Antbrewer Posted November 20, 2011 Author Report Posted November 20, 2011 Me again DG,Just an update on my last post,the friend I mentioned who rang this morning with this Trojan horse found later this afternoon that it was a copy of an AV I gave a few months ago. The same AV exe file that I have lost with others as well.To my 'simple' reasoning this would confirm that this is down to AVG and the lastest updates assuming that the perfectly harmless PtE exe files are infected. I'm off to Aussie in a few days so hopefully by my return this will have been sorted out.I have great faith in Igor....and his team.AnthonyPeter I have just seen your reply. Thank you. I have both the paid version and the free one. Exactly the same data base as yours also and both my versions are problematical. I don't feel it can be my computer because of the trouble my friend is experiencing.
Ken Cox Posted November 20, 2011 Report Posted November 20, 2011 TEST DONE ONNew show Victorian Town - Ironbridge I UPDATED AVG AT 02:34 AM NOV 20 2011 ON WIN 7 2012.0.18722092/4625I DOWNLOADED Victorian Town - Ironbridge SHORTLY AFTER AND TESTED IT 0KI JUST NOW CHECKED AVG FOR AN UPDATE 15:30 - I WAS STILL UP TO DATEWE DONT KNOW WHAT VERSION MR KING IS USING TO MAKE ITWILL RECHECK MY XP SYSTEM AND ADD DETAILS
Ken Cox Posted November 20, 2011 Report Posted November 20, 2011 I JUST RECHECKED http://www.picturestoexe.com/forums/index.php?/topic/13691-postcards-from-provence/on my win 7 system and i get a threat on opening avg alarmthe same show worked fine back in October - my comments in above linkso who knows what is happeningam not going to check my xp system for nowken
Ken Cox Posted November 20, 2011 Report Posted November 20, 2011 just tried a fresh install of 2012 tried a repair no gotried a regular install no gofiles are not on server is the errorken
Guest Yachtsman1 Posted November 20, 2011 Report Posted November 20, 2011 As a rider to the above, I tried to install AVG free on a neighbours PC yesterday & wasn't able to find it on AVG's site???Yachtsman1.
davegee Posted November 20, 2011 Report Posted November 20, 2011 kenmichael is using 702 and his show is ok.my 702 new shows are ok.postcards is not ok. i have asked author which version he used.dg
Gérard de Lux Posted November 20, 2011 Report Posted November 20, 2011 On our French DiaporamaForum, we have quite regularly members reporting the same problems (Trojan Horses malwares found in .exe files) with either Avast, AVG or Kaspersky anti-virus softwares (I think that they share the same engines and databases). In 95% of the cases, after complaints sent to the said anti-virus companies with the so-called infected files, they acknowledged that their alerts were only 'false positives'.Recently, the company which hosts my own website blocked my account as, they said, it contained several files (.exe) containing and propagating malwares, viruses, etc. These PTE slideshows having been hosted there since several years, I had no doubts at all about their integrity. But it took me several days to convince the hosting company that they were wrong. I finally won and my account has been re-opened; here's the last e-mail I got from them, it's self-explanatory:Hello,(...) Secondly, I tested every executable file mentioned further down. When they were tested using online virus scanners such as http://www.virustotal.com, some of the scanners thought that they identified malware and we relayed on that judgement. However, when running the samples in our malware lab, the files did not show malicious behavior. So these files are falsely classified as malware. There is no further action needed from your side - everything is fine and reachable.Best regards,AdrianSo, don't worry - these alerts are more than probably only "false positives" !BTW: I have decided (and I'm not the only one in the French AV Community) not to use Avast (or its clones like AVG) any more and use instead Microsoft Security Essentials - its free, very efficient and doesn't report PTE .exe files as malware !
Ken Cox Posted November 21, 2011 Report Posted November 21, 2011 TO FURTHER CONFUSE ME -- 'tis not that though, we have 2 postcard showshttp://www.picturestoexe.com/forums/index.php?/topic/13519-edwardian-liverpool/and the baddy at presenthttp://www.picturestoexe.com/forums/index.php?/topic/13691-postcards-from-provence/ken
Ken Cox Posted November 21, 2011 Report Posted November 21, 2011 tried another reinstall this morn - still no files on serverken
woolleyjonathan Posted November 21, 2011 Report Posted November 21, 2011 Over the last couple of days AVG has been working overtime warning of Trojan threats and consigning most of my PTE.exe files to oblivion!Is there a particular reason why PTE is suffering these attacks and what can I do to recover my "infected" shows?I ran a full scan with Malwarebytes-anti-malware and no viruses were found.
Ken Cox Posted November 21, 2011 Report Posted November 21, 2011 please read the complete forum before posting in a threadhttp://www.picturestoexe.com/forums/index.php?/topic/13749-avg-2012/and stay away from your exe's until it is resolvedken
davegee Posted November 21, 2011 Report Posted November 21, 2011 I see a number of posts saying that AVG is "consigning most of my PTE.exe files to oblivion!" or similar.Maybe I have my AVG set up differently to others but it never does anything without my permission.Therefore if it detects a threat from a PTE EXE I just stop the process and don't try to open the offending file until the problem is resolved.No lost files - no files in the virus vault etc.DG
RobertAlbright Posted November 21, 2011 Report Posted November 21, 2011 Quite apart from putting one's .exe files into suspended animation, there are other serious consequnces - see Gérard's comments above. Like Gérard, I have moved to Microsoft Security Essentials - its free, very efficient and doesn't report PTE .exe files as malware ! Good to hear from you Gérard. How is the motor bike?
Ken Cox Posted November 22, 2011 Report Posted November 22, 2011 fyiwas just able to reinstall avg 2012 on my win 72012.0.18732101/4632 nov 22 2011required a reboot + get the DAT file againsadly the provence postcard file is still detected as 2 trojansken
Ken Cox Posted November 23, 2011 Report Posted November 23, 2011 THIS MORN'S UPDATEi went to a show that i had done back in April - i started the show with 4.48 and progressed thru to v7b19 - this morning i opened and saved it with v 7.0.2 renaming it to show the change -- the exe worked fine -- both on the the xp system and the win 7 systemcurrent AVGVER = 2012.0.1873DAT =2101/4633THIS TEST BASICALLY DUPLICATES DAVE'S AND PETER'S FINDINGSKEN
davegee Posted November 23, 2011 Report Posted November 23, 2011 Ken,I downloaded the "Wally Trek" show this morning because the author specified the Version as being V5.6.It did not bring up any alerts from AVG.I have also sent a PM to the author of Postacrds from Provence asking for details of his Version. Apologies to him - he DID provide details - it was 6.5!Either this problem is version specific or it's a genuine Trojan Horse (not a false positive) but if it were a genuine TH why aren't the other AV softwares not picking it up?Postcards is still alerting on my machine.DG
Ken Cox Posted November 23, 2011 Report Posted November 23, 2011 MY TROJAN SOFTWARE [Malwarebytes and superantispyware] are NOT PICKING UP THE Provence/Postcard showtoo bad you are not getting any response -- when we get these false things we need everybody's input ASAP -- the 2011 fiasco was a sin - thankfully you wised us up to 2012ken
Gérard de Lux Posted November 23, 2011 Report Posted November 23, 2011 Either this problem is version specific or it's a genuine Trojan Horse (not a false positive) but if it were a genuine TH why aren't the other AV softwares not picking it up? when we get these false things we need everybody's input ASAP -- You should make a test with VirusTotal; the file will be scanned online by several (I think it's 30) anti-malware tools, and if only 2-3 report a Trojan then it's more than likely a false positive. It' free and fairly quick.Like Gérard, I have moved to Microsoft Security Essentials - its free, very efficient and doesn't report PTE .exe files as malware ! Good to hear from you Gérard. How is the motor bike?Good on you, Robert that you also use Microsoft Security Essentials ! It should be more widely known and used.The motorbike is very fine, thank you... it drove me last Sunday along the River Mosel where the light and coulours where amazing !
davegee Posted November 23, 2011 Report Posted November 23, 2011 Gerard,I was in Cochem many years ago and, at this time of the year, the light there would be amazing. I'm envious.DG
Ken Cox Posted November 23, 2011 Report Posted November 23, 2011 AVG UPDATEi went back and tested the the main folders of v 6.5 i have 6.5, 6.5 b1. 6.5 b8 and 6.5 b9 and all passed oki then opened the contents of shows made with said programs from the respective pte - all okas i very seldom make exe's any more i did not go that routeken
davegee Posted November 23, 2011 Report Posted November 23, 2011 Ken,Do those folders contain EXE files?DG
Ken Cox Posted November 23, 2011 Report Posted November 23, 2011 Davewhen you unpack the program from Igor there are exe's within - i tested the complete folder in each casethen opened each version's folder and then using the associated pte opened recent showsthese shows were before my win 7 system - only have active ver 7's on the win 7 - which i am on at presenti have not had good luck on my win 7 system with p2e so i make show on xp and xfer over network to win 7 -- open show on win 7 and if i want to make changes - do it then transfer back to xp so that both are the same -- not enough hrs in the day to learn the intracities of win7 so do on xp"LOF"KEN
Ken Cox Posted November 23, 2011 Report Posted November 23, 2011 DAVE CONTENTS OF PICT TO EXE VER 7.0 PROGRAM FOLDERKEN
Ken Cox Posted November 23, 2011 Report Posted November 23, 2011 I WENT BACK TO XP SYSTEM made a show with 6.5 b8 - made an exe - tested it works fineken
fh1805 Posted November 23, 2011 Report Posted November 23, 2011 I have just completed an exercise with interesting results. I downloaded and installed MalwareBytes and let it upgrade itself to the latest software version and database version. I then set it off to do a full scan of my C: drive (all my installed software), my K: drive (a clone of my digital images disk) and my M: drive (a clone of my general data disk). It took it about 40 minutes to complete and it found nothing to report. But during that processing, as files were opened, AVG found four "infected" PTE EXE files. All four were files I had created on my own systems. None were ones I had downloaded. "Postcards from Provence" was not flagged by MalwareBytes - nor by AVG, which surprised me. On checking, I realised that AVG was not checking the contents of zip files. So there's a weakness in the protection that it provides. When I try to run the Provence EXE from within the zip file (i.e. I do not unzip the file, I let the software make that decision) then AVG does report a threat. I then manually unzipped the file to a USB flash drive and let Malwarebytes take a look at it. It reported no threat - AVG reported a threat.Since Malwarebytes is touted as one of the very best of the threat detectors and removers, I am inclined to believe it and disbelieve AVG. I am going to try and establish the version of PTE that was used to make the four sequences that AVG quarantined. I'll report back shortly.regards,Peter
Recommended Posts