AVG False Alarm: Trojan infection on download mirror

User Help for Mozilla Firefox
Locked
User avatar
Vectorspace
Moderator
Posts: 14455
Joined: November 27th, 2003, 4:50 am
Location: Warwickshire, UK
Contact:

AVG False Alarm: Trojan infection on download mirror

Post by Vectorspace »

AVG Antivirus is reporting a Trojan virus infection in certain versions of Firefox, specifically Windows 32bit version 3.5.2, de (German) localisation. It's unknown if other localisations/versions are affected.

This is a false-positive - there is no virus infection. AVG report it will be fixed with the next definition update:

http://forums.avg.com/ww.avg-free-forum ... w&id=15447
"All things being equal, the simplest answer is usually the correct one" - Occam's Razor
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
User avatar
Gingerbread Man
Posts: 7735
Joined: January 30th, 2007, 10:55 am

Re: Possible Trojan infection on download mirror

Post by Gingerbread Man »

VirusTotal report.

Please note that the Mozilla FTP server lists the file hashes, so you can verify if you got a legitimate download. In this case, the hash checks out; see 3.5.2 SHA1 sums or 3.5.2 MD5 sums. To create and verify checksums on Windows, you can use an utility like HashX.
Guest
Guest

Re: AVG False Alarm: Trojan infection on download mirror

Post by Guest »

If downloads can be compromised, so can hashes.
User avatar
Daifne
Moderator
Posts: 123071
Joined: July 31st, 2005, 9:17 pm
Location: Where the Waters Meet, Wisconsin

Re: AVG False Alarm: Trojan infection on download mirror

Post by Daifne »

In this case, it has already been acknowledged as a false positive by AVG and, most likely, has been fixed by now.

This is not the place to discuss the ins and outs of security.
User avatar
Gingerbread Man
Posts: 7735
Joined: January 30th, 2007, 10:55 am

Re: AVG False Alarm: Trojan infection on download mirror

Post by Gingerbread Man »

The new definitions were available roughly 6 hours after this thread was stickied. AVG updates automatically every 24 hours, so I really don't see why this thread is still at the top of the support forum.
User avatar
Vectorspace
Moderator
Posts: 14455
Joined: November 27th, 2003, 4:50 am
Location: Warwickshire, UK
Contact:

Re: AVG False Alarm: Trojan infection on download mirror

Post by Vectorspace »

Then I shall unsticky it
"All things being equal, the simplest answer is usually the correct one" - Occam's Razor
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
User avatar
James
Moderator
Posts: 27999
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Re: AVG False Alarm: Trojan infection on download mirror

Post by James »

Guest wrote:If downloads can be compromised, so can hashes.

Firefox was not affected, just AVG making a mistake.
Poidog
Guest

Re: AVG False Alarm: Trojan infection on download mirror

Post by Poidog »

I encountered the AVG warning today and found this thread. Thanks for the info. However, I updated my AVG definitions before trying to download Firefox and had the warning for "Trojan horse Downloader.Banload.APJH". I am also currently running an AVG scan and found it again.

Anyone with an update?
User avatar
LoudNoise
New Member
Posts: 39900
Joined: October 18th, 2007, 1:45 pm
Location: Next door to the west

Re: AVG False Alarm: Trojan infection on download mirror

Post by LoudNoise »

FYI, The Thunderbird installer is suffering from the same false positive.

That said, AVG has not confirmed this one yet.

See: viewtopic.php?f=39&t=1522145
Post wrangler
"Choose between the Food Select Feature or other Functions. If no food or function is chosen, Toast is the default."
Locked