You are not logged in. Please login or register.
Hi, I'm downloading the LAN driverpack though I'm being told by Avast that the download contains Win32:Trojan-gen and thus aborts the download. Is this a known false-positive or is there something else amiss here?
Thanks in advance
Marko
It is known now 
...
Thanks for reporting!
Welcome to DriverPacks and have a great day.
PS which definition version gave the false positive... (date/ver)
Avast 21/10/2009 18:03:08
Version 091021-0
It's Avast Home Edition Beta
Hope that helps 
Cheers
Marko
OverFlow, I'm guessing this is a false positive then and not some unexpected addition to the LAN driverpack? Just wanted to make sure before I turned off the web-shield for Avast
Cheers
Marko
Trust me. All the DriverPacks are clean!
Thought that, but would av looked a little daft if I didn't ask and allowed a virus in knowlingly - I've used the driverpacks in the past no problem, just this version of Avast is shouting but hopefully he'll flag it to Avast and have it sorted
Cheers
Marko
I was waiting to see if anyone else posted
since the DriverPacks are worked on and then tested by a large team and then released to a large audience Many different virus scanners get a crack at the packs at every stage of development and release... if only one AV program is reporting a result then there is a 99.99 percent likelyhood that it is a false positive.
On the other hand there are hundreds of new viruses and trojans each month...
There is the .01 percent chance that your AV / defs is the first one to be able to detect it...
I would submit to them for review... why take our word for it?... go straight to the source and get the poop.
it would be even better if you could reply here that they responded to you taht they thought it was a false positive.
then you have saved not only yourself, but others in your situation. (they update the definitions for everyone)
"Help us to help you" is the spirit of DriverPacks, a spirit you obviously share with us.
I would have seemed a little daft if I had simply dissmissed you without considering the .01 probablity and anounced there was no virus... and then got bitten by that .01 LOL
Well Done! Excellent report!
Welcome to DriverPacks and we are glad you're here!
PS you never told us which LAN pack version?
OF, I'm not sure if this is connected but the coincedence is a little too strong for my liking - basically I'm now just about to rebuild my computer after integrating the LAN pack into my latest build and using that to rebuild as one of my most successful sites (www.freewarebb.com) has been taken down by a hacker and we have full logs, etc that clearly show FTP connections using passwords only I would know - this has never happened before and I can only presume the alert was a real one and not a false positive as we first thought. Our host was quick to respond and has went into lockdown and is restoring the site as we speak and once I have rebuilt my comp I will PM you the details if you wish for further analysis.
Cheers
Marko
OK, PC rebuilt, passwords all changed and breathing normally once again!.
Now as I say, I can't put the LAN pack at fault for the virus we received but as this has never happened to us before I'm merely going on circumstances, that being when I integrated the LAN pack into a new build of XP yesterday and rebuilt my machine we all of a sudden had our main site taken down and compromised. Our host has confirmed that in his experience the problem could only have been caused by "a trojan/virus has obtained your FTP password and as such your files have been downloaded+modified+uploaded".
Our index file was downloaded and uploaded again in a matter of 3 seconds and many files on the server were modified to render the site useless. They also attempted to include an iFrame in the site to potentially send our members viruses or redirect them to an undesireable site but they basically made a complete ass of things, bottom line is the succeeded in causing us grief.
I don't know how else you could double check the LAN pack and I understand it's obviously checked and used by many many people but in my case I can't put the Trojan down to anything else, I've trawled my own movements and can't recall any such warning on my AV for a long time - I sincerely hope it proves not to be the LAN pack but I thought I'd update you anyway, just in case.
Cheers
Marko
Just to be certain, I'm tearing into the LAN dp now (release/nightlies).
Shields up! Arm the photon torpedoes! Fire all weapons!!!! 
Just completed scans.
DriverPack LAN 8.12.1 -- Clean
DriverPack LAN 9.09.04 -- Clean
Used both Eset NOD32 and Symantec Endpoint Security (both updated to latest engines/defs).
Marko,
RE: I don't know how else you could double check the LAN pack.
As suggested, the best way to deal with this, and put all of our minds at ease, is for you submit the specific file that was flagged to Avast for review. I am sure they have a procedure for this... and since you are their customer you should be supported.
alternately you could link them to the packs download...
A copy of your report from Avast (either clean or dirty) will put us all on the right track.
It never hurts to be careful and vigilant.
Thank you for Reporting it makes DriverPacks better for everyone.
We are now waiting for your response from Avast support...
If they are the first ones to identify this threat then perhaps we may see some new fans for Avast.
There are not many now because of its past history with providing false positives.
the only thing worse than a positive is a false positive . because it wastes huge amounts of time.
Some other popular scanners are also known for wasting our time quite often and are also not used by many of us.
one of two things will result
a. we have a nasty we need to address
b. they have a definition that needs updated.
We are in a holding pattern waiting for your trouble ticket with avast to be answered.
We are unable, internaly, to confirm your report useing other scanners...
Avast is the only avenue that I am aware of to get a resolution at this point.
I agree the coinsidence is huge and worthy of our full attention.
however many of us host sites too...
Me for example, who has every pack ever relelased extracted on his machine.
none of my machines or servers has been compromized - not ever for that matter.
although I do often have some fun with the IPs that appear more than a few thousand times in my logs.
You would be amazed how many would be hackers out there who don't use proxy or a zombie.
Mmmm... script kiddy its whats for dinner...
PS I almost never load a machine with the network cable connected.
(Except on a well protected private corporate network with hardware and software firewalls Including gateway and per machine virus scanning)
It is almost impossable to load a machine these days without getting a virus during the installation , if direct internet access is available to the machine. No protection is in place during this time and patches may not yet be applied.
If we do have a nasty then we would like to know ASAP, Will you continue to help us to help you?
Jeff
Guys, first off I will be the first to apologize if I have this totally wrong, but as I say in my post I can really only go on what I have at the moment and circumstances which at the moment only lead me to one possibility, the LAN driverpack. I will, holding my breath!!!!, download the LAN pack again and flag the alert to Avast and will help in any way I can as your driverpacks have been of immense use to me in the past and hopefully will continue to do so therefore it's really the least I can do. I will, of course, keep you updated on my progress and report from Avast.
Cheers the now
Marko
OK, I now find myslef apologizing profusely for this matter because I can now download the LAN driverpack without any problem at all after rebuild which has me baffled immensely. In my haste, I binned the XP build that affected my PC so I can't even scan it!. I can't possibly imagine where I've picked this virus up from and Avast certainly didn't flag anything other than the LAN driverpack but it's now apparent this is not the case. Egg on my face somewhat, I'm nevertheless relieved the driverpacks aren't affected and I think it's definately time for a new antivirus product as Avast obviously hasn't done it's job - moreso it was giving me wrong information the first time round, still can't put my finger on why it reported such and wrongly allowed what appears to be a Trojan into my system to do it's damage but hope I didn't cause any inconvenience to anyone here.
Somewhat embarassed, Marko
PS, just to be double certain I even scanned the pack using VirusTotal and clean bill of health throughout
Last edited by marko2002 (2009-10-27 10:56:41)
It is always good to err on the side of caution. No harm no foul!
You did exactly what I would expect anyone to do, if you smell smoke pull the fire alarm.
Thank you for reporting. Thank you even more for following up!
Have an awesome day!
By the By you have used some of the best posting technique i have ever seen...
almost as if you wrote How To Ask Questions The Smart Way
LOL, thanks OverFlow, not sure whether to be flattered or embarassed now
Marko
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 3 official extensions. Copyright © 2003–2009 PunBB.
[ Generated in 0.021 seconds, 11 queries executed ]