Old 9th February 2008, 13:47   #1
Adion
Junior Member
 
Join Date: Feb 2002
Location: Belgium
Posts: 28
NSIS detected as a trojan

It looks like AVG free is detecting NSIS as a trojan again since today's or yesterday's update.
I had a warning about uninstall.exe from PCDJ DEX:
http://www.pcdj.com/blogroll/pcdj-dex
Can anyone confirm this, and maybe update the false positives list?
Also, what's the fastest way to let avg know about this?
Adion is offline   Reply With Quote
Old 9th February 2008, 14:17   #2
Yathosho
Forum King
 
Yathosho's Avatar
 
Join Date: Jan 2002
Location: AT-DE
Posts: 3,276
Send a message via ICQ to Yathosho
Re: NSIS detected as a trojan

Quote:
Originally posted by Adion
hat's the fastest way to let avg know about this?
i don't know, but i'd start by going on their website
Yathosho is offline   Reply With Quote
Old 9th February 2008, 14:32   #3
Adion
Junior Member
 
Join Date: Feb 2002
Location: Belgium
Posts: 28
Well, on their website you can either choose for 'technical support', which is not possible with a free license, or 'sales support' to contact them.
I've tried sales support now, but I don't know if that will get my message to the right people.
Adion is offline   Reply With Quote
Old 9th February 2008, 15:40   #4
Joel
Debian user
(Forum King)
 
Joel's Avatar
 
Join Date: Jan 2003
Location: Arch land
Posts: 4,904
Well..one thing is sure nsis ain't a virus so...you'll better change AV software.


* PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with xfce4.
* Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with xfce4.
Joel is offline   Reply With Quote
Old 9th February 2008, 17:10   #5
ionut_y
Junior Member
 
Join Date: Jan 2007
Posts: 16
Files detected : .../Stubs/lzma_solid and uninst-nsis.exe,
also Recuva installer (rcsetup110.exe) and may be aslo ..

Problem was solved,I've submitted files to support.

I've got this answer :

Dear Sir/Madam,

Thank you for your email.

We analyzed files you sent us and found out files are really detected
incorrectly. This issue should be fixed by next AVG Virus base update.
Please keep your AVG to solve this false detection.

Thank you for your cooperation.

Answers to the most common questions can be found here as well:
http://www.avg.com/faq/

Best regards,

Radim Raszka
AVG Technical Support

website: http://www.avg.com
mailto: support@avg.com
On Sat Feb 09 07:08:30 CET 2008, Ionut I...wrote:

> Avg Free detects some files from NSIS installer as Downloader.Zlob.UAQ
> I've uploded to virustotal.com and seems to be ok.
> Thanks.
>
ionut_y is offline   Reply With Quote
Old 9th February 2008, 17:17   #6
Red Wine
Forum King
 
Red Wine's Avatar
 
Join Date: Mar 2006
Location: Ath. GR
Posts: 2,078
The whole story with these AV craps tends to be ridiculous, now is avg along with avast.
I would never rely to a scanner which detects nsis as trojan, most likely it is unable to detect real attacks.

Quick AVI Creator - Quick and easy convert from DVD/MPEG/AVI/MKV to AVI/MP4/MKV
Quick AVI Creator entirely edited with NSIS and entirely upgraded to Unicode NSIS
Red Wine is offline   Reply With Quote
Old 10th February 2008, 02:17   #7
Animaether
Major Dude
 
Join Date: Jun 2001
Posts: 1,173
I disagree... in the world of virus scanners, it might be better to have a few false positives - especially ones you 'know' not to be malicious anyway - than to miss an actual virus.

What would be good, however, is for you to add known-good applications and the like to the virus scanner's whitelist. Unfortunately, this is not a feature in AVG Free (reportedly it is in the commercial version of AVG).
In lieu of that - always make sure the scanner quarantaines files (or asks what you want to do), rather than outright deleting them, so that you can restore any false positive files.

And, of course, if you're not sure - use online virus scanning resources to scan detected files again. If they say the file is clean, you should probably be okay. If you're extra-careful, wait a day or few days, then scan again. Either the false positive will then be gone, or the online scanners might detect it as well (if it really is a infected).

Viruses are nasty - 'fraid we'll have to live with them, and all the pains that go with stopping them as much as possible; similar to spam.
Animaether is offline   Reply With Quote
Old 10th February 2008, 14:10   #8
Joel
Debian user
(Forum King)
 
Joel's Avatar
 
Join Date: Jan 2003
Location: Arch land
Posts: 4,904
@Animaether: Agree in those apps that you can find underground sites, downloaded via p2p, etc., but this nsis, many people use it. It's open source, you are downloading it from its OFFICIAL site.


* PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with xfce4.
* Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with xfce4.
Joel is offline   Reply With Quote
Old 10th February 2008, 15:44   #9
Animaether
Major Dude
 
Join Date: Jun 2001
Posts: 1,173
I wouldn't put blind faith in that, Joel - viruses can, and have been, distributed through official software sites before by breaches in security of the site itself. Heck, people could get viruses from their iPods not too long ago*

Always scan stuff you receive (including downloads) - it's a minor hassle compared to trying to clean a system

* http://www.apple.com/support/windowsvirus/
Animaether is offline   Reply With Quote
Reply
Go Back   Winamp & SHOUTcast Forums > Developer Center > NSIS Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump