Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B

Published: 2011-03-09
Last Updated: 2011-03-09 21:48:33 UTC
by Kevin Shortt (Version: 2)
4 comment(s)

Some readers from Montreal, Canada wrote in about a problem with AVG Anti-Virus 2011 Free Edition 10.0.1024.  The issue is with the all PDF's being quarantined and marked as infected by Luhe.Exploit.PDF.B.

 
It has been reported and noted on the above AVG Forum that an affected version is the following:
 
    AVG Anti-virus 2011 Free Edition 10.0.1204, virus database version 1497/3490 

 
The following url is a conversation on the issue:
 
    http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=151679where
 
This seems to be a bug in the definition for Luhe.Exploit.PDF.B.   This does not mean other versions of AVG aren't impacted as well.  Please check your version and verify with AVG.  The current version of the virus database as of writing this diary is 3494 and was released today.  I have no confirmed report that the problem has been resolved yet AVG was aware and working on it.
 
Please share what you're seeing and update the readers.
 
Thanks goes to Heber and Tomas for sending in the information to get it out there.
 
UPDATE:
  AVG has responded to the issue and a new virus database was released earlier today.

  http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=151987#post_151987

  "...a virus database update removing the Re: Luhe.Exploit.PDF.x false alarm (where x stands for BCDEH) has been released on 2011-03-08 21:16:44 CET."
 
 
--
Kevin Shortt
ISC Handler on Duty
 
4 comment(s)
Diary Archives