5 replies to this topic

[ve6msp]

While doing a Full Scan of my system with my lovely school-provided AV program, I came across this in my logs:

08 09 13	11:27:10	Engine version =5300.2777
08 09 13	11:27:10	AntiVirus   DAT version =5383.0000
08 09 13	11:27:10	Number of detection signatures in EXTRA.DAT =None
08 09 13	11:27:10	Names of detection signatures in EXTRA.DAT  =None
08 09 13	11:27:07	Scan Started	<machine>\<user>	Full Scan
08 09 13	12:16:26	Deleted 	Marc	E:\AUTOPATCHER\APUP_BIN\UZ.EXE	Generic Dropper(Trojan)
08 09 13	12:16:29	Deleted 	Marc	e:\Autopatcher\apup_bin\uz.exe	Generic Dropper(Trojan)

I'm just wondering if anyone else has had this problem or of I'm just an unlucky S.O.B. who somehow had his APUP screwed up when it was downloaded.

[James]

Hi ve6msp

There is NO virus.

How old are your virus definitions? This is an old problem, of a false detection, that was solved a couple of months back by the AV vendors all issuing new definitions.

See, for example my post HERE dated 7-July-2008. I had a reply from F-Secure which said:

Quote

Thank you for your e-mail.
The file you submitted is indeed clean. A database update will be released to resolve this issue.

Secondly, have you downloaded the latest version of APUP?
uz.exe is no longer supplied or used, but it may remain on your disk from earlier versions.

--

[ve6msp]

James, on Sep 13 2008, 01:35 PM, said:

Hi ve6msp

There is NO virus.

How old are your virus definitions? This is an old problem, of a false detection, that was solved a couple of months back by the AV vendors all issuing new definitions.

Secondly, have you downloaded the latest version of APUP?
uz.exe is no longer supplied or used, but it may remain on your disk from earlier versions.

--

Definitions are the newest as of five minutes before that scan, so yesterday morning, so it can't be an old-definition problem. As for the version of APUP, it's 1.05 or whatever the newest one is - the one I got from the site about a month ago when I reinstalled Windows on this PC. So either I got screwed from the mirror, or something else bad happened, or else, as I said, I'm just a really unlucky SOB. Probably the latter.

[James]

ve6msp

Thank you for confirming that you have used new McAfee definitions.
This now means that there is a regression error by McAfee. In that sense, this is a repeat of an old problem. There still is no virus in uz.exe.

Insiders in the Anti-Virus industry know that these definitions are not as reliable as users believe. They are particularly bad for programs written in Visual Basic because people like McAfee almost never test them on things like AutoPatcher. They can't, because they don't have the time.

Also, for the other things you said:

ve6msp, on Sep 14 2008, 10:50 PM, said:

As for the version of APUP, it's 1.05 or whatever the newest one is - the one I got from the site about a month ago when I reinstalled Windows on this PC. So either I got screwed from the mirror, or ...

1) A month ago APUP was 1.04.
2) If you have run it in the last week, it should have updated itself to 1.05
3) APUP should always only be downloaded from autopatcher.com.
4) We do not use and do not recommend mirrors.

--

[James]

Declan

Thanks for the report. See the VB in Worm.VB.DZ? That more or less confirms my last post. It simply means that the virus writer used Visual Basic.

But then half the single-author programs on the planet are written in Visual Basic! Both good and bad.

Also please note what I said in my first reply:

James, on Sep 13 2008, 08:35 PM, said:

uz.exe is no longer supplied or used, but it may remain on your disk from earlier versions.

You can delete uz.exe if you wish.

--