Searching \ for '[PIC] AVG Antivirus reporting trojan in MPLAB' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/microchip/ios.htm?key=port
Search entire site for: 'AVG Antivirus reporting trojan in MPLAB'.

Exact match. Not showing close matches.
PICList Thread
'[PIC] AVG Antivirus reporting trojan in MPLAB'
2005\11\10@160228 by Harold Hallikainen

face picon face
Today's run of AVG antivirus is reporting a trojan horse download agent
AQN in MPLAB662.zip, MPLABRegScript.exe, and MPLABRegScript.001 .

This is also being reported in an application written by a company I
contract with.

Anyone else experiencing this? Other comments?

Harold


--
FCC Rules Updated Daily at http://www.hallikainen.com

2005\11\10@162429 by Robert Rolf

picon face
How do you know that it wasn't infected while it was on your machine?
When did you download mplab622.zip? My version scans fine, but I
pulled it down more than a year ago.
R

Harold Hallikainen wrote:

{Quote hidden}

2005\11\10@163040 by Danny Sauer

flavicon
face
Harold wrote regarding '[PIC] AVG Antivirus reporting trojan in MPLAB' on Thu, Nov 10 at 15:19:
> Today's run of AVG antivirus is reporting a trojan horse download agent
> AQN in MPLAB662.zip, MPLABRegScript.exe, and MPLABRegScript.001 .
>
> This is also being reported in an application written by a company I
> contract with.
>
> Anyone else experiencing this? Other comments?

I've got some comments about "AntiVirus" programs, but most aren't
suited to public mailing lists.  It's probably sufficient to say that
I have no faith in them partially because of crap like this and
partially because somehow I've managed to use personal computers -
even Windows - for over a decade on the Internet without *ever* having
a problem with viruses and without running any kind of automatic virus
scanning/protection junk.  Maybe that's why I'm the sysadmin, I dunno.

Anyway, it's been my experience that A/V programs are right up there
with "personal firewall" programs now-a-days.  They pop up all sorts
of warnings and garbage to scare users into thinking that the
program's doing something useful so they'd better keep paying for
those upgrades "or else".  Meanwhile, they lull the user into a false
sense of security because "the program will protect me", encouraging
lax security behavior.

In this case, it's probably jsut because the A/V program uses a stupid
"if this pattern exists than it probably has a virus" detection
scheme.  Ignore it or re-download the program in question if you're
concerned. :)

--Danny, apologizing for the rant-ness of that...

2005\11\10@163932 by Dave Lag

picon face
Last nite's AVG scan deleted MPLAB (forget which ver)
I was thinkin'( no proof) maybe they got infected when they were down
recently?
D


Harold Hallikainen wrote:
{Quote hidden}

2005\11\10@164840 by Andre Abelian

flavicon
face
Harold,

Any time you see trojan in your pc it means there are lot more things are
happening in background then you think. it is time to format your pc.
to make it easier this is what I did started 5 years ago and since then
restoration takes about 20-30 minutes.

1. separate your windows from your main drive "split your drive"
2. use norton ghost create windows image and save it on DVD
3. when you need to restore boot it from ghost cd and restore your windows.

to me understanding most viruses are made by anti virus companies.
How do they know about up coming virus?
what is the point of anti virus if they can find info after virus got you.
"Keep backup of your clean windows and restore when you need it"

Andre Abelian






Harold Hallikainen wrote:

{Quote hidden}

2005\11\10@165708 by Jinx

face picon face

> Today's run of AVG antivirus is reporting a trojan horse
> download agent AQN in MPLAB662.zip, MPLABReg
> Script.exe, and MPLABRegScript.001 .

Someone mentioned that to me yesterday about MPLAB they'd
just downloaded, also using AVG I think

2005\11\10@170746 by D. Jay Newman

flavicon
face
> 1. separate your windows from your main drive "split your drive"
> 2. use norton ghost create windows image and save it on DVD
> 3. when you need to restore boot it from ghost cd and restore your windows.

The advice above I can agree with.

One additional thing: you need to be able to find the infected applications
so that they can be cleaned also.

> to me understanding most viruses are made by anti virus companies.
> How do they know about up coming virus?
> what is the point of anti virus if they can find info after virus got you.

This sounds paranoid. I have seen no evidence that the anti-virus
companies actually make viruses that are distributed.
--
D. Jay Newman           ! _Linux Robotics: Building Smarter Robots_
spam_OUTjayTakeThisOuTspamsprucegrove.com     ! To be released soon to unsuspecting bookstores
http://enerd.ws/robots/ ! everywhere.

2005\11\10@171442 by M Graff

flavicon
face
Andre Abelian wrote:

> Harold,
>
> Any time you see trojan in your pc it means there are lot more things are
> happening in background then you think. it is time to format your pc.
> to make it easier this is what I did started 5 years ago and since then
> restoration takes about 20-30 minutes.

... or the patterns in the anti-virus software is too strict and misses
the ball.  The way they fix things like this is to cause them to care;
call their tech support line every time it misses and gobbles a real
application that you can guarantee is not infected.  This costs them
money, and they will react.

> 1. separate your windows from your main drive "split your drive"
> 2. use norton ghost create windows image and save it on DVD
> 3. when you need to restore boot it from ghost cd and restore your
> windows.

Or just keep frequent backups, and don't destroy your old ones.

> to me understanding most viruses are made by anti virus companies.

No.  Saying this is like claiming people create the flu, because how
else would they know what strain is coming up?

> How do they know about up coming virus?

They have about 6-12 hours after a new virus is released to add its
signature to their detection list.

> what is the point of anti virus if they can find info after virus got
> you.

MOST people don't get the virus before they detect it.  MOST people get
it after it is already added to the infection detection list.

> "Keep backup of your clean windows and restore when you need it"

Or just don't run windows.  Bug your favorite software companies to
produce Mac or NetBSD or whatever versions.  Ironically enough, viruses
are really only a major problem on windows machines.  It USED to be Macs
were infected by just looking at them, but now they're fairly secure
while windows just seeps in insecurity and Microsoft doesn't care.  Why
should they, after all?  Why should they fix windows when they have
created yet another market of renewable subscription-based applications
like A-V software?

No, I don't think M$ intentionally makes their software insecure...  
well, actually, yes I do.  :)  If it comes down to "will it cost more
money" or "will it be more secure" which do you think they choose, until
an exploit is released?  With thousands of people out there finding
exploits in windows, why should they care about security until after the
fact?

--Michael

2005\11\10@175123 by Bob Axtell

face picon face
M Graff wrote:

{Quote hidden}

Download a copy of FPROT antivirus. I've had their service for 4 years
now, and have NEVER been disappointed. If  FPROT detects a virus, you
have a virus.  Trial is free.

M$ doesn't intentionally make their software insecure, they just don't
care, because their ability to pin their problems on everything else  
continues to  work well for them.  M$ knows that in a few months a new
set of bloated O/S will be used, which will fail in a new & improved way.

--Bob

--
Note: To protect our network,
attachments must be sent to
.....attachKILLspamspam@spam@engineer.cotse.net .
1-520-777-7606 USA/Canada
http://beam.to/azengineer

2005\11\10@215517 by Danny Sauer

flavicon
face
Bob wrote regarding 'Re: [PIC] AVG Antivirus reporting trojan in MPLAB' on Thu, Nov 10 at 16:53:
> M$ doesn't intentionally make their software insecure, they just don't
> care, because their ability to pin their problems on everything else  
> continues to  work well for them.  M$ knows that in a few months a new
> set of bloated O/S will be used, which will fail in a new & improved way.

I'm in the minority, in general, but it's my opinoin that *not*
focusing on security in applications like Internet Explorer - which
is used and trusted by lots of apps to render untrusted data - is
equivilent to intentionally making things insecure.  Ugh.

Somewhat related here, I run Linux on all of my machines.  It's what I
know and what I can personally best secure.  For Windows, I use
VMWare, and have since VMWare came out - it's a really cool system.  I
set up a virtual machine for Windows use, install a clean copy of
Windows, patch it up to current and get it the way I want it, and then
change the virtual drive to "non-persistant".  That way, I can run and
do whatever without having to worry at all - if some program decides
it needs to delete everything with the .dll extension in C:\WINNT, it
can just go ahead.  All I've gotta do is restart the virtual machine
and I'm back where I started.  If I want to install a new program, I
just let it go and see how it works - if it was fine, I'll change over
to persistant mode, install, and change back.  It's trivial to make a
copy of the virtual disk and have a clean, base install to work from
if I want to try something out, etc.  VMWare Workstation is *well*
worth the price just for that reason, never mind the ease of trying
out new operating systems, setitng up test networks, etc etc etc.  Not
really a plug, and somewhat off-topic, but it works well for me and is
a lot easer than keeping "real" backups.  Restoring any Win32 variant
from backup is a royal pain - clicking "restart virtual machine" is
easy. :)

--Danny, now two cents poorer

2005\11\10@222155 by William Couture

face picon face
On 11/10/05, Danny Sauer <piclistspamKILLspamdannysauer.com> wrote:
> Harold wrote regarding '[PIC] AVG Antivirus reporting trojan in MPLAB' on Thu, Nov 10 at 15:19:
> > Today's run of AVG antivirus is reporting a trojan horse download agent
> > AQN in MPLAB662.zip, MPLABRegScript.exe, and MPLABRegScript.001 .
> >
> > This is also being reported in an application written by a company I
> > contract with.
> >
> > Anyone else experiencing this? Other comments?
>
> I've got some comments about "AntiVirus" programs, but most aren't
> suited to public mailing lists.  It's probably sufficient to say that
> I have no faith in them partially because of crap like this and
> partially because somehow I've managed to use personal computers -
> even Windows - for over a decade on the Internet without *ever* having
> a problem with viruses and without running any kind of automatic virus
> scanning/protection junk.  Maybe that's why I'm the sysadmin, I dunno.

Since I used to write Anti-Virus software, I feel qualified to comment on
this.

Once upon a time, on a computer far, far away, viruses were written
by hand in assembly.  With only BBS and "sneakernet" distribution,
they spread fairly slowly.  This meant two things:
  1) They were compact and efficient.  You could look at a piece of
      code and know what it did.
  2) You had time to actually look at the virus and analyze it.
With these two luxuries, you could pick a signature that actually
represented the unique virus.

Nowadays, we have script kiddies using pre-packaged virus kits and
the internet.  Viruses are no longer handcrafed in assembly, they are
written using the same compilers that are used for every other piece
of software out there.  And the time between "the virus has been
created" and "the virus has spread to outer Mongolia and Antartica"
is measured in a few days at most, not months.

Even worse, they are no longer strictly "viruses", they are worms and
trojans.  If you have an open port, they can work their way in.  That
image file Grandma sent you can now infect your system (there used
to be an urban legend about a .JPG virus.  Microsoft Engineers worked
day and night to turn this dream^H^H^H^H^Hnightmare into reality.)

The end result of all this is that you have very little time to look at
a program that looks like *EVERY OTHER PROGRAM PRODUCED
BY THE COMPILER*, find out what makes it unique, and get a
signature out there to protect the world.  Sometimes you miss, and
pick a piece of code that is "standard" (such as a library call) that
is perfectly valid but uncommon, and you get false positives.

Could you have gotten an infected copy?  Yes,  but probably not.

But consider the time and irritation caused by a rare false positive
against the situation you would face without AV software anywhere:
*LOTS* of real infections, and lots more time/effort lost.

The reason you can run without AV software is because most people
*DO* use AV software, and so there are not millions of machines
acting as new centers of infection.  This why the "action" is now
in worms and trojans -- fewer people keep their machines patched
than run AV software.

Bill

--
Psst...  Hey, you... Buddy...  Want a kitten?  straycatblues.petfinder.org

2005\11\11@063453 by Gerhard Fiedler

picon face
Danny Sauer wrote:

> VMWare Workstation is *well* worth the price just for that reason, never
> mind the ease of trying out new operating systems, setitng up test
> networks, etc etc etc.  Not really a plug, and somewhat off-topic, but
> it works well for me and is a lot easer than keeping "real" backups.

How does that work with access to odd hardware, like USB-to-Serial
converters (from within the virtual Windows machine)? Or sensible stuff
like MPLAB's USB drivers for the ICD2? Do you have any experience with
this?

> Restoring any Win32 variant from backup is a royal pain - clicking
> "restart virtual machine" is easy. :)

It probably is. But then, I run here a 5 year old installation of Win2k,
24/7 connected to the internet, running some public services and also
providing some desktop functions... And if I ever should have to restore it
from backup, full images make this a pain smaller than "royal" :)

Gerhard

2005\11\11@065148 by Jan-Erik Soderholm

face picon face
Gerhard Fiedler wrote :

> I run here a 5 year old installation of Win2k, 24/7...
>
> And if I ever should have to restore it
> from backup, full images make this a pain smaller than "royal" :)

I didn't know that you could take full, image, restorable backups
from a running W2K system disk. What tools do you use for that ?

Jan-Erik.



2005\11\11@082250 by Danny Sauer

flavicon
face
William wrote regarding 'Re: [PIC] AVG Antivirus reporting trojan in MPLAB' on Thu, Nov 10 at 21:23:
> The reason you can run without AV software is because most people
> *DO* use AV software, and so there are not millions of machines
> acting as new centers of infection.  This why the "action" is now
> in worms and trojans -- fewer people keep their machines patched
> than run AV software.

Actually, it's because I don't run untrusted binaries in the same way
that I run trusted binaries, and because I don't generally run Windows
at all - just in case that was a specific "you" and not just a general
you. :)

--Danny, pretty sure that "most" Win32 machines on the Internet do not
have up-to-date AV software (or up-to-date users)

2005\11\11@111231 by Danny Sauer

flavicon
face
Gerhard wrote regarding 'Re: [PIC] AVG Antivirus reporting trojan in MPLAB' on Fri, Nov 11 at 05:44:
> Danny Sauer wrote:
>
> > VMWare Workstation is *well* worth the price just for that reason, never
> > mind the ease of trying out new operating systems, setitng up test
> > networks, etc etc etc.  Not really a plug, and somewhat off-topic, but
> > it works well for me and is a lot easer than keeping "real" backups.
>
> How does that work with access to odd hardware, like USB-to-Serial
> converters (from within the virtual Windows machine)? Or sensible stuff
> like MPLAB's USB drivers for the ICD2? Do you have any experience with
> this?

USB devices are passed-through.  I've got a USB iButton reader that
works fine, for what it's worth.  If you're talking about weird
PCI/ISA devices or things of that nature, I'm not sure because I don't
have any to test with.  However, I can tell you that the hardware is
generally virtualized - as far as I know, you can't directly access
the host machine from within a guest.  Video, networking, keyboard,
and mouse are all abstracted, but I think you can get a raw serial
device and probably parallel - if the host OS supports the port.  Now
that I think of it, I haven't tried my PS/2 CueCat.  It oughtta work,
though, since it works basically as an enhanced keyboard...

> > Restoring any Win32 variant from backup is a royal pain - clicking
> > "restart virtual machine" is easy. :)
>
> It probably is. But then, I run here a 5 year old installation of Win2k,
> 24/7 connected to the internet, running some public services and also
> providing some desktop functions... And if I ever should have to restore it
> from backup, full images make this a pain smaller than "royal" :)

Any backup is better than no backup at all, of course. :)

--Danny

2005\11\11@124844 by w d myrick

picon face
Sorry about the spelling   JAN-ERIK.


----- Original Message -----
From: "w d myrick" <.....wdmyrickKILLspamspam.....earthlink.net>
To: <EraseMEan-erik.soderholmspam_OUTspamTakeThisOuTtelia.com>
Cc: "Derward" <wdmyrickspamspam_OUTearthlink.net>
Sent: Friday, November 11, 2005 11:09 AM
Subject: Re: [PIC] AVG Antivirus reporting trojan in MPLAB


> Jan-Enk,  Take a look at ACRONIS TRUE IMAGE.  I USE 8.0 AND IT IS GREAT,
> about US $30.00.

SNIP

2005\11\11@141017 by Harold Hallikainen

face picon face
My client whose code was being identified as a virus got this from AVG today:

Dear Sir/Madam,

Thank you for your email.

Unfortunately, the previous virus database might have detected the
virus (Trojan Horse) on some legitimate applications. We
can confirm that it was a false alarm. We have immediately released the new
virus update that removes the false positive on this application.
Please update your AVG and check your files again.

If you need to restore deleted files from AVG Virus Vault you can do it this
way: open AVG Virus Vault (Start -> Programs -> AVG Antivirus -> AVG Virus
Vault). Locate the file that was removed, right click on it and choose
"Restore File(s)" option.

We are sorry for the inconvenience.


    Best regards,


    AVG Technical Support

Harold

--
FCC Rules Updated Daily at http://www.hallikainen.com

2005\11\12@100547 by Gerhard Fiedler

picon face
Jan-Erik Soderholm wrote:

>> And if I ever should have to restore it
>> from backup, full images make this a pain smaller than "royal" :)
>
> I didn't know that you could take full, image, restorable backups
> from a running W2K system disk. What tools do you use for that ?

Norton Ghost. But there are others out there, too.

Gerhard

2005\11\12@104307 by Howard Winter

face
flavicon
picon face
On Sat, 12 Nov 2005 13:04:00 -0200, Gerhard Fiedler wrote:

> Jan-Erik Soderholm wrote:
>
> >> And if I ever should have to restore it
> >> from backup, full images make this a pain smaller than "royal" :)
> >
> > I didn't know that you could take full, image, restorable backups
> > from a running W2K system disk. What tools do you use for that ?
>
> Norton Ghost. But there are others out there, too.

I like DFSee, from a countryman of Wouter's, at: http://www.fsys.nl/  It's not for the faint-hearted and it
certainly isn't a point-&-click program, but one of the (many!) things it will do is to create an image file
of a whole partition as a file, which can then be copied back to either the original or to a new location.  
You can run it from within a number of operating systems, and you can also buy or create a bootable CD.

It has a 30-day trial, but I find it's well worth the money, and I like to support independant developers.

Cheers,


Howard Winter
St.Albans, England


2005\11\13@084918 by Jan-Erik Soderholm

face picon face
> Jan-Erik Soderholm wrote:
>
> > I didn't know that you could take full, image, restorable backups
> > from a running W2K system disk. What tools do you use for that ?
>

Gerhard Fiedler wrote :
> Norton Ghost. But there are others out there, too.

Howard Winter wrote :
> I like DFSee, from a countryman of Wouter's, at:
> http://www.fsys.nl/

OK, fine.
I'm still not sure of that you could make a full, restorable
image backup from a *running* W2K system (that is,
a backup of the *currently* booted system disk). With
no system/application downtime, of course !

Preferable using tool included in the OS distribution,
not some 3'rd part tools. That's far to risky for such
important tasks as backups !

Jan-Erik.



2005\11\13@092734 by John J. McDonough

flavicon
face
----- Original Message -----
From: "Jan-Erik Soderholm" <@spam@jan-erik.soderholmKILLspamspamtelia.com>
To: <KILLspampiclistKILLspamspammit.edu>
Sent: Sunday, November 13, 2005 8:49 AM
Subject: RE: [PIC] AVG Antivirus reporting trojan in MPLAB


> I'm still not sure of that you could make a full, restorable
> image backup from a *running* W2K system (that is,

Dunno about W2K, but Ghost does a good job of making a restorable backup on
XP.  Symantic has been making it a pain with their activation which doesn't
always work right, and their totally useless support.  I had a lot of
trouble with Ghost on my wife's system earlier in the year ... had to go
back to an older version of Ghost for it to work.  When I got a new system
and had to get yet another copy, the new version works fine.  (Well, it
seems to.... I haven't actually done a restore from the new version yet).

> a backup of the *currently* booted system disk). With
> no system/application downtime, of course !

The latest Ghost does run from a running system.  Earlier versions shut down
the OS.  A pain, but in my view, a lot safer.

> Preferable using tool included in the OS distribution,
> not some 3'rd part tools. That's far to risky for such
> important tasks as backups !

Well, I agree for a lot of things.  But there are certain areas MS hasn't
gone (yet) and backup is one of them.  M$ has gotten a lot of heat,
especially in Europe, for including everything in the OS.  So they provide
minimal versions of some things essentially to provide an opening for third
party tools.  Before SP2, the firewall was in this category.  Connection
sharing before XP.  Backup is still in this category.

M$ does provide Windows Backup on the Windows CD, but it is not installed by
default.  The application isn't half bad, actually, although there is little
documentation.  However, it will not make a full image backup.

The other REALLY BAD feature of Windows backup is that each version has been
incompatible with the version before.  That means that any backups you made
in the past are useless after you upgrade.  And with Windows, sometimes an
upgrade is silently hidden in a service pack.

I do use Windows Backup for incremental backups.  Its pretty good at that,
and incrementals have a short life so the compatibility isn't an issue.  I
use Ghost routinely for full backups.  All of *my* important files are also
kept on a Samba share.  I back those up regularly too, using Zip.  Zip has
been available across many operating systems for many years,  and has always
done sensible things when crossing operating systems.  So my real archival
backups can be read by virtually any OS.  I can't restore the Windows system
from the zips, that's what Ghost is for.  And if I'm trying to do a full
system restore, compatiability isn't an issue, either.

Recovering a single file from a Ghost backup is a bit of a pain.  Sometimes
it can take a lot of swapping DVDs.  But nine times out of ten I can simply
go to my Samba share, or if the file is really old, to the Linux backup DVD.

BTW, Ghost is a wonderful thing when you want to upgrade that laptop hard
drive.  Most laptops don't support two drives, but you simply boot from the
Ghost backup DVD and restore the old image.  Ghost will restore to a
different size partition, so after the upgrade you have your old system
back, no hassles, just with a larger drive.

--McD

2005\11\13@104549 by Danny Sauer

flavicon
face
John wrote regarding 'Re: [PIC] AVG Antivirus reporting trojan in MPLAB' on Sun, Nov 13 at 08:29:
> M$ does provide Windows Backup on the Windows CD, but it is not installed
> by default.  The application isn't half bad, actually, although there is
> little documentation.  However, it will not make a full image backup.

It will make a full file backup which can restore a system from bare
metal.  It's not a disk image, but it's still a full backup that gets
you the same ability.

I never liked its incremental ability or the cataloging system,
personally, but that's just me. :)  When I was running a lot of
workstations, I'd have an image of a standard install and use profiles
stores on Samba, using rsync and hardlinks to do daily snapshot
backups of user data.  It worked very well, but is more suited for an
enterprise-type system than to a home user with just a couple of
machines. :)

--Danny

2005\11\13@115459 by w d myrick

picon face

----- Original Message -----
From: "Jan-Erik Soderholm" <RemoveMEjan-erik.soderholmTakeThisOuTspamtelia.com>
To: <spamBeGonepiclistspamBeGonespammit.edu>
Sent: Sunday, November 13, 2005 7:49 AM
Subject: RE: [PIC] AVG Antivirus reporting trojan in MPLAB


> > Jan-Erik Soderholm wrote:

<SNIP>

> I'm still not sure of that you could make a full, restorable
> image backup from a *running* W2K system (that is,
> a backup of the *currently* booted system disk). With
> no system/application downtime, of cours

I USE ACRONIS TRUE IMAGE 8.0 ALL THE TIME
AND IT DOES EXACTLY WHAT YOU STATED
YOU DID NOT THINK IT WILL DO.


> Preferable using tool included in the OS distribution,
> not some 3'rd part tools. That's far to risky for such
> important tasks as backups !
>
> Jan-Erik.
>
>
>
> --

More... (looser matching)
- Last day of these posts
- In 2005 , 2006 only
- Today
- New search...