Avast is detecting a lot of files as viruses in the autopatcher folder eg the modules.exe, AddOns.exe, DelMSJava_x86_files.exe, CopyProvile_xp_x86_files.exe, ColorcontrolPanel_x86_fils.exe, ActiveSync_enu_files.exe, Bin.exe and apup_in.exe files. All of them are clasified as Win32:Hakaglang [worm]
Are these false positives as well?
I have also scanned my whole pc, and these are the only files which are infected.
Thanks.
Prezriw
2
avast home ed
Started by Prezriw, Apr 01 2009 08:05 AM
4 replies to this topic
#2
-
- Veterans
-
- 3,851 posts
Super Helpful Guy
- Gender:Male
- Location:Brazil (Santa Maria - RS)
Posted 01 April 2009 - 10:18 AM
> Are these false positives as well?
no. when you run autopatcher, at the right corner you may see an tag that says "official" or "unofficial"? the most probable reason for your issue is that you got some virus into that files, in the download process or something like that, breaking our check system and making your release unofficial.
by the way: all those files that you have pointed also virus are shared between all releases. i have in my machine almost all them and i us to scan my system every single day, with mcafee total protection (yes, i know. we had issues with mcafee in the past, but i have 12 licenses for this one and my signature only will expire in 12/2009...) and it doesn't show nothing wrong. so, my bet is that you got that virus into the machine that you have choose to download those files or you got an virus that is hiding himself into your system,, fooling your anti-virus.
just an idea: do an double-check into your sytem, with some of those (not just one, please. you must be sure that there's nothing into your system). panda us to have issues with avast, so, please, chose another one:
http://www.eset.com/...escan/index.php
http://us.mcafee.com...mfs/default.asp
http://www.pandasecu...com/activescan/
http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
http://security.symantec.com/sscv6/default...r&venid=sym
http://support.f-sec.../home/ols.shtml
http://onecare.live....t.htm?s_cid=sah
after double-check your system, just delete every single file that any of those point also virus or even remove your entire apup folder. then, download apup again, from our download page:
http://www.autopatcher.com/downloads/
and run it again. it will re-download everything that have changed his signature and virus us to do that.
i was almost forgetting: you downloaded apup through rapidshare or similar sites, torrent/emule? the only one reliable source for that is in here, because the files that apup downloads come straight from ms website
and, by the way: we don't have any file names addons.exe, so i believe that you just have downloaded an fake version (and there's several around here). if you have downloaded it from rapidshare, etc, just delete the entire content of apup folder. you may have downloaded a bunch of virus
[]s
no. when you run autopatcher, at the right corner you may see an tag that says "official" or "unofficial"? the most probable reason for your issue is that you got some virus into that files, in the download process or something like that, breaking our check system and making your release unofficial.
by the way: all those files that you have pointed also virus are shared between all releases. i have in my machine almost all them and i us to scan my system every single day, with mcafee total protection (yes, i know. we had issues with mcafee in the past, but i have 12 licenses for this one and my signature only will expire in 12/2009...) and it doesn't show nothing wrong. so, my bet is that you got that virus into the machine that you have choose to download those files or you got an virus that is hiding himself into your system,, fooling your anti-virus.
just an idea: do an double-check into your sytem, with some of those (not just one, please. you must be sure that there's nothing into your system). panda us to have issues with avast, so, please, chose another one:
http://www.eset.com/...escan/index.php
http://us.mcafee.com...mfs/default.asp
http://www.pandasecu...com/activescan/
http://www.kaspersky.com/virusscanner
http://housecall.trendmicro.com/
http://security.symantec.com/sscv6/default...r&venid=sym
http://support.f-sec.../home/ols.shtml
http://onecare.live....t.htm?s_cid=sah
after double-check your system, just delete every single file that any of those point also virus or even remove your entire apup folder. then, download apup again, from our download page:
http://www.autopatcher.com/downloads/
and run it again. it will re-download everything that have changed his signature and virus us to do that.
i was almost forgetting: you downloaded apup through rapidshare or similar sites, torrent/emule? the only one reliable source for that is in here, because the files that apup downloads come straight from ms website
and, by the way: we don't have any file names addons.exe, so i believe that you just have downloaded an fake version (and there's several around here). if you have downloaded it from rapidshare, etc, just delete the entire content of apup folder. you may have downloaded a bunch of virus
[]s
#3
-
- Veterans
-
- 1,466 posts
audi 5k
- Gender:Male
Posted 01 April 2009 - 11:01 AM
Quote
you downloaded apup through rapidshare or similar sites, torrent/emule?
If in fact the OP did download an infected AutoPatcher/APUP release or simply got their box infected, it is easy to see how this one act can create a headache for both the OP and any software developer. Please do not download AutoPatcher/APUP from any other source other than autopatcher.com, and keep your pc clean through the regular use of reliable scanning tools.
Believe it or not, one purpose for the creation of AutoPatcher/APUP is to keep your PC safe by making the update process much easier.
Mike
#4
-
- Members
-
- 51 posts
Advanced Member
- Gender:Male
- Location:Trinidad, W.I.
Posted 01 April 2009 - 12:30 PM
It's a legitimate virus you got there Prezriw. W32:SillyFDC
http://www.symantec.com/security_response/...-99&tabid=2
http://www.sophos.com/security/analyses/vi...sillyfdcbu.html
Make sure you have antivirus on your PC's before connecting to internet. If/when using flash drives to patch machines that have been exposed (no AV, no FW, no patches) scan your flash before and after, or else you'll just end up infecting your PC as well.
So to conclude, no... it is not a false positive, it's very very real.
APUP.exe neither Autopatcher.exe have any sort of virus code.
The files modules.exe, AddOns.exe, DelMSJava_x86_files.exe, CopyProvile_xp_x86_files.exe, ColorcontrolPanel_x86_fils.exe, ActiveSync_enu_files.exe, Bin.exe and apup_in.exe are not part of the release.
http://www.symantec.com/security_response/...-99&tabid=2
http://www.sophos.com/security/analyses/vi...sillyfdcbu.html
Quote
It then scans the compromised computer to create copies of itself in various folders. It will use the existing folder name as its new file name. For example, ABC folder will have a copy of the virus inside the folder as ABC.exe.
Make sure you have antivirus on your PC's before connecting to internet. If/when using flash drives to patch machines that have been exposed (no AV, no FW, no patches) scan your flash before and after, or else you'll just end up infecting your PC as well.
So to conclude, no... it is not a false positive, it's very very real.
APUP.exe neither Autopatcher.exe have any sort of virus code.
The files modules.exe, AddOns.exe, DelMSJava_x86_files.exe, CopyProvile_xp_x86_files.exe, ColorcontrolPanel_x86_fils.exe, ActiveSync_enu_files.exe, Bin.exe and apup_in.exe are not part of the release.
#5
-
- Members
-
- 2 posts
Newbie
Posted 01 April 2009 - 02:46 PM
Thanks,
Well what i can tell you is that i got autopatcher from this site. Must have been infected by some other means on my pc.
Thanks again.
Well what i can tell you is that i got autopatcher from this site. Must have been infected by some other means on my pc.
Thanks again.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
