Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI /Virus & unwanted programm in version 1.5.0.2

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
epistola PSI /Virus & unwanted programm in version 1.5.0.2
Member 20th Sep, 2010 17:26
Ranking: 0
Posts: 3
User Since: 20th Sep, 2010
System Score: N/A
Location: CH
Hi,
Two weeks ago I installed PSI 2.1 Beta with success and since then I am very happy about it.
Today, something strange happened.
By mistake I touched the button "download now" Current version: 1.5.0.2 as per http://secunia.com/vulnerability_scanning/personal...
Immediately the alarm system of Avira reported following message:
"An unwanted virus and program has been detected
Content.IE5\KEX5N9XT\PSISetup[1].exe'
'APPL/Agent.8192.PP'
Access has been denied"

How shall I understand this message?
Is there any danger in the above version: 1.5.0.2, which you do not know about ?

Thank you for your answer in this very delicate matter.

Best regards
F.


j.marcus.lehmann RE: PSI /Virus & unwanted programm in version 1.5.0.2
Member 20th Sep, 2010 19:05
Score: 0
Posts: 15
User Since: 2nd Sep 2010
System Score: N/A
Location: DE
Upload the *.exe to VirusTotal.

http://www.virustotal.com/

It seems to be a false positive.
Was this reply relevant?
+1
-0
Anthony Wells RE: PSI /Virus & unwanted programm in version 1.5.0.2
Expert Contributor 20th Sep, 2010 19:53
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@epistola ,

As well as the good advice from J.M.L to use "virustotal" , Avira have their own excellent lab analysis site :-

http://analysis.avira.com/samples/index.php

It is most likely a "false positive" but you can never be too sure ; if it were me , I would upload the file sample to them and keep the "installer" file quarantined until you hear back from Avira .

Hope this helps.

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
epistola RE: PSI /Virus & unwanted programm in version 1.5.0.2
Member 20th Sep, 2010 21:06
Score: 0
Posts: 3
User Since: 20th Sep 2010
System Score: N/A
Location: CH
Thank you very much for your help.
I have learned something new today about "false positive" and I thing it was the case.

But anyway, I dont' understand how to use both

http://www.virustotal.com/
http://analysis.avira.com/samples/index.php

In my specific case is not a file envolved but the download program of Secunia version 1.5.0.2
http://secunia.com/vulnerability_scanning/personal...

In other words, what shall I send them?
Thank you again
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI /Virus & unwanted programm in version 1.5.0.2
Expert Contributor 20th Sep, 2010 21:48
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Sep, 2010 22:17
Hello again ,

What you need to send (either of) them is the "PSI.exe" file that Avira is saying it has denied you access . It looks to be in a temporary folder somewhere ***.

You need to find it's full location and use the "browse" link to follow the path using "windows explorer" to it . This may not be so easy as your AntiVir may may have placed it into quarantine , for example , which is a hidden file as are some temp files .

If I were you at this stage , because it's an Avira rather than a PSI problem , then rather than having me to suggest action , Avira support would be much better placed to help you locate and determine the "toxic" value of the supposed "false positive". They are usually most helpful .

This is the general link , if you click on your product version , you will be offered various help options depending on your location :-

http://www.avira.com/en/support/index.html

If you are unsure or have more questions , please ask .

Hope this is helpful . Keep us advised of your progress .

Anthony

EDIT : ***I can only speak for my XP SP3 system , but the "Content IE5" files mentioned by AntiVir would be at this location :-

C:\Documents and Settings\MyUserName\Local Settings\Temporary Internet Files\Content.IE5 - these are hidden files .




--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
epistola RE: PSI /Virus & unwanted programm in version 1.5.0.2
Member 20th Sep, 2010 22:38
Score: 0
Posts: 3
User Since: 20th Sep 2010
System Score: N/A
Location: CH
Hi Anthony,

thank you very much.

The message from Avira was the following:

Malware gefunden:
In der Datei '
C:\Users\Ernest\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\Content.IE5\KEX5N9XT\PSISetup[1].exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Agent.8192.PP' [program] gefunden.
Ausgeführte Aktion: Zugriff verweigern

So, they access was denied from the beginning, that's why I cannot find it.
I just wanted to inform Secunia about this case, it might be important for you that Avira has this kind of problems with your downloads.

Anyway, version PSI 1.5.0.2 has been updated by Beta 2.0 so it might be not interesting to spend more time with it.

As I said, my intention was just to inform Secunia about it.
Best regards

Francesca
Was this reply relevant?
+0
-0
Leendert Kip PSI /Virus & unwanted programm in version 1.5.0.2
Member 20th Sep, 2010 22:40
Score: 70
Posts: 526
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
on 20th Sep, 2010 21:06, epistola wrote:
Thank you very much for your help.
I have learned something new today about "false positive" and I thing it was the case.

But anyway, I dont' understand how to use both

http://www.virustotal.com/
http://analysis.avira.com/samples/index.php

In my specific case is not a file envolved but the download program of Secunia version 1.5.0.2
http://secunia.com/vulnerability_scanning/personal...

In other words, what shall I send them?
Thank you again



--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+0
-0
Leendert Kip PSI /Virus & unwanted programm in version 1.5.0.2
Member 20th Sep, 2010 22:47
Score: 70
Posts: 526
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
Last edited on 20th Sep, 2010 22:49
on 20th Sep, 2010 21:06, epistola wrote:
But anyway, I dont' understand how to use http://analysis.
avira.com/samples/index.php

I use Avira Premium Security Suite and I handle this kind of warnings as follows: 1) Avira keeps the virus in the quarantine file as a .qua file. 2) I export the .qua file to c:\ then make an e-mail to virus@avira.com (the virus lab) with a short text and my name/address and attach the .qua file. 3) In most cases they report back by e-mail within 24hrs with an explanation of theitr findings.



--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+0
-0
Anthony Wells RE: PSI /Virus & unwanted programm in version 1.5.0.2
Expert Contributor 20th Sep, 2010 22:58
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Helo Francesca ,

In fact the problem is that it is the Avira detection rules (depending on your heuristics settings) which are relevant and nothing that Secunia can do about that . If the file was from the Secunia link you posted it would not likely be contaminated .

It is only a problem for you if it is not an "FP" ; that is why our and now LK's advise is to run the file past Avira's analysis lab .

If you use a system cleaner like CCleaner to get rid of your temp files that may resolve the problem if your AntiVir has not put the file in quarantine .

If it were me , I would want to know where the file is now . If you need more help please tell us which OS you are using and which browser(s).

Take care

Anthony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Leendert Kip PSI /Virus & unwanted programm in version 1.5.0.2
Member 20th Sep, 2010 23:09
Score: 70
Posts: 526
User Since: 22nd Jan 2009
System Score: 100%
Location: NL
Last edited on 20th Sep, 2010 23:10
on 20th Sep, 2010 22:58, Anthony Wells wrote:
If you use a system cleaner like CCleaner to get rid of your temp files that may resolve the problem if your AntiVir has not put the file in quarantime.

When Avira is configured the right way it shows a pop-up in the lower right corener of your pc's desktop where you have an option to quarantine the problem. Then go to Avira's main screen, select Administration where you find the quarantained problems. From there you can handle the problem as I described.




--
PC: JJ Computer Services
Intel Core I3 2100 3.1Ghz
DDR3 Kingston ValueRam 4GB 1333
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 9
Mozilla Firefox 31NL

Laptop: MSI GT780DX
Intel Core I5-2450
DDR3 RAM 6GB
Windows 7 Home Premium 64bits SP1
Secunia PSI 3.0.0.9016
Internet Explorer 11
Mozilla Firefox 31NL
Was this reply relevant?
+0
-0
This user no longer exists RE: PSI /Virus & unwanted programm in version 1.5.0.2
Member 21st Sep, 2010 08:59
Last edited on 21st Sep, 2010 08:59 Hi,

You can ensure that this installer is safe by checking the "Digital Signature" of the installer file. To do this, right-click the file in question and select Properties > Digital Signatures. Select the signature called "Secunia" and click "Details".

The Secunia certificate is issued to Secunia, with no email address specified, and is signed by VeriSign. If this is also the case with the installer you have obtained, it came from Secunia, and will be safe to run. If the file you have is not signed, delete it immediately, and re-download the installer from my Signature.

hope this helps.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability