Archive: NSIS detected as a trojan


NSIS detected as a trojan
It looks like AVG free is detecting NSIS as a trojan again since today's or yesterday's update.
I had a warning about uninstall.exe from PCDJ DEX:
http://www.pcdj.com/blogroll/pcdj-dex
Can anyone confirm this, and maybe update the false positives list?
Also, what's the fastest way to let avg know about this?


Re: NSIS detected as a trojan

Originally posted by Adion
hat's the fastest way to let avg know about this?
i don't know, but i'd start by going on their website ;)

Well, on their website you can either choose for 'technical support', which is not possible with a free license, or 'sales support' to contact them.
I've tried sales support now, but I don't know if that will get my message to the right people.


Well..one thing is sure nsis ain't a virus so...you'll better change AV software.


Files detected : .../Stubs/lzma_solid and uninst-nsis.exe,
also Recuva installer (rcsetup110.exe) and may be aslo ..

Problem was solved,I've submitted files to support.

I've got this answer :

Dear Sir/Madam,

Thank you for your email.

We analyzed files you sent us and found out files are really detected
incorrectly. This issue should be fixed by next AVG Virus base update.
Please keep your AVG to solve this false detection.

Thank you for your cooperation.

Answers to the most common questions can be found here as well:
http://www.avg.com/faq/

Best regards,

Radim Raszka
AVG Technical Support

website: http://www.avg.com
mailto: support@avg.com
On Sat Feb 09 07:08:30 CET 2008, Ionut I...wrote:

> Avg Free detects some files from NSIS installer as Downloader.Zlob.UAQ
> I've uploded to virustotal.com and seems to be ok.
> Thanks.
>


The whole story with these AV craps tends to be ridiculous, now is avg along with avast.
I would never rely to a scanner which detects nsis as trojan, most likely it is unable to detect real attacks.


I disagree... in the world of virus scanners, it might be better to have a few false positives - especially ones you 'know' not to be malicious anyway - than to miss an actual virus.

What would be good, however, is for you to add known-good applications and the like to the virus scanner's whitelist. Unfortunately, this is not a feature in AVG Free (reportedly it is in the commercial version of AVG).
In lieu of that - always make sure the scanner quarantaines files (or asks what you want to do), rather than outright deleting them, so that you can restore any false positive files.

And, of course, if you're not sure - use online virus scanning resources to scan detected files again. If they say the file is clean, you should probably be okay. If you're extra-careful, wait a day or few days, then scan again. Either the false positive will then be gone, or the online scanners might detect it as well (if it really is a infected).

Viruses are nasty - 'fraid we'll have to live with them, and all the pains that go with stopping them as much as possible; similar to spam.


@Animaether: Agree in those apps that you can find underground sites, downloaded via p2p, etc., but this nsis, many people use it. It's open source, you are downloading it from its OFFICIAL site.


I wouldn't put blind faith in that, Joel - viruses can, and have been, distributed through official software sites before by breaches in security of the site itself. Heck, people could get viruses from their iPods not too long ago*

Always scan stuff you receive (including downloads) - it's a minor hassle compared to trying to clean a system :)

* http://www.apple.com/support/windowsvirus/