Jump to content

Installer detected as being infected


Stauf
 Share

Recommended Posts

I've had this bookmarked for some time now, and finally got around to installing TDM. AVG is alerting that tdm_installer.exe is infected with "IDP.Generic".  I don't know if this is a hiccup from AVG or if I should take this seriously.

Link to comment
Share on other sites

This is happening all over the place to many homebrew software.  If people say "just ignore it, it's a false-positive" as true as that may be, it doesn't solve the problem.  The "heuristics" have become tuned to "whatever tries to save a highscore table to an INI file", else  "has the Microsoft blessings so let the ransomware fly free".  That sounds like a contradiction, but it isn't.  This is business, after all.

There are a couple of solutions.  
 - An army of us send out reports of false-positive claims to all of these AV vendors and/or Microsoft themselves, and hope they accidentally see it.
 - TDM team scrapes their pockets and PAYS them to be flagged as safe, potentially acquiring certification from Microsoft, which is essentially the same as the first option, requiring less people but should be (in theory) streamlined.
 - Refactoring the installer and going around and around in circles trying to make all the major AV vendors happy, which is likely not possible.

What can't be done is:-
 - Floating in through the window like Wrinkly Kong's ghost and whisper to each user how the installer is safe and it's just a false-positive, just a false-positive...

What is likely to happen:-
 - We all say it's a false-positive, and we'd be correct, but nothing ever gets fixed and the problem never goes away.  We say it's the AV's fault and hope all future users will stumble across this forum thread.

 

 

Edited by LDAsh
  • Like 1
  • Thanks 1
Link to comment
Share on other sites

IDP.Generic is just AVG thinking that the installer is doing something that kinda looks like malware, but doesn't match anything specific in its database. Basically it's an AVG hiccup from AVG being overzealous in its detection methods, since "looking like malware" can cover a wide array of software installer packages. But as @LDAsh said, a lot of them pay for certification so that such AV (along with Microsoft's stuff) doesn't flag them.

I'd recommend going here and submitting a false positive form, since it will help others using AVG as well:

https://www.avg.com/en-ww/false-positive-file-form

  • Thanks 1

A word of warning, Agent Denton. This was a simulated experience; real LAMs will not be so forgiving.

Link to comment
Share on other sites

With Panda Cloud Cleaner  (Realtime analyse with information in the cloud)2.10 is clean. But I found some information about this supposed Trojan which probably is a false positive by bad heuristic analyse of Ad Aware and MaxSecure

https://andisearch.com/?query=Trojan.Malware.300983.susgen

 

Keep Calm. No Panic (yet)

 

Edited by Zerg Rush

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

Link to comment
Share on other sites

2 hours ago, freyk said:

How about adding this notification to the downloadpage?

Probably a good idea, although I would say that it should be pretty much common sense by now that antiviruses flag many, many installers as false positive.

Link to comment
Share on other sites

Windows often reacts somewhat hysterically if exe files are downloaded, with some pop ups predicting the end of the world, even if they are trusted files. In some AV something similar happens.
For this reason, when in doubt, I use Panda, it has never betrayed me, I always had a 100% detection rate. They invented this Cloud Scanning thing, which is now used by many others.

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

Link to comment
Share on other sites

2 hours ago, Zerg Rush said:

Windows often reacts somewhat hysterically if exe files are downloaded, with some pop ups predicting the end of the world, even if they are trusted files.

If you mean the Windows Smart Screen, it works in a very simple way: Files which are not known to the filter are being flagged as suspicious, and it warns the user from exeucting them. That's all there is to it really. You can happily click on "More info", and "Allow" after that every time. 

I'd rather upload the file to VirusTotal, as @stgatilov wrote above, because that will run the file through many, many antivirus engines, and, if that says it's clean, or if only 1 or 2 or 3 engines detect something (a false positive in that case), then it is clean.

Link to comment
Share on other sites

2 hours ago, chakkman said:

If you mean the Windows Smart Screen, it works in a very simple way: Files which are not known to the filter are being flagged as suspicious, and it warns the user from exeucting them. That's all there is to it really. You can happily click on "More info", and "Allow" after that every time. 

I'd rather upload the file to VirusTotal, as @stgatilov wrote above, because that will run the file through many, many antivirus engines, and, if that says it's clean, or if only 1 or 2 or 3 engines detect something (a false positive in that case), then it is clean.

I know well all this, I have even a VT extension, I use also Blacklight and Unfurl to check a site, but after this, (you see, even VT has false positives, reason of this thread), I use also Panda, it hasn't such, never had, since the lot of years I use it (Panda Dome free AV in earlier  Windows, until 7, and now the standalonee scanner in W10 apart of the Defender, for occasional use). In Mobile is better BitDefender, somwhat lighter than Panda, because G Play Protect is a placebo (less than 70% detection quote)

Edited by Zerg Rush

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

Link to comment
Share on other sites

VirusTotal has false positives, because some of the used antiviruses report a false positive.

Sometimes it's as ridiculous as part of the file name... some years ago, I had a file with "Virus" something in the file name, and it was flagged by some antiviruses on VirusTotal because of that.

No software is perfect.

Link to comment
Share on other sites

Because of this, good AV use heuristic detection, based on the behavior of the file in a test environment, apart of une based in a list with the script of the badware. Last methode was used by the AV with local stored databases, which they had to update every few days, until Panda some years ago used DB in the cloud, updated in real time, every 6 minutes. This made the AV much faster, lightwight and efficient. Now the most good AV use this system, even Windows Defender, with this they avoid almost all false positives.

Obviously not everyone who uses VT uses this system, relying on their own lists that may be outdated or use only a rudimentary heuristic system.
It is always good to have different verification systems, like this one, in case of doubt, which as a general rule in VT is only indicated if there are several VA giving the alarm and not just one.

Generally the security system of current Windows is pretty good, between the Defender, the Sandbox system it had, which avoid that there a malware can affect system files, it protect even against root kits. Anyway is a good idea to have a scanner, like Panda Cloud Cleaner or AdwCleaner, at hand, to eliminate evtl. PUPs, hijacker or such, which isn't seen sometimes by the Defender.

Edited by Zerg Rush

Sys Specs Laptop Lenovo V145 15AST, AMD A9- 9425 Radeon R5 - 5 cores 3,1 GHz  RAM 8Gb, GPU 1+2 Gb -Win10 64 v21H2

Favorite online apps you may like too 😉

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recent Status Updates

    • STiFU

      Anyone here played Inscryption? At first, I was like "no, I am not going to play a stupid card game", but this game is so much more than that. It is so meta, full of 4th wall breaks, and feels so damn spooky and weird because of it. Absolutely recommended, if you can stand the visuals. I recommend not reading up too much on it, as that could easily spoil half the incredible surprises. Just know that what you see in the beginning is by far not everything.
      · 1 reply
    • freyk

      Tried to make a tdm advertisement commentpost at one of civvie11 youtube videos about T2. Post got marked as spam. His problem (to not discover TDM for himself),..not my problem.
      But some help of some fellow TDM yt-videocomment posters would be nice. To ask him and others, to play TDM. To get more players/creators. 
      · 2 replies
    • datiswous

      Currently Profile Information has 3 fields, these are shown in forum posts under your avatar:
      1. Gender
      2. Location
      3. Interests
      I think that it could be useful to have an extra field called "Operating system" (under location). It can be useful for tech support and to see what people use.
      Alternatively it could be a more general term, like PC system, so that you can for example state that you use an AMD gpu.
      · 2 replies
    • OrbWeaver

      Greetings fellow kids.
      · 11 replies
    • Crafty_Creeper

      Keep on Creeping on...
       
      · 3 replies
×
×
  • Create New...