to follow possible issues up, just move on.
Tomorrow is another giveaway.Posted 17 years ago # -
Hello,
Thank you, BuBBy, for posting your response from AVG, most reassuring, but I think this is the type of response we need on the day of the download, when all the Virus alerts are going off. A response with a little proof , not speculation.
We dodged the bullet this time, and I am very happy for that, the next time, we might not be so lucky.
I have to stick with the experts on False Positives when they say “its better to be safe and wrong than sorry and infected”.
Have a good one,
BarryPosted 17 years ago # -
I also use AVG and nothing popped up for me. But strangely today, Ad-Aware only on one of my computers popped up a virus found at:
C\Program Files\AstroMenace\Registation.exe
Weird neither AVG or Ad-Aware is detecting the same file on this laptop. And yes, I have read the above saying it is a false positive. But I just wanted to let you all know.
Posted 17 years ago # -
Thanks BillW50. I'll check it out myself with my malware programs:
PrevX
Adaware Plus
F-SecurePosted 17 years ago # -
I too have firewalls, anti virus,,,,spyware detectors,,,,I run cleaners,,,,system defragers,,,...registry cleaners...icon and shortcut detectors...I find very little if any giveawayoftheday problems.....I look at every download...I make an informed....(I Look) decision....I download when I want to try an app.....I have a "sandbox" type program I use....but have never had a program from gaotd cause any problem....Over one half my harddrive belongs to gaod...
do your homework and rejoice in the free software given here....You'll not get a chance at this anywhere more secure....Posted 17 years ago # -
If it is any consolation - with all the scanner-fragger-anti-mal-whatsit-blocker-firecleaners at the end of the day - the biggest risk to your data, privacy and programs is you.
Human error factors as the number one cause of data loss or security issues.
Sure having all the other stuff is really important, and to some extent it is very useful in protecting us from ourselves, but the minute you start to feel like a gold bar inside Fort Knox - just remember - the biggest risk (statistically speaking) is still in the wild, and is probably sitting at your computer at this very moment. (cue. Jaws Theme)
This holiday season if you are going to be out on the superhighway, don't drink. If you have a friend who has been drinking, don't let them drive - take away their mouse. ;)
Posted 17 years ago #
Reply
You must log in to post.