Forgot your password?
typodupeerror
Image

Avira Anti-Virus Detects Itself 142

Posted by samzenpus
from the marvin-the-anti-virus-robot dept.
ddfall writes "After a recent update, Avira's anti-virus software reports its own AESCRIPT.DLL file as a trojan or spyware. From the article: 'The dodgy AntiVir virus definition file was quickly pulled and replaced with a new version – 7.11.16.146 – that resolves the problem, as explained in an official post on Avira's support forum.'"
This discussion has been archived. No new comments can be posted.

Avira Anti-Virus Detects Itself

Comments Filter:
  • by Anonymous Coward
    Dee Dee Dee!
  • by orphiuchus (1146483) on Thursday October 27, 2011 @02:44PM (#37859448)

    Where I couldn't convince my parents not to use Norton, despite it destroying our family computer at least 6 times.

    • by jhoegl (638955) on Thursday October 27, 2011 @02:51PM (#37859566)
      90s? It is still happening....

      If Norton software gets corrupted, your computer gets possessed. It is like a Norton Ghost of some sort.
      • by Adriax (746043)

        At work we spent a couple months this summer dealing with weekly virus infections of DWH*.tmp "generic trojan" on half of our computers, and per policy if the guys running the symantec servers see two or more hits on a single computer, that computer must be wiped and reinstalled.
        Yeah, it took us two months to convince them it's a problem with symantec finding it's own temp files, not an actual virus.

        • by Culture20 (968837)
          But it always started with an actual hit (or two), as it would mostly double with every scan (the odd extra actual hits would cause bubbles in the progression). So when I had this problem, I had the machines nuked too. Thankfully it was rare here (there were only a couple repeat offenders who didn't end up getting JRE afterward).
      • maybe his family caught on since
      • This joke seems to need explaination so here it goes...

        Norton Ghost is a discontinued drive replication program that was loved by sys admins to copy exact drive states so any hacked machine could be simply restored to a state where it was known to be good. Other tools have taken over since then, and that's why the program went away.

        • by jimicus (737525)

          Discontinued? You'd better tell Symantec that, they think they're still producing it.

        • Norton Ghost is a discontinued drive replication program that was loved by sys admins

          Norton Ghost is alive and well, and is still loved by sys admins.

          • by cusco (717999)
            For now. At one time Ghost and Drive Image were competitors, with Drive Image actually being the more powerful and less expensive of the two. Then Symantec bought Drive Image, rolled the technology into Ghost, and made it almost entirely unusable. After attempting to use it twice I found a freeware replacement and never looked back. This replicated my experience with WinFax and some other product that doesn't come to mind immediately.

            I understand it's actually become a decent product again, but I ref
            • Drive replication is the easy to replace part. The feature I like is the Automatic Install (AI) feature. You take a prototype machine, and the AI feature takes a "before" disk image. Then you install a piece of software. After it is installed, the AI feature takes an "after" image and creates a difference file. You can then use Ghost to transmit this difference file out to a room-full of computers and voila, the software is installed on all of them. Is there a freeware replacement for the Automatic
        • by Spillman (711713)
          I am not sure if you are joking or not, but they still make Ghost. Although I use Ghost 8 frequently at my job for drive cloning, the latest version is Ghost 15, you can buy it at any reputable electronics/software retailer. http://us.norton.com/ghost/ [norton.com] Newer versions of ghost can ghost drives to virtual disk image files, so they can be opened in virtualization software.
      • General
        Hardware
        Oriented
        System
        Transfer

        I actually used ghost before symantec bought it. I feel like a hipster sysadmin....

        -ted

    • Yeah, I remember a day when I was in college that my computer hourglassed for a long time whenever I tried to open a program. I rebult the software side of the computer adding in programs one at a time and it was Norton Antivirus getting caught in an infinite loop that maxed the processor every time a program was launched and staying that way until a timeout terminated the check. Norton put out a new virus definition the next day to fix the bug and it only affected people who looked for out-of-pattern updat

    • by plastick (1607981)
      Symantec Norton Antivirus is the worst! I can't tell you how many times people have gotten viruses running that horrible excuse for a program. And I'm always the one to fix it. Several times, the ISP called and said users were running botnets and sending out spam.... sure enough.... not only did Norton not catch it, but the ISP told me they were upset with Norton (and McAfee) for falling so far behind.

      So not only is it useless, it takes up a huge chunk of your processor and continually pops up acting like
    • Oh that's no longer the case. They improved considerably!

      Norton now comes with an uninstaller that lets you actually get rid of it. Of course, only if you actually bought it, if you got your new computer pre-infected with that trial version... well, sucks to be you.

    • by hairyfeet (841228)

      Hey don't pick on Norton! Do you have ANY idea how much work we repairshops get from that flaming POS? Hell its nearly as good as being located next to a Best Buy!

      As for TFA I've never cared for Avira much myself, having always preferred either Comodo (for those that like to tweak) and Avast (for those that don't) although more and more I'm sticking with avast since it has been included in the PC builder's best friend Ninite [ninite.com].

      If you have to support any friends or family as an admin, even if they live far awa

  • WTF did you put this in idle for? The place slashcode goes to, well, break.

  • We must go deeper!
  • by Nanosphere (1867972) on Thursday October 27, 2011 @02:45PM (#37859482)
    It has become self aware?
  • on the same scale as this [youtube.com]:
  • by RobinEggs (1453925) on Thursday October 27, 2011 @02:58PM (#37859644)
    With occurrences like these it's no surprise people sometimes think antivirus and security recommendations consist of 75% FUD and 25% common sense.

    How many of us have seen just about every damn thing we download labeled as some kind of trojan or other?

    It's commonplace on file sharing sites to see outright mockery of those who raise alarms about the scary alert their AV just popped on those files; that's how bad antivirus programs get.

    I understand that sometimes shady files do contain viruses, but nevertheless I've seen claims from major security vendors and from Microsoft that the vast majority of illicit files contain viruses. Seems like I'd have noticed some missing money, some funny things on my credit report, or some suspicious traffic in my router logs if that was true, but they've all been squeaky clean. And I used windows XP SP3 with no firewall or antivirus until this year.

    Bottom line, I should be using better protection and it's possible I've had some viruses, but if I did they clearly haven't harmed me yet. And it's still difficult to distinguish the level of actual threats from the hilarious mistakes and massive, obvious disinformation campaigns going on.
    • by PRMan (959735)

      but if I did they clearly haven't harmed me yet.

      It's like I always say. Given a choice of Norton and the virus, give me the virus. At least it uses less resources...

      • by Kalriath (849904)

        Yes, and those Russian mob blackmail trojans tend to extort less money out of you than Symantec's monthly up-sells too.

  • And ./ said, "let there be laughter."

    And then the masses moved on to the next article.

  • by irp (260932)

    I have been fighting a virus on my work the last couple of days. It is calling itself McAfee Antivirus Enterprise. The symptoms is it slows my (aging) lab computers to a grinding halt. The last 3 days it has essentially incapacitating them for more than an hour, every day. I hope whatever payload it needed to update is done, so it will stop disrupting experiments by stalling.

    We'll soon need to upgrade an old - but still adequate - dedicated lab computer running a single piece of equipment, just because IT h

    • There's another intermittent virus called "Windows updates." It slows your computer and then forces it to reboot.

      • What is that "reboot" you're talking about?

        Dammit, so much for the promise "but you can have everything you get on Windows on Linux too".

    • by scdeimos (632778)

      We'll soon need to upgrade an old - but still adequate - dedicated lab computer running a single piece of equipment, just because IT have chosen McAfee...

      At least you can be thankful they didn't put Norton AV or Trend OfficeScan on it.

  • by afidel (530433)
    I mean shouldn't the most rudimentary of unit testing have shown this to be a problem?
    • they could have sent out the wrong version by mistake
    • Yes, it should, but I can see how this could have happened.

      Given the turnover speed in AV development, it's not only likely but pretty much a given that their whitelist box wasn't up to date. Usually, testing your new signatures against the whitebox takes close to your update cycle time. In other words, what I think happened was that their whitebox still contained older files, and that this file got changed in one of the more recent updates, and that the newer version now for some freakish coincidence match

  • No wait, that was something different.

  • Avira (Score:5, Funny)

    by war4peace (1628283) on Thursday October 27, 2011 @03:08PM (#37859796)

    Avira has this bad habit of detecting some files as malware (e.g. scene game cracks) although they don't exhibit infection. I personally submitted a few of these files to Avira for review and they confirmed no infection is found, but it's an "illegal" modification of a legit file so it stays as flagged for warnings in their VDTs.
    Now I'm not a conspiracy theorist but this reeks of shady deals to "reduce" piracy.
    I should change my Avira Free antivirus but I'm too lazy to go through a couple restarts and installing something else. Maybe Avast, which I gave up because it had this voice update notification enabled by default and scared me to death one night by yelling at me "VIRUS DEFINITIONS HAVE BEEN UPDATED!".
    Also, they don't understand that "Always Ignore" should NOT mean "Ignore for the duration of THIS session only".

    • Re: (Score:3, Insightful)

      by Bensam123 (1340765)
      Get Microsoft Security Essentials, which is free with your choice version of Windows.
      • by PRMan (959735)
        +1. MSE is great and uses almost no resources. It's invisible and the highest-rated.
        • by zixxt (1547061)

          MSE is one the worse AVs for the detection of non english threats, which means its useless.

      • Sorry, but by default something that is bundled with Windows is not my primary choice of AV kit. Why? Because of the way malware is created.

        Malware gets tested before being sent out, much like AV kits. And much in the same way: Where AV kits are tested for whether or not they detect all known threats, malware is tested whether it gets detected by the most common AV kits. And being bundled with Windows means that this AV kit MUST be evaded or defeated by the malware you create. Else, your chance for infectio

        • It's not bundled with Windows and you're not prompted to download or install it when you're installing the OS. You actually need to visit a website to download it.

          As far as I know, it's not even the most poplar anti virus software out there, so the bad guys are probably more concerned with the 3rd party AV packages.

    • Avira let's you pick the level of sensitivity- the highest sensitivity has the most false-positives. There are about 5 or 6 levels of sensitivity.

      Personally I'd rather a false positive every once in a while than to ever get a false negative.

      • Sadly, the false positive rate in Avira on highest setting is like setting the metal detectors at airports to a level where they can pick up the hemoglobin in your blood cells...

        • I use Avira on the highest setting. I've probably had 2 false positives in the last 12 months. Probably about 5 in the 2 or 3 years I've been using it.

          To me that is acceptable.

    • perhaps a game crack included their .dll for this very reason...
    • by Solandri (704621)

      Avira has this bad habit of detecting some files as malware (e.g. scene game cracks) although they don't exhibit infection.

      Avira scans for both known malware in its database, and uses a heuristical algorithm to detect possible but unknown malware. So it will tend to flag flies other virus scanners miss. This can be bad as you found out, but it can be good as it can catch new viruses before they're in anyone's database. I don't think any of the other free antivirus software has this feature, though sever

    • Been using Avira for years, and I can't say with certainty its the best, but I've never had any problems with it and its stopped its share of malware cold in their tracks. So they have a rare gaff. I think I'll just move on.
    • There is no need for shady deals. Avira is a for profit company and doesn't like people stealing their software just like game developers. Of course they aren't going to aid people pirating software.

  • Ouroboros [wikipedia.org] :-D

  • Most AVs act like viruses. They can not be terminated, like 10+ hidden processes, scan/modify/delete other files constantly etc.

    • by blair1q (305137)

      Ever run two at once?

      Avast reports the Microsoft Security Essentials AV as a virus about 180 times, because a running MSE has a bunch of virus signatures embedded within it in plaintext...

      • Running two AV kits is like hiring two security companies without telling them about each other. It's fun to watch the shootout, but it usually ain't worth the trouble afterwards.

        • by blair1q (305137)

          Interestingly, except for this one quirk, they seem to run well together and generate no more performance issues than one less-well behaved AV.

          And they detect different exploits at different times. Which makes me worry what they're missing.

    • by WorBlux (1751716)
      Yep, you've got to inject some fairly invasive stuff into the kernel in order to watch what other processes are doing. R
  • Last year Avira flagged the ASK toolbar as "malware/spyware".

    Fast forward 6 months and not only is ASK toolbar nolonger flagged as malware/spyware but all of a sudden Avira has a partnership with ASK and install it by default and it's a pain in the neck to remove it without getting rid of Avira.

    Avira's actually a pretty decent free anti-virus... but they sold their soul to the devil.

    • by zAPPzAPP (1207370)

      What is ASK and where is that toolbar supposed to be?
      I have Avira on a laptop and there is no such thing.

      • Do you use the free version?

        It may only be on the free version- also it depends on what web-browser you use.

        I notice the toolbar doesn't show up on chrome... It does on IE (even though I don't typically use IE at home)- I had to google how to remove it without disabling Avira.

        If you use IE, have the free version, and don't have the Ask tool bar/haven't removed it- is your antivirus up-to-date?

        • by Anonymous Coward

          You can choose to install or not install the toolbar during setup. If you read everything carefully (at least everything next to checkboxes), you would have noticed it.

    • but they sold their soul to the devil.

      As did McAfee, as did Norton's. In my experience Avira is MUCH LESS culpable than the other two. The last time I got a call from a family member regarding problems with their PC MacAfee was to blame.

      • McAfee is one of the worst things you could have as an AV kit as a private user. It's very convenient for large companies due to its rather comfortable administration tool, but that's pretty much all the nice things you could say about it.

  • by lavagolemking (1352431) on Thursday October 27, 2011 @03:12PM (#37859856)
    Avira saw part of a program (called "Avira") that bombards the user with pop-ups, scaring them, and asking for money every year. It acted accordingly. The only shocking thing here is that it actually worked.
  • And you thought they'd only build it as a box?

    http://www.youtube.com/watch?v=Z86V_ICUCD4
  • I just finished reading this:

    http://www.nytimes.com/2011/10/28/us/politics/republicans-push-military-trials-for-terrorism-suspects.html [nytimes.com]

    One wonders what it will take for those who want to suspend social and legal traditions because of an attack on freedom, to recognize that it is they who are destroying our freedom.

  • Now it also needs to detect those other viruses: Mcafee and Norton.

    It's sad that most AV software is worse then the problem it generally fails to prevent, but it's true.

  • Most anti-virus programs behave like viruses themselves.
  • I'm confused, I submitted this story (as it says) and it was accepted - http://slashdot.org/submission/1829554/avira-anti-virus-detects-itself [slashdot.org] - however, the version that's gone onto the front page of /. has had the source changed from The H (http://www.h-online.com/security/news/item/Avira-anti-virus-detects-itself-1367055.html) to The Register (which did the story later in the day). The text in the submission is the same / what I had but the original source has been removed. What was the reason for this?
    • by unitron (5733)

      There's nothing showing up on the main page except the story title, with the vulture logo attached.

      It was the vulture logo (which I already knew as that of theregister) which got me to load the story.

      I load the story and get

      ddfall writes "After a recent update, Avira's anti-virus software reports its own AESCRIPT.DLL file as a trojan or spyware. From the article: 'The dodgy AntiVir virus definition file was quickly pulled and replaced with a new version – 7.11.16.146 – that resolves the problem,

    • by Kalriath (849904)

      They probably checked and picked the better source. The Register's article is at least twice as long, while having the same information and more.

Your program is sick! Shoot it and put it out of its memory.

Working...