[Resolved: Update virus definitions] AVG confirmed false positive with AnyDVD 6.5.4.4

[billmex]

:disagree: I wish i was as smart s some of you guys. this did the tiack, i really appreciate this fix. i thank , muchas gracias.
billmex

 

[mike_r]

or you could have tried the search I've posted the same solution in another thread too.

 

[DrinkLyeAndDie]

If Slysoft is sick of hearing complaints that their programs are being detected by some virus scanners, they should remove Themida encryption.

That really isn't a solution. Other behaviors in their products have triggered AV products before. Remove Themida and use something else and the problem may happen again anyway. Simply moving away from Themida to use another method is nothing more than admitting some kind of fault. The fault is squarely on the shoulders of the AV vendors for being so loosey goosey with determining something bad.

No offense intended but I also find that many end-users also need to become a bit more knowledgeable. One of the great things about the world these days is that nearly anyone can be online but where there used to be a learning curve to do simple tasks the process is mostly a cakewalk these days. I'm amazed and glad at the number of people who do actually use an AV product which is a great thing but people completely trust the judgement of the AV product and, in many cases, will not use their own judgement and some reasoning skills. If the AV product detects something bad then the company who released the software product simply must have released it with a virus in it. Well, facts are, that in many cases this is completely wrong. It does happen, yes, but that often.

The process has always been the same. If you receive a detection then immediately send the files to you AV vendor for analysis as well as reporting the problem to the software company who released the product being detected as having a virus and do so in a calm manner. Give facts and be concise. Don't go into a hysterical, disappointed, holier-than-thou rant about how a person is shocked and saddened that a company like Slysoft would knowingly pass on a virus to end-users due to poor security practices.

We saw these reports before the use of Themida and we'd possibly see them at one point or another even if they switched away from Themida. Switching isn't really a solution. It's a temporary bandaid.

I'm really not bothered by the reports themselves. It's annoying but easy to resolve if people just send the files for analysis. What bothers me is that some people don't read before posting so they don't see that 20 people already reported the situation and some people react angrily and hysterically. That's what bothers me.

 

[evlncrn8]

think the bandaid didn't quite work, which is unfortunate for slysoft, at best themida 'lasted' 2 days, was it really worth the customer inconvenience it caused for that time?

 

[DrinkLyeAndDie]

I'm actually stunned that this problem still hasn't been resolved by AVG. People have submitted the files, haven't they?

The last issue I had with ESET Smart Security was resolved in about 3 hours when I submitted a file from another software program that was being detected as infected when it was actually a false positive. If it takes AVG this long for a resolution then I'm seriously disappointed in them.

billmex, you need to add the directory and such to your exclusion list as has already been mentioned and ignore the reported infection. This is a false-positive from AVG and the reason the software isn't starting is because AVG is preventing it after removing/quarantining the file detected as being infected.

 

[DrinkLyeAndDie]

think the bandaid didn't quite work, which is unfortunate for slysoft, at best themida 'lasted' 2 days, was it really worth the customer inconvenience it caused for that time?

Considering how easy the temporary solution to get the software installed and the ease with which it is to submit a file to an AV vendor for analysis? Sorry, as a user, just like everyone else, I don't consider that an amazing inconvenience. If anything maybe it should be a wake-up call that a user's AV product maybe isn't exactly the best one to be using. The AV vendor dropped the ball, IMHO.

AVG is nice for the people who use the free version but with my experience with it I saw far more false-positives from it than other AV products. False-positives are an inconvenience. I don't blame software companies for the fault of an AV vendor.

 

[Pelvis Popcan]

The fault is squarely on the shoulders of the AV vendors for being so loosey goosey with determining something bad.

You seem to not understand the fact that Themida encrypts the executable so that it cannot be scanned. It is exactly like a password encrypted zip or rar file.

How is this supposed to be "fixed?" Don't alert on Themida? If you actually want your malware scanner to ignore encrypted executables that it can't scan so that it doesn't give you a warning, then you are vulnerable to Themida encrypted malware. I don't call not ignoring Themida encrypted executables being "loosey goosey" at all.

 

[James]

You seem to not understand the fact that Themida encrypts the executable so that it cannot be scanned. It is exactly like a password encrypted zip or rar file.

How is this supposed to be "fixed?" Don't alert on Themida?

Don't alert on files signed with SlySoft's digital signature?

 

[James]

Personally I don't agree with it. It's a completely unnecessary complication with no benefit whatsoever to the end user. I do realize that software publishers want to protect their code, but pirates usually find ways around it. Software publishers should find more ways to create incentive for people to buy their products, rather than adopting an attitude toward their customers that says, "You might be a pirate, therefore we will assume that you must be a pirate."

Piracy is *not* the reason for using Themida.

 

[Pelvis Popcan]

I apologize, I admit I have strong feelings regarding user rights, so I guess I focus too much on things like Themida and forget that there are other factors at play.

 

[James]

... I have strong feelings regarding user rights ...

Me, too...

 

[DrinkLyeAndDie]

You seem to not understand the fact that Themida encrypts the executable so that it cannot be scanned. It is exactly like a password encrypted zip or rar file.

How is this supposed to be "fixed?" Don't alert on Themida? If you actually want your malware scanner to ignore encrypted executables that it can't scan so that it doesn't give you a warning, then you are vulnerable to Themida encrypted malware. I don't call not ignoring Themida encrypted executables being "loosey goosey" at all.

My point here automatically throwing a big warning "OMG, it's Themida! Run! Hide your children! Hide your wives!" is wrong. Legitimate software uses the protection. It's one thing to post a informative notice but it's another to say, "Bzzzzzt! It's infected." The automatic assumption that every single encrypted executable is an infection is wrong. The fact that an AV vendor would assume that every user will know what Themida is is also wrong.

Automatically fault is thrown on Themida and Slysoft or any other software company using Themida for protection. Sorry, I can't buy that. The AV vendors need to handle things better. You cannot give me a valid reasoning why AVG should still be detecting this as infected after as many days as the beta has been released to the public. It's not even an infection. So, all encrypted data is now infected? Is that how it works? Come on.

I understand what you are saying but I find it an easy excuse and an easy way out to blame Slysoft for using Themida.

 

[ricoman]

Won't AVG allow you to make an exception for Slysoft? I use NOD32 and though it always gives me a warning when I download an exe. file, I just click run. It didn't identify any viruses on the AnyDVD download and many people think that NOD is the best AV software around.

 

[Pelvis Popcan]

It's one thing to post a informative notice but it's another to say, "Bzzzzzt! It's infected." The automatic assumption that every single encrypted executable is an infection is wrong. The fact that an AV vendor would assume that every user will know what Themida is is also wrong.

When you think about it, if you are an Anti Malware developer, Themida is a real threat to your business, because if more and more application developers use Themida, it means that your product is going to become more unreliable as it give instance after instance of warnings that it can't properly scan files due to encryption. Perhaps companies like AVG are deliberatly choosing to "alert" users on Themida files in the way that they are on purpose, as a stance against Themida.

 

[DrinkLyeAndDie]

When you think about it, if you are an Anti Malware developer, Themida is a real threat to your business, because if more and more application developers use Themida, it means that your product is going to become more unreliable as it give instance after instance of warnings that it can't properly scan files due to encryption. Perhaps companies like AVG are deliberatly choosing to "alert" users on Themida files in the way that they are on purpose, as a stance against Themida.

And what you've said makes this an AVG agenda. This falls back on AVG being the one to look at.

Please explain to me why every other AV vendor isn't also screaming to their users that they are infected with Win32/Themida or whatever AVG has named this? So, AVG, which is not the top-ranked AV product, is light years ahead of all other products because they aren't stopping users from installing AnyDVD? And, we once again fall back onto this being an AVG issue. I'm not interested in an AVG agenda to steer people away from using encryption on their executables which may have extremely valid reasons and is an extremely bad move for AVG. Will AVG flag every single protection that encrypts an executable as an infection? You can't honestly not see how such a stance is problematic.

You need to remember AVG is saying this is an infection. That is wrong. This is not a simple informative "just-so-you-know" this might be dangerous. This is an outright "this-is-infected" warning. AVG, agenda or not, is wrong in how they are handling the detection, period.

I'm not speaking for Slysoft since I cannot. I'm simply speaking for myself. I find this entire situation ludicrous. We've now gone from a virus detection and warning to AVG having an agenda to stop developers from using a protection that encrypts executables which is protecting their software. What next?

 

[bilbo65]

It was solved, (for me) yesterday morning with an update of AGV. Was then allowed to install latest beta without a hicup....

 

[DrinkLyeAndDie]

It was solved, (for me) yesterday morning with an update of AGV. Was then allowed to install latest beta without a hicup....

That's good to know. Thanks for the information.

 

[colindale15]

Additionally, please report this bug to AVG. Thank you

Or, use Avast!.

 

[DrinkLyeAndDie]

Apparently AVG has released updated definitions sometime yesterday so people shouldn't still be having this problem with the current betas.

While I am not personally a fan of AVG this thread was about what AVG users should do in the meantime. The case should be closed on this issue for the time being.

 

[AstroBoy]

6.5.4.4 2009 04 29 has a virus?

When I try to run 6.5.4.4, AVG anti virus says it contains a virus.

Thanks.