AVG Updates of 20060911 Reports Trojan Horse Downloader.Zlob.DJW in NSIS\Stubs\ZLIB

TJK · 11th September 2006, 14:07

Since updating AVG's Virus database this morning it has started reporting that installers I have built are infected with "Trojan Horse Downloader.Zlob.DJW". I have since found that it believes NSIS\STUBS\ZLIB is also infected with "Trojan Horse Downloader.Zlob.DJW" (ZLIB being the compressor I use for my installers).

When I scan the other files in the NSIS\STUBS folder AVG reports NSIS\STUBS\bzip2 is infected with "Trojan Horse Downloader.Generic2.OCM".

I am normally using NSIS 2.18, so downloaded NSIS 2.20 and installed it onto another PC - but that still reported both files were infected.

I downloaded a trial copy of ZoneLabs's AV software and scanned the NSIS 2.20 STUBS folder with that - no infection found, so I think it is a false detection by AVG.

Has anyone else seen this as a false or real detection? I'm worried that people running my installers will start to think that they are infected.

Regards

Tim

TJK · 11th September 2006, 14:46

FWIW AVG have now issued another update - after application of this ZLIB (and hence my installers) are no longer reported to be infected by "Trojan Horse Downloader.Zlob.DJW".

ATM though AVG still reports NSIS\STUBS\bzip2 is infected with "Trojan Horse Downloader.Generic2.OCM".

Regards

Tim

{_trueparuex^} · 11th September 2006, 16:08

Yes it's yet another false positive.
http://nsis.sourceforge.net/NSIS_False_Positives

Results from http://virusscan.jotti.org/

File: bzip2
Status:
INFECTED/MALWARE
MD5 cdcd21612ae56b28884ce1caaf2a556f
Packers detected:
-
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Generic2.OCM
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/QQHelper.RP
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Norman also thinks it's a virus.

CrushBug · 11th September 2006, 16:36

And TrendMicro OfficeScan finds nothing, either.

kichik · 15th September 2006, 08:03

A false positive, of course. As far as I know, it has already been fixed.

11th September 2006, 14:07	#1
TJK Junior Member Join Date: Jun 2006 Posts: 17	AVG Updates of 20060911 Reports Trojan Horse Downloader.Zlob.DJW in NSIS\Stubs\ZLIB Since updating AVG's Virus database this morning it has started reporting that installers I have built are infected with "Trojan Horse Downloader.Zlob.DJW". I have since found that it believes NSIS\STUBS\ZLIB is also infected with "Trojan Horse Downloader.Zlob.DJW" (ZLIB being the compressor I use for my installers). When I scan the other files in the NSIS\STUBS folder AVG reports NSIS\STUBS\bzip2 is infected with "Trojan Horse Downloader.Generic2.OCM". I am normally using NSIS 2.18, so downloaded NSIS 2.20 and installed it onto another PC - but that still reported both files were infected. I downloaded a trial copy of ZoneLabs's AV software and scanned the NSIS 2.20 STUBS folder with that - no infection found, so I think it is a false detection by AVG. Has anyone else seen this as a false or real detection? I'm worried that people running my installers will start to think that they are infected. Regards Tim

11th September 2006, 16:08	#3
{_trueparuex^} Senior Member ${_trueparuex^}'s Avatar$ Join Date: Dec 2005 Location: Glow Posts: 285	Yes it's yet another false positive. http://nsis.sourceforge.net/NSIS_False_Positives Results from http://virusscan.jotti.org/ File: bzip2 Status: INFECTED/MALWARE MD5 cdcd21612ae56b28884ce1caaf2a556f Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Downloader.Generic2.OCM BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found W32/QQHelper.RP UNA Found nothing VirusBuster Found nothing VBA32 Found nothing Norman also thinks it's a virus.
${_trueparuex^} is offline$

15th September 2006, 08:03	#5
kichik M.I.A. [NSIS Dev, Mod] Join Date: Oct 2001 Location: Israel Posts: 11,343	A false positive, of course. As far as I know, it has already been fixed. NSIS FAQ \| NSIS Home Page \| Donate $ "I hear and I forget. I see and I remember. I do and I understand." -- Confucius

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

11th September 2006, 14:46	#2
TJK Junior Member Join Date: Jun 2006 Posts: 17	FWIW AVG have now issued another update - after application of this ZLIB (and hence my installers) are no longer reported to be infected by "Trojan Horse Downloader.Zlob.DJW". ATM though AVG still reports NSIS\STUBS\bzip2 is infected with "Trojan Horse Downloader.Generic2.OCM". Regards Tim

11th September 2006, 16:36	#4
CrushBug Senior Member Join Date: May 2005 Posts: 119	And TrendMicro OfficeScan finds nothing, either.