AVIRA's AntiVir doesn't like PB

[fsw]

The newest version of AntiVir declares PureBasic.exe and VisualDesigner.exe as the TR/Dldr.Stration.I TROJAN.
Can't stop it beeping

Is this a false positive?

How to get it NORMAL again?

[PB]

Yes, confirmed here for Visual Designer.exe and PBCompiler.exe (but not
for PureBasic.exe). Here's some shots and my log, in case Fred needs them,
with the shots at the bottom of this post (after the log).

As for stopping the beeps, you can set AntiVir to ignore certain folders.
The setting is done in both the "Scanner" and "Guard" areas, like this:

Code: Select all

AntiVir PersonalEdition Classic
Report file date: Tuesday, 28 November 2006  16:16

Scanning for 567907 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    [SNIPPED]
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         Administrator
Computer name:    [SNIPPED]

Version information:
AVSCAN.EXE   : 7.0.0.47    200744   14/09/2006 21:30:43
AVSCAN.DLL   : 7.0.0.45    41000    14/09/2006 21:30:43
LUKE.DLL     : 7.0.0.47    118824   14/09/2006 21:30:43
LUKERES.DLL  : 7.0.0.47    9256     14/09/2006 21:30:43
ANTIVIR0.VDF : 6.35.0.1    7371264  31/05/2006 01:17:13
ANTIVIR1.VDF : 6.36.1.24   2212864  14/11/2006 11:32:09
ANTIVIR2.VDF : 6.36.1.80   161280   23/11/2006 07:51:08
ANTIVIR3.VDF : 6.36.1.94   39936    27/11/2006 20:47:51
AVEWIN32.DLL : 7.2.0.46    1925632  27/11/2006 20:47:51
AVPREF.DLL   : 7.0.0.2     23592    14/09/2006 21:30:43
AVREP.DLL    : 6.36.1.1    925736   7/11/2006 20:16:31
AVRPBASE.DLL : 7.0.0.0     2162728  4/05/2006 21:04:59
AVPACK32.DLL : 7.2.0.5     368680   26/10/2006 21:14:03
AVREG.DLL    : 6.31.0.90   27688    23/02/2006 00:22:30
NETNT.DLL    : 6.32.0.0    6696     23/02/2006 00:22:32
NETNW.DLL    : 7.0.0.0     9768     14/09/2006 21:30:43
RCIMAGE.DLL  : 7.0.0.74    1642536  14/09/2006 21:30:40
RCTEXT.DLL   : 7.0.1.4     77864    27/09/2006 22:49:47

Configuration settings for the scan:
Jobname.......................: ShlExt
Configuration file............: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\4380a6e7.avp
Boot sectors..................: E
Scan memory...................: 1
Process scan..................: 0
Scan all files................: 1
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0

Start of the scan: Tuesday, 28 November 2006  16:16


Start scanning boot sectors:

Boot sector 'E:\'
      [NOTE]      No virus was found!

Starting the file scan:

E:\Program Files\PureBasic\Visual Designer.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Stration.I
      [WARNING]   The file was ignored!
E:\Program Files\PureBasic\Compilers\PBCompiler.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Stration.I
      [WARNING]   The file was ignored!


End of the scan: Tuesday, 28 November 2006  16:16
Used time: 00:16 min

The scan has been done completely.

     63 Scanning directories
   2074 Files were scanned
      2 viruses and/or unwanted programs were found
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      4 Archives were scanned
      1 Warnings
      0 Notes

[clipper]

Same result on my PB Install.

So unpacked the last Update in a new Folder and Avira beeps again!

Is it a Virus or only the same bitpattern?

[Kale]

It's because people have created remote admin tools with PB which have been flagged in the past by anti-virus programs.

[PB]

> It's because people have created remote admin tools with PB which have
> been flagged in the past by anti-virus programs

But Visual Designer.exe and PBCompiler.exe don't have remote admin code,
so why would they be flagged?

[Tomio]

the same with my Win98 but not with my XP system.

../tomio

[Tomio]

If you check the Forum

http://forum.antivir-pe.de/thread.php?threadid=15358

you'll see: they are about to fix the problem.

../tomio

[freak]

I just did another update and the PB package is shown as clean again.
So definately a false positive.

> It's because people have created remote admin tools with PB which have
> been flagged in the past by anti-virus programs

But Visual Designer.exe and PBCompiler.exe don't have remote admin code,
so why would they be flagged?

It seems to have been a general problem with many programs.

Even after the update, it still complais about lcc-win32 for example.
Since most of the PB libs are compiled with lcc-win32 on windows, thats probably
why PB got these positives as well.

[JCV]

Maybe someone should report this to AntiVir. :roll:

[fsw]

Yes, confirmed here for Visual Designer.exe and PBCompiler.exe (but not
for PureBasic.exe).

Ups, wrote the wrong file down... sorry

[magicjo]

Guys, relaunch the online update from AVG, seems fixed the problems(almost for me ).

[GeoTrail]

Been using AntiVir for a few months now and I haven't gotten any virus warnings about anything related to PB

[PB]

> Been using AntiVir for a few months now and I haven't gotten any virus
> warnings about anything related to PB

Hehe, you obviously didn't have it up to date while it was happening.

[GeoTrail]

Off course it was and is, it gets new updates practically daily Sometimes even two times a day.

[Dummy]

Off course it was and is, it gets new updates practically daily Sometimes even two times a day.

But autoupdate is launched only once per week