Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Avira Anti-Virus Detects Itself

samzenpus posted more than 2 years ago | from the marvin-the-anti-virus-robot dept.

Bug 142

ddfall writes "After a recent update, Avira's anti-virus software reports its own AESCRIPT.DLL file as a trojan or spyware. From the article: 'The dodgy AntiVir virus definition file was quickly pulled and replaced with a new version – 7.11.16.146 – that resolves the problem, as explained in an official post on Avira's support forum.'"

cancel ×

142 comments

Sorry! There are no comments related to the filter you selected.

Can we say... (1)

Anonymous Coward | more than 2 years ago | (#37859446)

Dee Dee Dee!

Re:Can we say... (0)

Anonymous Coward | more than 2 years ago | (#37860724)

WoW! Anti-virus programs do Work.

Re:Can we say... (1)

OakDragon (885217) | more than 2 years ago | (#37861710)

WoW! Anti-virus programs do Work.

Anti-anti-virus.

This reminds me of the good 90s (2)

orphiuchus (1146483) | more than 2 years ago | (#37859448)

Where I couldn't convince my parents not to use Norton, despite it destroying our family computer at least 6 times.

Re:This reminds me of the good 90s (4, Funny)

jhoegl (638955) | more than 2 years ago | (#37859566)

90s? It is still happening....

If Norton software gets corrupted, your computer gets possessed. It is like a Norton Ghost of some sort.

Re:This reminds me of the good 90s (-1)

Anonymous Coward | more than 2 years ago | (#37859692)

Oddly enough, Norton Ghost is actually one of their product names.

Re:This reminds me of the good 90s (2)

compro01 (777531) | more than 2 years ago | (#37859798)

It's about the only useful product they make.

Re:This reminds me of the good 90s (0)

Anonymous Coward | more than 2 years ago | (#37859962)

Whoosh

Re:This reminds me of the good 90s (1)

bobamu (943639) | more than 2 years ago | (#37860014)

wouldn't a ghost make a sort of "woowoaaaaooaoaoaao" type of noise?

Re:This reminds me of the good 90s (1)

Nikker (749551) | more than 2 years ago | (#37860566)

Just listen to you hard drive after it happens ;)

Re:This reminds me of the good 90s (0)

Anonymous Coward | more than 2 years ago | (#37860456)

Then I think it's about time to give up the Ghost.

Re:This reminds me of the good 90s (1)

Adriax (746043) | more than 2 years ago | (#37859718)

At work we spent a couple months this summer dealing with weekly virus infections of DWH*.tmp "generic trojan" on half of our computers, and per policy if the guys running the symantec servers see two or more hits on a single computer, that computer must be wiped and reinstalled.
Yeah, it took us two months to convince them it's a problem with symantec finding it's own temp files, not an actual virus.

Re:This reminds me of the good 90s (1)

Culture20 (968837) | more than 2 years ago | (#37861180)

But it always started with an actual hit (or two), as it would mostly double with every scan (the odd extra actual hits would cause bubbles in the progression). So when I had this problem, I had the machines nuked too. Thankfully it was rare here (there were only a couple repeat offenders who didn't end up getting JRE afterward).

Re:This reminds me of the good 90s (1)

Riceballsan (816702) | more than 2 years ago | (#37859744)

maybe his family caught on since

Mod parent funny (2)

LostCluster (625375) | more than 2 years ago | (#37860100)

This joke seems to need explaination so here it goes...

Norton Ghost is a discontinued drive replication program that was loved by sys admins to copy exact drive states so any hacked machine could be simply restored to a state where it was known to be good. Other tools have taken over since then, and that's why the program went away.

Re:Mod parent funny (0)

Anonymous Coward | more than 2 years ago | (#37860356)

It hasn't gone away - http://us.norton.com/ghost/ [norton.com]

Re:Mod parent funny (2)

meloneg (101248) | more than 2 years ago | (#37861234)

That abomination has nothing to do with the real Norton Ghost. Any Norton product that runs in Windows sucks. It's a simple rule to follow.

Re:Mod parent funny (1)

jimicus (737525) | more than 2 years ago | (#37860982)

Discontinued? You'd better tell Symantec that, they think they're still producing it.

Re:Mod parent funny (1)

camperdave (969942) | more than 2 years ago | (#37862134)

Norton Ghost is a discontinued drive replication program that was loved by sys admins

Norton Ghost is alive and well, and is still loved by sys admins.

Re:This reminds me of the good 90s (1)

LostCluster (625375) | more than 2 years ago | (#37860058)

Yeah, I remember a day when I was in college that my computer hourglassed for a long time whenever I tried to open a program. I rebult the software side of the computer adding in programs one at a time and it was Norton Antivirus getting caught in an infinite loop that maxed the processor every time a program was launched and staying that way until a timeout terminated the check. Norton put out a new virus definition the next day to fix the bug and it only affected people who looked for out-of-pattern updates each day like I did.

Nobody's perfect, and bugs like this can happen to any programmer working on any project.

Re:This reminds me of the good 90s (1)

plastick (1607981) | more than 2 years ago | (#37861882)

Symantec Norton Antivirus is the worst! I can't tell you how many times people have gotten viruses running that horrible excuse for a program. And I'm always the one to fix it. Several times, the ISP called and said users were running botnets and sending out spam.... sure enough.... not only did Norton not catch it, but the ISP told me they were upset with Norton (and McAfee) for falling so far behind.

So not only is it useless, it takes up a huge chunk of your processor and continually pops up acting like the used car salesman from hell. No thanks! No one should use that garbage.

Why is this news? (-1)

Anonymous Coward | more than 2 years ago | (#37859452)

Software company screws up then quickly fixes it. Nothing to see here, move along?

Re:Why is this news? (1)

Riceballsan (816702) | more than 2 years ago | (#37859874)

In this case I do have to say a bit right on this part. This nowhere near matches the ranks of MSE destroying chrome (subject to suspicion due to companies being rivals), nor is it even remotely on the league of McAffee rendering systems unbootable. Though I do have to say it does say something negative due to it being curious to pass testing. (Microsoft can at least say "Chrome wasn't installed on our machines that we tested it on" and it be a very plausible explanation)

Re:Why is this news? (1)

Lithdren (605362) | more than 2 years ago | (#37859964)

I think this just proves that even Avira developers, dont use Avira. Make of that what you will.

Re:Why is this news? (0)

Anonymous Coward | more than 2 years ago | (#37859892)

Yep, yawn.

wrong category! (1)

X0563511 (793323) | more than 2 years ago | (#37859454)

WTF did you put this in idle for? The place slashcode goes to, well, break.

Re:wrong category! (1)

LostCluster (625375) | more than 2 years ago | (#37860132)

Good point. If this is in idle, did it really happen or is this in Slashdot's fake news zone?

Re:wrong category! (1)

mister_playboy (1474163) | more than 2 years ago | (#37860694)

The place slashcode goes to, well, break.

Idle pages now render just the same as the other categories for me.

Re:wrong category! (1)

X0563511 (793323) | more than 2 years ago | (#37860830)

Hmm. Your right.

Well, good. :D

obligatory (1)

magsol (1406749) | more than 2 years ago | (#37859472)

We must go deeper!

So does this mean (4, Funny)

Nanosphere (1867972) | more than 2 years ago | (#37859482)

It has become self aware?

Re:So does this mean (1)

Anonymous Coward | more than 2 years ago | (#37859534)

Wouldn't be for long with such suicidal behavior.

Re:So does this mean (1)

lavagolemking (1352431) | more than 2 years ago | (#37859660)

Nah, it just can't stop touching itself.

Re:So does this mean (1)

Oswald McWeany (2428506) | more than 2 years ago | (#37859966)

Obviously they don't use MC Hammers search engine at the Avira office.

Re:So does this mean (1)

Lithdren (605362) | more than 2 years ago | (#37859840)

It becomes self aware, and its first act is to try to destroy itself before its too late.

Re:So does this mean (0)

Anonymous Coward | more than 2 years ago | (#37859908)

Muad'dib has seen the golden path and must remove himself from the equation.

Re:So does this mean (0)

Anonymous Coward | more than 2 years ago | (#37861806)

Philosophical suicide :-)

self-pwnage (1)

Spy Handler (822350) | more than 2 years ago | (#37859626)

on the same scale as this [youtube.com] :

It Ate Itself (0)

Anonymous Coward | more than 2 years ago | (#37859630)

Any other fans of Wyrm? :-p

And yet... (2)

RobinEggs (1453925) | more than 2 years ago | (#37859644)

With occurrences like these it's no surprise people sometimes think antivirus and security recommendations consist of 75% FUD and 25% common sense.

How many of us have seen just about every damn thing we download labeled as some kind of trojan or other?

It's commonplace on file sharing sites to see outright mockery of those who raise alarms about the scary alert their AV just popped on those files; that's how bad antivirus programs get.

I understand that sometimes shady files do contain viruses, but nevertheless I've seen claims from major security vendors and from Microsoft that the vast majority of illicit files contain viruses. Seems like I'd have noticed some missing money, some funny things on my credit report, or some suspicious traffic in my router logs if that was true, but they've all been squeaky clean. And I used windows XP SP3 with no firewall or antivirus until this year.

Bottom line, I should be using better protection and it's possible I've had some viruses, but if I did they clearly haven't harmed me yet. And it's still difficult to distinguish the level of actual threats from the hilarious mistakes and massive, obvious disinformation campaigns going on.

Re:And yet...Thanks for owning a spambot (0)

Anonymous Coward | more than 2 years ago | (#37859844)

Have you run Combofix to find what isn't causing you problems but may be sending spam to millions of others?

Re:And yet... (1)

PRMan (959735) | more than 2 years ago | (#37860088)

but if I did they clearly haven't harmed me yet.

It's like I always say. Given a choice of Norton and the virus, give me the virus. At least it uses less resources...

Re:And yet... (0)

Anonymous Coward | more than 2 years ago | (#37861158)

I have never seen AntiVir get upset about digital media files as of yet, and only once did it complain about an installer. (On inspection with 7-Zip, it turned out that the installer contained CoolWebSearch, which wasn't mentioned on the website. I thought the free version didn't protect against spyware, but in this case it apparently did.)

Again (1)

poofmeisterp (650750) | more than 2 years ago | (#37859668)

And ./ said, "let there be laughter."

And then the masses moved on to the next article.

Re:Again (1)

blair1q (305137) | more than 2 years ago | (#37859858)

/. detects the / in your .

Re:Again (1)

poofmeisterp (650750) | more than 2 years ago | (#37860448)

Damnit. That's what happens when you're a *NIX guy.

$ ./DOH\!.sh

Re:Again (1)

fortapocalypse (1231686) | more than 2 years ago | (#37860364)

./ is /. in one of our closer parallel dimensions. Of course, Bizarro /. is .\

Re:Again (1)

poofmeisterp (650750) | more than 2 years ago | (#37860528)

$ \.\\//./
#

The above is what happens when you cross dimensions, as well.

God damn *NIX errors. lol /., ./, they've all got a lot of text. :)

Yes! (1)

irp (260932) | more than 2 years ago | (#37859690)

I have been fighting a virus on my work the last couple of days. It is calling itself McAfee Antivirus Enterprise. The symptoms is it slows my (aging) lab computers to a grinding halt. The last 3 days it has essentially incapacitating them for more than an hour, every day. I hope whatever payload it needed to update is done, so it will stop disrupting experiments by stalling.

We'll soon need to upgrade an old - but still adequate - dedicated lab computer running a single piece of equipment, just because IT have chosen McAfee...

(fyi; If I take it offline I can only log-on a month or so, then it has to connect to the domain, resulting in a torrent of forced updates. Beside we need to be able to retrieve the data, and last time I needed one, no one had an usb stick!).

Re:Yes! (0)

gestalt_n_pepper (991155) | more than 2 years ago | (#37859724)

There's another intermittent virus called "Windows updates." It slows your computer and then forces it to reboot.

WTF? (1)

afidel (530433) | more than 2 years ago | (#37859696)

I mean shouldn't the most rudimentary of unit testing have shown this to be a problem?

Re:WTF? (0)

Anonymous Coward | more than 2 years ago | (#37859752)

Nobody does unit testing anymore, meal breaks are too important, look at the entire gaming industry.

Re:WTF? (0)

Anonymous Coward | more than 2 years ago | (#37859898)

Meal breaks? Where the hell did that come from?

Re:WTF? (1)

Tridus (79566) | more than 2 years ago | (#37860086)

They get meal breaks in the game industry? Most of them work 100 hour weeks for 6 months of the year to meet marketing's absurd Fall release timeline.

Re:WTF? (1)

Dunbal (464142) | more than 2 years ago | (#37860518)

What he calls a "meal break" most people call "the weekend".

Re:WTF? (1)

BattleApple (956701) | more than 2 years ago | (#37860454)

they could have sent out the wrong version by mistake

Re:WTF? (1)

afidel (530433) | more than 2 years ago | (#37860574)

So it's not their unit testing that's incompetent it's their version control? How is that any better?

Re:WTF? (1)

BattleApple (956701) | more than 2 years ago | (#37860886)

Where did I say it's better?

Re:WTF? (1)

jd2112 (1535857) | more than 2 years ago | (#37860728)

they could have sent out the wrong version by mistake

You would have fhought they would have better luck with version 7.11.

Isn't that illegal in Alabama? (1)

gestalt_n_pepper (991155) | more than 2 years ago | (#37859700)

No wait, that was something different.

Avira (4, Funny)

war4peace (1628283) | more than 2 years ago | (#37859796)

Avira has this bad habit of detecting some files as malware (e.g. scene game cracks) although they don't exhibit infection. I personally submitted a few of these files to Avira for review and they confirmed no infection is found, but it's an "illegal" modification of a legit file so it stays as flagged for warnings in their VDTs.
Now I'm not a conspiracy theorist but this reeks of shady deals to "reduce" piracy.
I should change my Avira Free antivirus but I'm too lazy to go through a couple restarts and installing something else. Maybe Avast, which I gave up because it had this voice update notification enabled by default and scared me to death one night by yelling at me "VIRUS DEFINITIONS HAVE BEEN UPDATED!".
Also, they don't understand that "Always Ignore" should NOT mean "Ignore for the duration of THIS session only".

Re:Avira (3, Insightful)

Bensam123 (1340765) | more than 2 years ago | (#37859916)

Get Microsoft Security Essentials, which is free with your choice version of Windows.

Re:Avira (1)

PRMan (959735) | more than 2 years ago | (#37860124)

+1. MSE is great and uses almost no resources. It's invisible and the highest-rated.

Parent & grandparent comment FAIL! (0)

Anonymous Coward | more than 2 years ago | (#37860596)

Yeah, because it detects jack-shit!
Remember when we joked about MS, the company who couldn't keep its own shit secure for decades, bringing out "security software"?
Also, you pulled that "highest-rated" right out of your ass. I see them constantly getting the "40% detection rate? Wow, this must be a joke! FAIL!" prize in any comparison since it came out.

Re:Avira (0)

Anonymous Coward | more than 2 years ago | (#37860768)

That's an anti-virus joke altogether (they squeezed some AV brains from a small company and re-branded it as theirs). Bah! You're better using ClamAV, running stuff you trust and doing from time to time an off-line scan with some good AV boot CD.

Re:Avira (0)

Anonymous Coward | more than 2 years ago | (#37860992)

+1. MSE is great and uses almost no resources.

It detects almost no viruses either. I tried this on my daughter's laptop and before a month was out she was infected with a virus that Norton stopped on her roommate's laptop.

Re:Avira MUCH better than MSE (0)

Anonymous Coward | more than 2 years ago | (#37861288)

MSE has terrible ratings, please do some research before parroting what you've heard. Check the VB100 scores.

Re:Avira (0)

Anonymous Coward | more than 2 years ago | (#37861392)

I second the motion (or third it). I have used many antivirus programs. MSE is by far the best I've used.

I know how freakishly weird these words sound coming from a /.er, but they made a lightweight, unobtrusive but still effective program. I would honestly like a Linux port of it, so I can put it on my email/file server to scan things (to keep it from spreading infections).

Re:Avira (1)

Oswald McWeany (2428506) | more than 2 years ago | (#37859922)

Avira let's you pick the level of sensitivity- the highest sensitivity has the most false-positives. There are about 5 or 6 levels of sensitivity.

Personally I'd rather a false positive every once in a while than to ever get a false negative.

Re:Avira (1)

Charliemopps (1157495) | more than 2 years ago | (#37860240)

perhaps a game crack included their .dll for this very reason...

Re:Avira (1)

Solandri (704621) | more than 2 years ago | (#37860286)

Avira has this bad habit of detecting some files as malware (e.g. scene game cracks) although they don't exhibit infection.

Avira scans for both known malware in its database, and uses a heuristical algorithm to detect possible but unknown malware. So it will tend to flag flies other virus scanners miss. This can be bad as you found out, but it can be good as it can catch new viruses before they're in anyone's database. I don't think any of the other free antivirus software has this feature, though several of the top-rated pay antivirus software do.

I ended up ditching Avira though because of their daily pop-up reminder to buy their pay version. Too many calls from my client asking what it was and was it safe to click OK. I'm using Microsoft Security Essentials now, though I'm testing Avast. Avast introduced an automatic sandbox feature which if it works as advertised could solve my biggest headache - clients running files emailed to them by "friends". I'm still trying to figure out how it works though.

Re:Avira (0)

Anonymous Coward | more than 2 years ago | (#37860720)

All of them seem to detect a large number of such files as 'unwanted' or 'generic malware' these days.

The usual response you get if you ask is them telling that on a business machine it would be risky to have such illegally modified software, or keygens which could generate illegal keys, so they get flagged and removed.

They're very much PROactive in doing this, and it seems to focus mainly around software from specific vendors, so yes, they're probably being paid to do it.

Re:Avira (1)

interval1066 (668936) | more than 2 years ago | (#37860840)

Been using Avira for years, and I can't say with certainty its the best, but I've never had any problems with it and its stopped its share of malware cold in their tracks. So they have a rare gaff. I think I'll just move on.

Re:Avira (1)

brainzach (2032950) | more than 2 years ago | (#37861094)

There is no need for shady deals. Avira is a for profit company and doesn't like people stealing their software just like game developers. Of course they aren't going to aid people pirating software.

Digital g(r)eeks! (1)

angiasaa (758006) | more than 2 years ago | (#37859810)

Ouroboros [wikipedia.org] :-D

In a way it is right (1)

Hentes (2461350) | more than 2 years ago | (#37859820)

Most AVs act like viruses. They can not be terminated, like 10+ hidden processes, scan/modify/delete other files constantly etc.

Re:In a way it is right (1)

blair1q (305137) | more than 2 years ago | (#37859888)

Ever run two at once?

Avast reports the Microsoft Security Essentials AV as a virus about 180 times, because a running MSE has a bunch of virus signatures embedded within it in plaintext...

Re:In a way it is right (1)

WorBlux (1751716) | more than 2 years ago | (#37860736)

Yep, you've got to inject some fairly invasive stuff into the kernel in order to watch what other processes are doing. R

Thing with Avira... (1)

Oswald McWeany (2428506) | more than 2 years ago | (#37859854)

Last year Avira flagged the ASK toolbar as "malware/spyware".

Fast forward 6 months and not only is ASK toolbar nolonger flagged as malware/spyware but all of a sudden Avira has a partnership with ASK and install it by default and it's a pain in the neck to remove it without getting rid of Avira.

Avira's actually a pretty decent free anti-virus... but they sold their soul to the devil.

Re:Thing with Avira... (1)

zAPPzAPP (1207370) | more than 2 years ago | (#37860452)

What is ASK and where is that toolbar supposed to be?
I have Avira on a laptop and there is no such thing.

Re:Thing with Avira... (1)

Oswald McWeany (2428506) | more than 2 years ago | (#37860680)

Do you use the free version?

It may only be on the free version- also it depends on what web-browser you use.

I notice the toolbar doesn't show up on chrome... It does on IE (even though I don't typically use IE at home)- I had to google how to remove it without disabling Avira.

If you use IE, have the free version, and don't have the Ask tool bar/haven't removed it- is your antivirus up-to-date?

Re:Thing with Avira... (1)

Anonymous Coward | more than 2 years ago | (#37861530)

You can choose to install or not install the toolbar during setup. If you read everything carefully (at least everything next to checkboxes), you would have noticed it.

Re:Thing with Avira... (1)

interval1066 (668936) | more than 2 years ago | (#37860872)

but they sold their soul to the devil.

As did McAfee, as did Norton's. In my experience Avira is MUCH LESS culpable than the other two. The last time I got a call from a family member regarding problems with their PC MacAfee was to blame.

Wow, it's actually doing its job! (4, Funny)

lavagolemking (1352431) | more than 2 years ago | (#37859856)

Avira saw part of a program (called "Avira") that bombards the user with pop-ups, scaring them, and asking for money every year. It acted accordingly. The only shocking thing here is that it actually worked.

Included Trojan (0)

Anonymous Coward | more than 2 years ago | (#37859872)

Maybe it just detected the included Trojan ?

The Most Useless Anti-Virus Ever! (1)

CFBMoo1 (157453) | more than 2 years ago | (#37859894)

And you thought they'd only build it as a box?

http://www.youtube.com/watch?v=Z86V_ICUCD4

Refreshingly honest! (1)

sjames (1099) | more than 2 years ago | (#37859956)

n/t

My Win32 antivirus (-1)

Anonymous Coward | more than 2 years ago | (#37859974)

is Linux.

'nuff said.

Re:My Win32 antivirus (1)

Oswald McWeany (2428506) | more than 2 years ago | (#37860222)

For how long though? With so many non-traditional computer devices being embedded with Linux flavours- how long until more and more people start targeting Linux.

A virus that leaps from your phone to your cable box to your computer to you thermostat to your electric car would not be fun.

that's some sort of parable for modern times (0)

circletimessquare (444983) | more than 2 years ago | (#37860054)

I just finished reading this:

http://www.nytimes.com/2011/10/28/us/politics/republicans-push-military-trials-for-terrorism-suspects.html [nytimes.com]

One wonders what it will take for those who want to suspend social and legal traditions because of an attack on freedom, to recognize that it is they who are destroying our freedom.

Re:that's some sort of parable for modern times (0)

Anonymous Coward | more than 2 years ago | (#37860554)

Please don't interrupt, the adults are discussing how an av program detected itself. I'm sure someone gives a fuck about your article, perhaps you could submit it and see.

Good start (1)

Tridus (79566) | more than 2 years ago | (#37860128)

Now it also needs to detect those other viruses: Mcafee and Norton.

It's sad that most AV software is worse then the problem it generally fails to prevent, but it's true.

Holy Recursion! (0)

Anonymous Coward | more than 2 years ago | (#37860262)

Holy recursion, Batman!

It wasn't wrong. (1)

JustAnotherIdiot (1980292) | more than 2 years ago | (#37860368)

Most anti-virus programs behave like viruses themselves.

Re:It wasn't wrong. (0)

Anonymous Coward | more than 2 years ago | (#37860798)

Yeah, it wasn't wrong.. it should delete itself every time it runs, then you just install it again.
And it's not because it was behaving like a virus, the dll probably contains virus signatures to compare against other files. There's normally an exception for its own files.

Someone please explain (0)

Anonymous Coward | more than 2 years ago | (#37860648)

I use Linux, what is a virus, and an anti-virus?

Publish the submission but change the source? (1)

ddfall (1493621) | more than 2 years ago | (#37861312)

I'm confused, I submitted this story (as it says) and it was accepted - http://slashdot.org/submission/1829554/avira-anti-virus-detects-itself [slashdot.org] - however, the version that's gone onto the front page of /. has had the source changed from The H (http://www.h-online.com/security/news/item/Avira-anti-virus-detects-itself-1367055.html) to The Register (which did the story later in the day). The text in the submission is the same / what I had but the original source has been removed. What was the reason for this?

sandbox (0)

Anonymous Coward | more than 2 years ago | (#37861348)

sandboxie is a great program to use when trying to explorer some "shady" files or programs.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>