Trojan horse in Purebasic 4.10 zip file?

[Prof]

Hello folks.

I dont want to alarm people around here but I just ran a virus scan (AVG 7.0) and it reported that the Purebasic update file:-

"PureBasic_Update_4_10_(g7pt3j).zip" contains a trojan horse called Generic10.YQD

I did download it from the official site. It is unlikely that it was infected from something else on my hard drive due to the fact that it is a complete
.zip file and extracts o.k. and that AVG7 reported it as an "Infected Embedded Object."

I am quite alarmed at this and just wondered if anyone else has found the same thing. I have just deleted the .zip file for obvious reasons.

[ricardo]

Ask AVG to correct this false alarm.

I found in past days some false positives from NOD32 in PB compiled apps.

Maybe its time to make sure that AVs stops prompting with some PB compiled apps.

[Prof]

Another bizzare thing is that if you type in...

Generic10.YQD trojan

or

Generic10.YQD virus

into google, it returns no results what-so-ever.????? The trojan doesnt seem to be documented at all.

There are some strange goings on over at AVG thats for sure.

EDIT:

Just done some research and it appaears to be a variant of the
Generic10.BJM, Generic10.BFT, Generic10.XQ viruses. How the hell it got inside a .zip file though is beyond me.

[Berikco]

its not in the zip file, its a false positive

[Prof]

I have just identified the actual file in the archive that is supposedly infected.
It is inside the file UpdateTool.exe

Also, I have just downloaded the same update .zip file again from the main site and AVG7 still reports that the file is infected.

Weird or what?

[maw]

No, it's not weird. Since AVG7 wrongly identifies something in the file as virus code, ofcourse it will do it no matter how many times you download it.

[Prof]

Yes, of course you're correct. But I downloaded the original update file some months ago and AVG7 has only just reported the infection. I downloaded the same file again just a few minutes ago to make a comparision and to rule out any possibility that the infection originated from my pc.

It looks like the evidence is pointing towards an 'incorrect identification' within AVG7.

[Rook Zimbabwe]

It is simply an attempt by the AV community to stay ahead of infections. Generic is probaly a term for some type of software, usually coded in ASM, that downloads files from the internet... uses similar routines. So it is flagged.

The problem with such flagging is all the people out there that don't know better... causes problems all the way around.

[Inf0Byt3]

Bah, it's just the databases going bigger and bigger and the malware alalysts doing a not so great job... Too much software to care about or just another malware written in PB .

[LuCiFeR[SD]]

Yes, of course you're correct. But I downloaded the original update file some months ago and AVG7 has only just reported the infection. I downloaded the same file again just a few minutes ago to make a comparision and to rule out any possibility that the infection originated from my pc.

It looks like the evidence is pointing towards an 'incorrect identification' within AVG7.

State the obvious why don't you It is just the damn heuristic engine in AVG... well, not just AVG, there are a few guilty parties in the Anti-Virus world who falsely flag software as infected. Only thing you can do is send the so called infected file(s) to the AV people and ask them to verify the file is infected.

Unfortunately, in the past, People have written viruses in PB. So certain commands/functions/byte comparisons get wrongly identified as a variant of a virus. If you had done a search of the forum, you would have found many threads on this issue... not just AVG, but Kaspersky etc.