Archive for October, 2008

Messages like “You have a Virus in your software” are received into my Inbox on daily basis, and a lots of them comes from AVG Antivirus. So I decided to check the current status of AVG false positives, by scanning the utilities folder of my site.
First, I copied the utils folder of my site into a new place (I don’t really want that AVG will touch my original site folder…), and then I allowed AVG Antivirus to scan the folder.
After AVG finished the scan, it splited the scan result into 2 categories: Infections and Spyware.
Most of the alerts on my utilities folder appeared under the ‘Spyware’ section.
I really would want to understand what is going in the minds of AVG guys when they decided to detect my software as Spyware.

Anyway, I used my own SysExporter utility to grab the scan result from AVG and display it as HTML. Luckily, SysExporter is not detected as infection by AVG, otherwise, it wouldn’t allow me to run and use it.
So here’s the AVG “False Positive” list, the Spyware section:

C:\Utils\asterie.zip Potentially harmful program HackTool.DOI
C:\Utils\asterie.zip:\asterie.exe Potentially harmful program HackTool.DOI
C:\Utils\netpass.zip Potentially harmful program HackTool.FAJ
C:\Utils\netpass.zip:\netpass.exe Potentially harmful program HackTool.FAJ
C:\Utils\netpass_setup.exe Potentially harmful program HackTool.FAJ
C:\Utils\netpass_setup.exe:\netpass.exe Potentially harmful program HackTool.FAJ
C:\Utils\netpass_setup.exe:\ziz1384.tmp:\netpass.exe Potentially harmful program HackTool.FAJ
C:\Utils\pspv.zip Potentially harmful program HackTool.CBX
C:\Utils\pspv.zip:\pspv.exe Potentially harmful program HackTool.CBX
C:\Utils\sniffpass.zip Potentially harmful program HackTool.FMT
C:\Utils\sniffpass.zip:\SniffPass.exe Potentially harmful program HackTool.FMT
C:\Utils\sniffpass_setup.exe Potentially harmful program HackTool.FMT
C:\Utils\sniffpass_setup.exe:\SniffPass.exe Potentially harmful program HackTool.FMT
C:\Utils\sniffpass_setup.exe:\ziz1384.tmp:\SniffPass.exe Potentially harmful program HackTool.FMT
C:\Utils\vncpassview.zip Potentially harmful program HackTool.EEI
C:\Utils\vncpassview.zip:\VNCPassView.exe Potentially harmful program HackTool.EEI

And this one is the Infections section:

C:\Utils\lsasecretsdump.zip Trojan horse Generic10.SZR
C:\Utils\lsasecretsdump.zip:\LSASecretsDump.exe Trojan horse Generic10.SZR

And finally, here’s another issue with AVG and other Antivirus software:
When you exit from the Antivirus software, it won’t display any Virus/Trojan/Spyware warning, but the service of the Antivirus is still running in the background, and prohibits you from running any file that is detected as infected.
This mean that if you try to run one of my tools that are detected as Spyware/Virus while AVG application is not running, you’ll get the following error message:
“Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item”.

Most people that get this kind of error, think that there is a bug in my software, and don’t know that the Antivirus is the one that cause the problem.

I added 2 new options to OpenedFilesView that allows you to hide system files when you don’t really want to watch them:

  • Hide System Process Files: Hide all files opened by ‘System’ process.
  • Hide Svchost Files: Hide all files opened by svchost process.

Choosing the above 2 option can decrease the size of opened files list by dozens of items, and allow you to only watch the opened files of non-system applications. These options are available starting from version 1.25 of OpenedFilesView.