Marion Waine Posted March 7, 2010 Report Posted March 7, 2010 Hi This morning two of the PTE exe files from the competition I am running have been picked up by the AVG Resident Shield alert as having the Trojan horse BackDoor.Hupigon5.ARYN virus. I scanned them before I put them on the machine and they were fine, I opened the folder last night and it didn't pick them up then. In the past AVG has removed exe files with 'viruses' which weren't. I am assuming this is the case here?Marion Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 MARIONDISABLE THE RESIDENT SHIELD ASAP PLEASE SUPPLY THE FORUMALL INFO ON YOUR VERSION OF AVGDO YOU KNOW WHAT VERSION OF PTE MADE THE SHOWSmy avg specs arevirus db =271.1/2728avg ver = 9.0.733I HAVE ASST EXE'S that i keep for testing and they test okalso seehttp://www.picturestoexe.com/forums/index.php?showtopic=8165&pid=51457&st=0entry51457ken Quote
Marion Waine Posted March 7, 2010 Author Report Posted March 7, 2010 Hi KenSorry, I don't know the version they are made on as they are competition entries, I would assume it would be a version of PTE6 as they are from two of Britain's top workers. - I have moved them to the virus vault for now and updated AVG (free version) which is now 9.0.733 the Virus db is 271.1.1/2728 - I then inserted the CD I received with one on and it still finds the virus. MarionMARIONDISABLE THE RESIDENT SHIELD ASAP PLEASE SUPPLY THE FORUMALL INFO ON YOUR VERSION OF AVGDO YOU KNOW WHAT VERSION OF PTE MADE THE SHOWSmy avg specs arevirus db =271.1/2728avg ver = 9.0.733I HAVE ASST EXE'S that i keep for testing and they test okalso seehttp://www.picturestoexe.com/forums/index.php?showtopic=8165&pid=51457&st=0entry51457ken Quote
Marion Waine Posted March 7, 2010 Author Report Posted March 7, 2010 Hi againMeant to say that I think the AV's were made last year as one was entered into the Nationals. I did try to contact AVG but couldn't find a direct route as it's the free version I am using!Marion Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 MARION YOU MUST DISABLE THE RESIDENT SHIELD ASAPDO YOU HAVE ANOTHER COMPUTER YOU CHECK THE CD ON WITH ANOTHER AV PROGRAMCAN YOU PUT THEM UP TO MEDIAFIRE IN ZIPS AND THEN WE CAN VERIFY THEMAS LONG AS THE RESIDENT SHIELD IS ACTIVE YOU WILL NOT BE ABLE TO RUN THEM - -YOU MAY NNOT EVEN BE ABLE TO UPLOAD THEM WITH IT ACTIVEI LOST TOO MANY EXE'S TO COUNT WHEN AVG PUT THEM IN THE VAULT -- THEY WOULD PLAY NO MOREKEN Quote
Marion Waine Posted March 7, 2010 Author Report Posted March 7, 2010 Hi KenSorry, I don't know the version they are made on as they are competition entries, I would assume it would be a version of PTE6 as they are from two of Britain's top workers. - I have moved them to the virus vault for now and updated AVG (free version) which is now 9.0.733 the Virus db is 271.1.1/2728 - I then inserted the CD I received with one on and it still finds the virus. MarionMARIONDISABLE THE RESIDENT SHIELD ASAP PLEASE SUPPLY THE FORUMALL INFO ON YOUR VERSION OF AVGDO YOU KNOW WHAT VERSION OF PTE MADE THE SHOWSmy avg specs arevirus db =271.1/2728avg ver = 9.0.733I HAVE ASST EXE'S that i keep for testing and they test okalso seehttp://www.picturestoexe.com/forums/index.php?showtopic=8165&pid=51457&st=0entry51457ken Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 YOU MUST DISABLE THE RESIDENT SHIELD ASAPcan you contact the owners and advise them of the predicamentthink you are typing as i am typing as you are not answering all my questions ken Quote
Marion Waine Posted March 7, 2010 Author Report Posted March 7, 2010 Hi Sorry I added the reply twice! I have spoken to one of the authors and it's version 4.48 if that helps!Marion Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 yes we had some false positives with that version as i recallI have advised Igor and the other moderartors who i have working email addies of the situation - generally Igor can get AVG to rectify their data base within a dayi will check my 4.48 shows and get back to forumken Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 YES MY VER 4.8 IS SHOWING A VIRUS WITH CURRENT AVG DATABASE I CLICKED IGNORE BUT STILL WOULD NOT PLAYDISABLED RESIDENT SHIELD AND SAME EXE NOW PLAYSKEN Quote
Marion Waine Posted March 7, 2010 Author Report Posted March 7, 2010 Hi KenThanks for your help Ken, I will keep updating the Virus data base and testing a sequence until it is fixed! Marion Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 4.42 TESTED FINE WITH RESIDENT SHIELD ENABLED [CALENDAR COLLECTION]4.49 FILE TESTED OK WITH RESIDENT SHIELD ENABLED [FILE NAME 50TH FULL SIZE 4]KEN Quote
nobeefstu Posted March 7, 2010 Report Posted March 7, 2010 Marion,Have you Disabled your AVG as Ken suggested ?I dont have AVG to tell you how to proceed to do so.Possible Fix:If it is a Version 6 executable file and you have some safe zone (drive or folders excluded from AVG) ... you could try whats called decompress or unpack of the executable. Unpacking the executable file sometimes resolves false positives due to file compression.PTE v6 now packs its executables using a UPX packer ... and on occasions many virus protections read this packing as a possible rogue till their definitions are sorted out and updated. Older PTE version executables are compressed or packed using ASPack and not UPX. ASPack is not open source and is not unpacked in the same method.How to Unpack or Decompress using UPX :Create a Bat File :1. Create a Bat file using notepad and name it Upx unpack.bat2. Enter this text string value using notepad into the Bat file :upx -d upx.exe "yourname slideshow.exe" **Use your exe filename inside the quotes.3. Save the file.Decompress the File :1. Create a new folder in your PCs safe zone (drive or folders excluded from AVG or protection)2. Copy the UPX.exe from PTE's All\Components\UPX folder to the new safe zone folder.3. Copy the PTE show executable to the new safe zone folder.4. Copy the Upx unpack.bat to the new safe zone folder.5. Run or double-click the Upx unpack.bat file6. If the Slideshow.exe is a version 6 file ... it will then be decompressed or unpacked in a matter of seconds depending on its size.7. Copy the now decompressed or unpacked Slideshow.exe into your Protected Zone or drive and verify its acceptance.Please Note : Some users may find this procedure too complicated and extensive ... but it has worked for me on many occasions and not just for PTE executables when testing for false positives due to file compression.** If you already have the right compression/decompression tools ... its real easy and fast and dont have to go thru the above method..See layout image: Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 STU it is a 4.48 show avg will not allow you to do anything with the file till you disable resident shieldfrom the avg guicomponentsresident shieldbottom of screen disablesavethere will not likely be a fix for a couple days by avg -- it is the weekend Igor will have to exercise some muscle:) Quote
nobeefstu Posted March 7, 2010 Report Posted March 7, 2010 Thanks Ken,Since the file is a version 448 ... it could possibly be fixed by updating it with the v449 patch tool. It will fix the bug issue associated with v440-448 versions as described below------As mentioned by Igor some time ago:We decided update old version 4.xx of PicturesToExe because it contained unplesant bug. Slideshows with music/sounds can't exit by Esc key or at end of a show under Windows Vista on dual-core CPU based PCs.Also we prepared special utility which patches EXE file of slideshows created with old versions from 4.40 to 4.48 and it updates slideshow's engine to version 4.49 and solves this bug:http://www.wnsoft.com/apr/pte449patch.zip (400 KB)This utility automatically recognizes EXE files and will not modify already patched EXE files or more new 5.00 slideshow where there is no problem.We apologize for this problem. -----Applying the 449 patch tool may resolve the current AVG issue. Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 Stui think she will still need to disable the resident shield to do anything - am surprised she was able to transfer them from the cdand i believe she has the exe and not the whole package so she cant run patch - the author has token Quote
nobeefstu Posted March 7, 2010 Report Posted March 7, 2010 Ken,I believe any user can apply the v449 patch to the v440-448 exe(s). The patch applies to the slideshow exe file and the .pte project file is not required.Ive never had to use the 449 patch myself .... only sure way to see if the patch resolves the AVG issue is to actually test by applying the patch.First as you say ...the user has to have AVG disabled or some safe zone to apply it to the slideshow. Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 Stu et al tried the patch on my test file [D:\P2E SHOWS - d 1pictures WORKING FOLDER\1_TOUR 2003 COPY]patch came back with message unable to open file also avg gave warning it was a virus -- disabled avg resident shieldpatch replyAptching file: D:\P2E SHOWS - d 1pictures WORKING FOLDER\1_TOUR 2003 COPY\TOUR_2003_DVD_rev 448.exeunsupported fileso shut patch down and restarted it - same error messageso then i opened the original 4.48 version with 4.49 saveas and created as with new names - enabled the resident shield and tested the 4.49 exe okbut the patch would not fix the 4.48 verthis brings up another point re file names -- if i had not named these files as i did it would be a challenge to find out what i made this show with as the original was started with ver 4.2 in nov 2003kenken Quote
Ken Cox Posted March 7, 2010 Report Posted March 7, 2010 further to the above until this avg database is repaired i suspect if you run a spybot scan or similar, whenever it checks the exe's it will cause AVG to kick in telling you that you have a virus ken Quote
Marion Waine Posted March 8, 2010 Author Report Posted March 8, 2010 HiI tried the CD again late last night (I am trying to play the sequence directly from the CD so didn't try copying it onto the PC as mentioned by Ken) - it worked - no virus. I then discovered that the sequences I had placed in the virus vault had been returned to their original folder. I haven't played them fully but they start ok. I always have the Resident Shield set to 'Ask me before removing threats' so at least I have control.Thanks to everyone for all the help getting it sorted.Marion Quote
Ken Cox Posted March 8, 2010 Report Posted March 8, 2010 Marion glad you have things under control, and glad to hear you were able to recover from the vault - they must have changed things because years ago when it happened to me I was not able to use the exe's and had to remake them. On other occasions members have suffered the same as me. It is no big deal as long as you have all the components to remake the exe.ken Quote
Ken Cox Posted March 9, 2010 Report Posted March 9, 2010 update on AVG this morning I updated the database of AVG - regular daily updateGrisoft AVG Ver.9.0 bld. 733/Virus Database: 271.1.1/2732 UPDATED March 9, 2010I tested my 448 show and it tested okso I went further and started my #2 system and updated AVG as above - this system is used to test updates etc. - the ms and anti virus updates are all current - same will not run Ver 6 PTE - not enough horsepowerchecked system for a copy of 448 -- not there, so transferred a copy of 448 zip over the network PicturesToExe v4.48 (March 28, 2006)there is a working copy of 449 on the system [ no 449 patch on system]but the problem was with 4.48 so stayed with it installed 448 and opened a 442 show and saved it as a 448 showran AVG tested fineIt would be interesting if Marion would update her database - put her security back to normal and see if every thing is okalso Barry should inform his crew of my findings ken Quote
Antbrewer Posted March 9, 2010 Report Posted March 9, 2010 Regarding the fact that AVG seems to block everything it can my way around this issue when I had a problem was to reconfigure the Resident Shield using 'Manage exceptions' (on the Resident Shield window) . I instructed it to ignore all Exe files and their paths. This stopped the wretched software from scanning the whole file everytime I opened any new one or the long list of existing exe fles in my folder on my computer.I have done this on both this laptop using AVG 9 free and on my desktop using AVG 9 licenced. I (dare I say this?) have not had a problem since.Anthony Quote
Ken Cox Posted March 10, 2010 Report Posted March 10, 2010 AnthonyIMHO i think that is kind of dangerous -- i would rather know of a possible problem and try and resolve the issue or let others know so they can have a look as well to assist AND PROVIDE FEEDBACK on the issuethis has been going on for a number of yearsa bit from my AVG PTE logBARRY'S LAKESIDE SHOW IS SHOWING A THREAT - SAME AS LAST TIMEthat show was from my nov 2005 archive fileGrisoft AVG Ver.: 7.5.485/Virus Database: 269. 13.16 1004 UPDATED Sept. 12 07alsoGrisoft AVG Ver.: 7.5.485/Virus Database: 269. 13.16 1005 UPDATED Sept. 13 07 Showing Barry's show as threathttp://www.picturestoexe.com/forums/index....c=7192&st=0peru and kula shows test cleanand another slide show from ver 4.30 tests cleanken Igor QuoteAVG mistakenly marked EXE files created with old version 4.40 as a virus. Of course, no viruses there.I'll contact to AVG to ask them fix this problem.  Thursday, August 16, 2007Grisoft AVG Ver.: 7.5.476/Virus Database: 268. 0.0 9.53 UPDATED Aug 14 07 showing false on barry beckham’s sept 2005 lakeside – in nov 2005 dl dvD as well as many others on the nov 2005 DVDGrisoft AVG Ver.: 7.5.484/Virus Database: 269. 12.0 957 UPDATED Aug 16 07 -reinstalledhttp://www.picturestoexe.com/forums/index.php?s=&showtopic=7192&view=findpost&p=44878http://www.picturestoexe.com/forums/index.php?s=&showtopic=5434&view=findpost&p=36212Ver. 3.60 ptefalse virus on p2e AVG.Grisoft AVG Ver.: 7.0.344/Virus Database:267. 11.13/124 Release Oct 7 /2005 – and unable to restore http://www.picturestoexe.com/forums/index.php?showtopic=3681so the bottom line is the sooner we are aware of the problem the sooner Igor can get after the supplier -- ken Quote
Antbrewer Posted March 10, 2010 Report Posted March 10, 2010 Hi Ken,Seemingly nothing dangerous about bypassing AVG scanning items known to be virus free. The software allows for those eclusions and and who wants to wait ages before one can open a safe file. My Resident Shield is operating all the time for everything else thrown at it.We may be talking at cross purposes here?However I appreciate your thoughts.Anthony Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.