Barry Beckham Posted September 28, 2011 Report Posted September 28, 2011 Igor and the wnsoft teamAvast Virus SoftwareThis morning I went to run a short demo I made yesterday in pte7 and it was intercepted by Avast virus software and removed without giving me any option to stop it. I had to retrieve the file from the virus vault, but if I run it, Avast intercepts it again. I have informed Avast via a feedback system they have within their software, but perhaps the wnsoft team would carry more weight.This needs to be fixed and quick Quote
Conflow Posted September 29, 2011 Report Posted September 29, 2011 Igor and the wnsoft teamAvast Virus SoftwareThis morning I went to run a short demo I made yesterday in pte7 and it was intercepted by Avast virus software and removed without giving me any option to stop it. I had to retrieve the file from the virus vault, but if I run it, Avast intercepts it again. I have informed Avast via a feedback system they have within their software, but perhaps the wnsoft team would carry more weight.This needs to be fixed and quickBarry,There is nothing wrong with AVAST A/V we have been using it for years. Its just that you haven't read the Manualand what its doing is normal behaviour. You have not gone into Settings and personalised its 'Sandbox-Settings'and to do what you need it to do !! (See below).Brian (C0nflow) Quote
Barry Beckham Posted September 29, 2011 Author Report Posted September 29, 2011 I am aware of sandbox and even with the auto option selected it is picking up the exe files and removing them to the vault.In fact I have just discovered on another machine that its worse than that.Its also preventing an exe file even being created in PTE7 Quote
goddi Posted September 29, 2011 Report Posted September 29, 2011 Igor and the wnsoft teamAvast Virus SoftwareThis morning I went to run a short demo I made yesterday in pte7 and it was intercepted by Avast virus software and removed without giving me any option to stop it. I had to retrieve the file from the virus vault, but if I run it, Avast intercepts it again. I have informed Avast via a feedback system they have within their software, but perhaps the wnsoft team would carry more weight.This needs to be fixed and quick===========================I am in the same boat. Today, I discovered I got the same Win32:Malware-gen virus. I have been trying to get rid of the virus but no luck yet. Avast said it blocked and quarantined the bad file and then its scans says there no viruses. But it did not eliminate the virus. I ran another virus elimination program from Emsisoft and it said the virus is 'Gen.Trojan.Heur'. It quarantined 59 of my PTE exe files, so far. I thought Avast was good enough to prevent malware but it does not seem to work that well. Attached is the first notification that I got from Avast.If you come across a fix, I'd like to know. When I try to Publish an exe, PTE will freeze.GaryP.S. I have the Sandbox active but it did not help. Quote
cjdnzl Posted September 29, 2011 Report Posted September 29, 2011 It's gotten to the stage now where the solution is worse than the problem. I ditched all the anti-V programs and now I just have ZoneAlarm Extreme Security. I struck an infected site a day or so ago, and ZAES jumped up, noted the trojan, gave me the option of what to do with it, then quarantined it.None of my collection of PTE shows are stopped by ZAES, and PTE 7 runs smoothly, as does the EXE compilation. Quote
paulziets Posted September 29, 2011 Report Posted September 29, 2011 So far, touch wood, my anti-virus software (ESET's NOD32) is working fine and gives no false positives.Regards, Paul Quote
Barry Beckham Posted September 29, 2011 Author Report Posted September 29, 2011 ConflowYou will notice I didn't say there was anything wrong with Avast and I have no wish to move away from it. The post was to ensure Igor knew, so he could get it sorted quickly. However, some will believe its a PTE issue and when the word virus is mentioned they panic.Sooner or later, it seems to occur to most virus programs, certainly 4-5 come to mind that have all had their moments. Most put right the problem in a day or so and many people may never become aware of it. Quote
stonemason Posted September 29, 2011 Report Posted September 29, 2011 Hi BarryIf you do consider an alternative then I can recommend COMODO Internet security http://www.comodo.com/home/internet-security/free-internet-security.php it's free and an AV and firewall complete package. I have been using it for about 2 years and am more than satisfied.regardsGeoff Quote
Barry Beckham Posted September 29, 2011 Author Report Posted September 29, 2011 GeoffThanks for that, but It will clear in a day or so when the penny drops that something is amis. This is the first time I have experienced virus software stopping an exe being created from within PTE though. Quote
Conflow Posted September 29, 2011 Report Posted September 29, 2011 ConflowYou will notice I didn't say there was anything wrong with Avast and I have no wish to move away from it. The post was to ensure Igor knew, so he could get it sorted quickly. However, some will believe its a PTE issue and when the word virus is mentioned they panic.Sooner or later, it seems to occur to most virus programs, certainly 4-5 come to mind that have all had their moments. Most put right the problem in a day or so and many people may never become aware of it.Barry,Thats fair comment ~ I now get the 'jist' of what your're doing.For Avast UsersAvast is one of the very few AV-Programs which uses (professional) 'Sandbox-Utilities' very much like 'Professional Norton Executive'.1)It checks everything coming-in and going-out from your PC together with active supervision of your running Programs.2)If it see's something like an 'active-script' execution or a Program running 'scripts' which it does not recognise it will 'Auto-Sandbox' it.3)Its up to the "User" to tell it that such 'auto-scripts' are quite normal and benign whereafter it checks and excludes them from 'Sandboxing'.4)Having said that, Avast now recognises the 'genesis and behaviour' of such selected Programs and it wont interfere with these unless there hasbeen radical changes in behaviour of such ~where after~ again it will "Warn-You" of such changes.5)The 'Attachment' shows you ~ How to manually set-up the 'Sandbox-Utility' so you have absolute control over it.Hope this helps...Brian (Conflow) Quote
Barry Beckham Posted September 29, 2011 Author Report Posted September 29, 2011 BrianBut that is not the issue. It has a problem that needs to be fixed, the sand box and setting it up doesn't change a thing. Its obviously an error, because you should get a message asking you if you want to open the file normally or in the snadbox. You don't get that here and it won't allow you to create an exe file.In fact it then locks up PTE and a re-boot is required, hardly normal AV activity Quote
Igor Posted September 29, 2011 Report Posted September 29, 2011 Thank you, Barry!I just sent my report to Avast Software on this false positive.Please send as possible more reports/complaints to Avast to speed up solving of this problem. Quote
goddi Posted September 29, 2011 Report Posted September 29, 2011 BrianBut that is not the issue. It has a problem that needs to be fixed, the sand box and setting it up doesn't change a thing. Its obviously an error, because you should get a message asking you if you want to open the file normally or in the snadbox. You don't get that here and it won't allow you to create an exe file.In fact it then locks up PTE and a re-boot is required, hardly normal AV activity ============================The bottom line for me is that Avast said it blocked the virus in one file. Avast deep scans says everything is OK. I run another program,Emisisoft Anti-Malware, and it comes up with 59 PTE exe files that have been contaminated. Does not give me too much confidence. GaryAdded later: Igor, I don't think it is a false positive. Another anti-virus program picked up the virus. PTE freezes when I try to Publish an exe. This has happened one before to me some years ago. I don't remember how I fixed it but I believe it is a real virus, not a false positive. Quote
Ken Cox Posted September 29, 2011 Report Posted September 29, 2011 did you run it thru the site Igor has posted for that purpose - I also posted the link within the last 2 weeksken Quote
goddi Posted September 29, 2011 Report Posted September 29, 2011 did you run it thru the site Igor has posted for that purpose - I also posted the link within the last 2 weeksken=========================Ken,If you are asking if I submitted a report to the Avast Tech site on this issue, yes I did. If this is not what you are referring to, please be more specific. Thanks.Gary Quote
goddi Posted September 29, 2011 Report Posted September 29, 2011 Igor and the wnsoft teamAvast Virus SoftwareThis morning I went to run a short demo I made yesterday in pte7 and it was intercepted by Avast virus software and removed without giving me any option to stop it. I had to retrieve the file from the virus vault, but if I run it, Avast intercepts it again. I have informed Avast via a feedback system they have within their software, but perhaps the wnsoft team would carry more weight.This needs to be fixed and quick====================I just got a reply from Avast. You might already have this info but here is what I got. I am in the process of following their steps:Hello,Thank you for contacting AVAST Software company with your concerns.Make sure you have uploaded last virus definition and tle latest version of avast.1. open avast2. click on "Maintenance"3. select "Update"4. scan your PC again - run boot time scan If you are using Windows NT, ME, 2000, XP, Vista or Windows 7, disable the system restore feature - http://support.microsoft.com/kb/264887The system restore feature can be re-enabled after the virus removal process is completed.To acivate Boot-time scan, start avast!, and click on "Scan Computer" on the left side of the screen. From the menu select "boot-time scan" and then click on "Schedule". Then restart your computer and the scan will start automatically. Move any viruses found to the virus chest.Miroslav JenÅ¡ÃkAVAST Software a.s.Gary Quote
Ken Cox Posted September 29, 2011 Report Posted September 29, 2011 this is the link that igor issued eons agohttp://www.virustotal.com/for members to test exesplease put it in your collectionken Quote
goddi Posted September 29, 2011 Report Posted September 29, 2011 this is the link that igor issued eons agohttp://www.virustotal.com/for members to test exesplease put it in your collectionken========================Thanks for the link. Each time I try to Publish a show to an exe, the Avast Malware notification indicates the 'Object' (of the virus?) is ...'TempPteViewed.....exe'. So I ran each of the exe files in the PTE program folder (PteViewer5.exe; PCExecutables.ese; and PicturesToExe.exe) through the VirusTotal site you mentioned. The Win32:Malware-gen did not show up but some other results showed. I have attached gifs of the section of the reports. But, perhaps these are false positives (?).This morining, I re-ran the Emsisoft anti-malware program and the results were "no suspect files were detected during the scan." I then ran the Avast boot-time scan, as they instructed. The results were that there was no "malware detected." However, I then tried to create an 'exe' file in the Pictures To Exe program but it, again, said "The threat was detected and blocked...". So it is there but I can't find a way to find and eliminate it.Does anyone have any ideas to find/eliminated the virus?Gary Quote
goddi Posted September 29, 2011 Report Posted September 29, 2011 Igor and the wnsoft teamAvast Virus SoftwareThis morning I went to run a short demo I made yesterday in pte7 and it was intercepted by Avast virus software and removed without giving me any option to stop it. I had to retrieve the file from the virus vault, but if I run it, Avast intercepts it again. I have informed Avast via a feedback system they have within their software, but perhaps the wnsoft team would carry more weight.This needs to be fixed and quick====================Barry,I think I found the solution. I came across a program called ComboFix. I ran it and it fixed the problem. I don't know what it did or what it changed, but I can now Publish exe's with no problem. See if it works for you. It will give you the results log as a txt file, but it is a lot of data that I can't see what corrected the problem.Garyhttp://www.geekstogo...mbofix-by-subs/(But there is a warning: ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use.)Added later:Barry, I was able to Publish exe's right after I ran ComboFix with no problems or virus warnings. HOWEVER, after I did a re-boot, the dang virus came back. It is back to Avast showing the same virus and locking up when I run the Publish.Stumped...Gary==============================Added even later:I figured out why I did not have a problem with running Publish after I ran ComboFix. I had not turned Avast back on. It had to be off when running ComboFix. So there was nothing to indicate that a virus was present. So when I rebooted, Avast was turned on again and Avast started to indicate that I have a virus, still.Gary Quote
goddi Posted September 29, 2011 Report Posted September 29, 2011 Igor and the wnsoft teamAvast Virus SoftwareThis morning I went to run a short demo I made yesterday in pte7 and it was intercepted by Avast virus software and removed without giving me any option to stop it. I had to retrieve the file from the virus vault, but if I run it, Avast intercepts it again. I have informed Avast via a feedback system they have within their software, but perhaps the wnsoft team would carry more weight.This needs to be fixed and quick==============================Ok...after two full days of tinkering with this problem, I think I finally found the fix.I turned off Avast and installed AVG-Free. I ran the AVG-Free scan and it found 2 'rootkits'. It was able to remove them.I then tried to Publish several exe's, and they worked with no problem.I turned off AVG-Free and turned Avast back on.I tried to Publish several exe's and they all worked with no problem. No virus notices came up.So it seems that AVG-Free can find and remove the virus but Avast could not.Fingers crossed, this problem might be solved.Gary Quote
Igor Posted September 30, 2011 Report Posted September 30, 2011 Avast Software company has confirmed a solution of this problem today. Quote
goddi Posted September 30, 2011 Report Posted September 30, 2011 Avast Software company has confirmed solution of this problem today.====================Barry,What did you do to get rid of the virus?Igor,Thanks for the info. I also submitted a report to Avast. Did Avast give you any details as to what they are doing concerning this virus?I have had a similar problem before of a virus attaching exe files created by PTE. No other exe's were attacked. Is there a particular vulnerability in the PTE exe's or is this just a random occurance? As I mentioned above, 59 PTE exe's were quarantined. Thanks...Gary Quote
Lin Evans Posted September 30, 2011 Report Posted September 30, 2011 Gary,It's not a virus - it's an Avast problem with a false positive. There is no virus.... Didn't you read what Igor just said??? You may have had a "virus" but it had "nothing" to do with PTE. Avast may have simply looked for executable code and made an incorrect "assumption" that this executable code was the culprit. If AVG removed rootkits they were not associated with PTE. To date, there has never been a PTE file infected with a virus of any kind that anyone is aware of. Each and every occurrence has been false positives caused by faulty anti-virus software algorithms.Lin Quote
goddi Posted September 30, 2011 Report Posted September 30, 2011 Gary,It's not a virus - it's an Avast problem with a false positive. There is no virus.... Didn't you read what Igor just said??? You may have had a "virus" but it had "nothing" to do with PTE. Avast may have simply looked for executable code and made an incorrect "assumption" that this executable code was the culprit. If AVG removed rootkits they were not associated with PTE. To date, there has never been a PTE file infected with a virus of any kind that anyone is aware of. Each and every occurrence has been false positives caused by faulty anti-virus software algorithms.Lin============================Greetings Lin,Yes, I did read what Igor said. But he did not say what Avast said. He said only that they had found a 'solution'. Whether it was a virus or a false positive was not definitive. I don't see where you interpreted Igor's statement that it was a false positive.I never intimated that PTE had anything to do with causing a virus. I do know that my PTE program and its exe's were affected. But from what happened to me, I am not sure it was a false positive. I used another program, Emsisoft, and it moved 59 PTE exe's to quarantine. Maybe they were wrong; maybe not. After I removed the 2 rootkits that AVG found, my problem went away. I could use PTE's Publish and PTE stopped freezing up. Also, the several files that Avast sent to its Virus Chest were similar to "TempPteViewer95954.exe" (with different numbers). I sent one of the files to Avast and I hope they will let me know more details.Ok, maybe it was a false positive. But things happened and at this point, I don't really know.Gary Quote
Lin Evans Posted September 30, 2011 Report Posted September 30, 2011 Gary,If Avast found a "solution," logic should tell you that it wasn't a virus with PTE. If it were, how could Avast have a "solution?" In such as case, were it a true virus, Wnsoft would have to have the "solution." You send your exe files through multiple other anti-virus programs and no problems are found, ergo, Avast has a problem. The fact that after AVG removed two rootkits your problem went away should tell you that the "problem" was two rootkits not the "59" pte executables which were quarantined, right??Best regards,Lin============================Greetings Lin,Yes, I did read what Igor said. But he did not say what Avast said. He said only that they had found a 'solution'. Whether it was a virus or a false positive was not definitive. I don't see where you interpreted Igor's statement that it was a false positive.I never intimated that PTE had anything to do with causing a virus. I do know that my PTE program and its exe's were affected. But from what happened to me, I am not sure it was a false positive. I used another program, Emsisoft, and it moved 59 PTE exe's to quarantine. Maybe they were wrong; maybe not. After I removed the 2 rootkits that AVG found, my problem went away. I could use PTE's Publish and PTE stopped freezing up. Also, the several files that Avast sent to its Virus Chest were similar to "TempPteViewer95954.exe" (with different numbers). I sent one of the files to Avast and I hope they will let me know more details.Ok, maybe it was a false positive. But things happened and at this point, I don't really know.Gary Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.