AVG detect legit file as virus

Published: 2013-03-15
Last Updated: 2013-03-15 12:22:15 UTC
by Mark Baggett (Version: 1)
7 comment(s)

If you have any Windows XP machines running AVG antivirus you may want to check on them and manually update your AV signatures. According to the report below AVG reports that "wintrust.dll" was being flagged as a trojan.    

http://www.h-online.com/security/news/item/AVG-anti-virus-software-mistakes-Windows-system-file-for-a-trojan-1823171.html

I'd say this is an exception to my "Wipe the Drive" rule, but according to reports it only affects Windows XP.    Maybe this is a case of wipe the drive and load a different OS.   ;)

Thanks to the ISC reader who asked to remain anonymous who gave us the head up on this.

Mark

Keywords: malware
7 comment(s)

Comments

as you mentioned before mark, the political fallout can prevent an upgrade
sometimes older systems can be indispensible for some - just like an old banger - sorry, elderly vehicle - they keep going on and on - just disconnect from the internet when the support stops
I'm surprised anyone still uses AVG. After they went on their quarterly nag campaigns, I figured they drove all their users away. It drove me to switch to MSE, that's for sure. While I'm on the subject of AVG, one of their recent Android versions thought a majority of Android applications were malicious. That also drove me to uninstall it on my phone. They're not the same company they used to be 10 years ago.
MSE may not be the better choice. For those unaware, see this:
- http://www.virusbtn.com/vb100/rap-index.xml

.
> MSE may not be the better choice.

But, in Windows 8, the "Windows Defender" built-in anti-virus software is a "rebranded" version of "Microsoft Security Essentials". So, by "default", new computers get MSE -- much better than getting "nothing", which was the norm a decade ago.

I found this by uninstalling the "60-day-free-trial" version of a commercial anti-virus product from a Windows 8 system purchased from Dell -- why needlessly pay for AV software?
I just finished a new install due to a false positive generated by MSE...pattern written to raw device, add fresh bits. Uh oh!!! Today the gig NIC interface started performing some random MAC address insertions (MAC with different upper OEM fields and lower octets address fields. Is anyone seeing this type of behavior. This is one stealthy and persistent APT...
I've had nothing but good results w/ MSE. Your own mileage may vary. Lots of groups out there w/ anti MS agendas. In fact, the mobile version of this page was repeating from Slashdot how Microsoft phones are now dead. Can't know whether that's true w/o some real research on my part, but do know FUD when I see it.
I have had several bad episodes with MSE from a few select customers. In order to stay unbiased I like to use a third party reviewer.
http://www.av-comparatives.org/

Diary Archives