Archive: AVG Updates of 20060911 Reports Trojan Horse Downloader.Zlob.DJW in NSIS\Stubs\ZLIB


AVG Updates of 20060911 Reports Trojan Horse Downloader.Zlob.DJW in NSIS\Stubs\ZLIB
Since updating AVG's Virus database this morning it has started reporting that installers I have built are infected with "Trojan Horse Downloader.Zlob.DJW". I have since found that it believes NSIS\STUBS\ZLIB is also infected with "Trojan Horse Downloader.Zlob.DJW" (ZLIB being the compressor I use for my installers).

When I scan the other files in the NSIS\STUBS folder AVG reports NSIS\STUBS\bzip2 is infected with "Trojan Horse Downloader.Generic2.OCM".

I am normally using NSIS 2.18, so downloaded NSIS 2.20 and installed it onto another PC - but that still reported both files were infected.

I downloaded a trial copy of ZoneLabs's AV software and scanned the NSIS 2.20 STUBS folder with that - no infection found, so I think it is a false detection by AVG.

Has anyone else seen this as a false or real detection? I'm worried that people running my installers will start to think that they are infected.

Regards

Tim


FWIW AVG have now issued another update - after application of this ZLIB (and hence my installers) are no longer reported to be infected by "Trojan Horse Downloader.Zlob.DJW".

ATM though AVG still reports NSIS\STUBS\bzip2 is infected with "Trojan Horse Downloader.Generic2.OCM".

Regards

Tim


Yes it's yet another false positive.
http://nsis.sourceforge.net/NSIS_False_Positives

Results from http://virusscan.jotti.org/

File: bzip2
Status:
INFECTED/MALWARE
MD5 cdcd21612ae56b28884ce1caaf2a556f
Packers detected:
-
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Generic2.OCM
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/QQHelper.RP
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Norman also thinks it's a virus. :hang:


And TrendMicro OfficeScan finds nothing, either.


A false positive, of course. As far as I know, it has already been fixed.