Welcome Guest.   Make a donation to an author on the site November 28, 2014, 07:29:45 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2014! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: GridMove Identified by Symantec AntiVirus as Backdoor Trojan  (Read 14048 times)
Matt Caspermeyer
Participant
*
Posts: 2

View Profile Give some DonationCredits to this forum member
« on: July 11, 2008, 03:51:27 PM »

Today (July 11, 2008), Symantec AntiVirus identified GridMove as a Backdoor.Trojan with the 7/9/2008 rev. 3 definition file and deleted GridMove.exe from the Program Files folder and also the application link from Startup.

I imagine I can just re-install GridMove and it should be okay, but I'm pretty sure this is a false positive by Symantec AntiVirus since the previous definition file did not detect an infection, no other programs are infected, and GridMove launches on startup every time. Has anyone else had the same problem? I'm running Windows XP x64 if that makes any difference.

Here's a picture of what Symantec AntiVirus did:



Thanks for any information you can provide.
Logged
jgpaiva
Global Moderator
*****
Posts: 4,711



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: July 11, 2008, 04:25:15 PM »

Not again... GRR, damn! Antivirus programs frequently flag programs made with autohotkey, and yes, that's a false positive.
Thanks a lot for the heads up, Matt! Most people just delete it and go on with their lives, I'm glad you took the time to post here.
I have been making some updating to GridMove, and next week I expect to post a new version. This new version will be compiled with the most recent version of AHK, thus, it'll have no problems with antiviruses (at least, for some time  Cry)
Sorry for the inconvinience, Matt!
Logged

Matt Caspermeyer
Participant
*
Posts: 2

View Profile Give some DonationCredits to this forum member
« Reply #2 on: July 11, 2008, 04:52:36 PM »

jgpaiva:

Thanks for the reply!

I'm more disappointed in the fact that Symantec blew  Cry GridMove away (GridMove is one of my favorite little apps! Cool), without giving me a chance to save it!

Hmmm... since I rarely reboot, and since GridMove is still in memory (Hah! Symantec didn't remove it from memory!), maybe I'll try holding off reinstalling it until you get the new version of GridMove posted (I can probably go a week or two without rebooting unless Symantec (or usually it's Microsoft with an update) makes me).

Can't wait for the new version - thanks and keep up the awesome work! Thmbsup
Logged
jgpaiva
Global Moderator
*****
Posts: 4,711



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: July 11, 2008, 04:58:52 PM »

You don't actually have to go without rebooting.
Just change the name of the executable to GridMove2.exe or something, I'm pretty sure it won't delete it then Wink

Can't wait for the new version - thanks and keep up the awesome work! Thmbsup
smiley I hope it'll bring some good improvements. Right now, I already have the "drag to edge" method working with multi-monitors, a long-overdue feature.
I also intend to clean up the menus a bit, improve the about box and hopefully add a "cycle to next grid element" feature that I think is really cool and has been requested a few times already Wink
(But shhh.. noone can know about this, it's supposed to be a surprise  tellme)
Logged

lanux128
Global Moderator
*****
Posts: 6,133



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: July 11, 2008, 10:17:28 PM »

judging from the screenshot, Symantec AV has made a poor decision as it deems a "successful healing" is merely deleting the file but being unable to remove it from memory, leaving the user's PC in a vulnerable state. thumb down luckily for Symantec, GridMove is NOT a virus/malware.
Logged

nosh
Supporting Member
**
Posts: 1,396


View Profile Give some DonationCredits to this forum member
« Reply #5 on: July 12, 2008, 07:08:10 AM »

lol@ "cleaned by deletion" - why can't the monkeys just call it deleted?

I personally feel it's a really bad/dangerous choice to let an AV whack off files on its own without prompting the user for action, you never know what'll scare it next.

Logged
mouser
First Author
Administrator
*****
Posts: 33,703



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: July 12, 2008, 07:09:58 AM »

nosh, i could not agree more.
long thread here dealing with this same behavior for one of my programs: http://www.donationcoder....m/index.php?topic=12614.0
Logged
mxn
Participant
*
Posts: 6

View Profile Give some DonationCredits to this forum member
« Reply #7 on: October 08, 2008, 09:58:46 AM »

Any news regarding this? NOD32 has been buggning me for months now, thinking GridMove.exe is a backdoor trojan. Adding it to the exclude list doesn't help for some reason.
Logged
justice
Supporting Member
**
Posts: 1,890



Solve issues simply.

View Profile WWW Give some DonationCredits to this forum member
« Reply #8 on: October 08, 2008, 10:05:50 AM »

download the latest version?
Logged

mxn
Participant
*
Posts: 6

View Profile Give some DonationCredits to this forum member
« Reply #9 on: October 08, 2008, 10:48:28 AM »

Thanks, updating solved the problem. smiley I was sure I had the latest version (seeing as it is almost a year old), but I was wrong.
Logged
jgpaiva
Global Moderator
*****
Posts: 4,711



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: October 08, 2008, 11:51:34 AM »

Actually, I still haven't updated since this topic was started (I know, my bad.. sorry but been really busy)...
I'm glad updating worked for you, mxn!
Logged

gdot
Participant
*
Posts: 4


View Profile WWW Give some DonationCredits to this forum member
« Reply #11 on: October 30, 2008, 12:47:04 PM »

 Thmbsup Keep up the good work, jg... Thanks! Thmbsup

FWIW, avast! has just spotted GridMove as a false positive, declared itself unable to heal and quarantined.
I whitelisted and "un-quarantined" GMove but the program was "not found" (apparently the quarantine un-quarantine process blew something up).

Closed avast, downloaded new version (new copy of v1192, indeed), re-installed... and  Angry avast! spotted the false positive again.

Believe this issue belongs in avast! forums: how to whitelist an application!  thumb down

Logged
lanux128
Global Moderator
*****
Posts: 6,133



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: October 30, 2008, 08:23:21 PM »

in addition to white-listing, i believe that the AV vendors should improve their detection routine as well in order to reduce the alarming rate of false alarms. smiley
Logged

gdot
Participant
*
Posts: 4


View Profile WWW Give some DonationCredits to this forum member
« Reply #13 on: October 31, 2008, 06:35:48 AM »

in addition to white-listing, i believe that the AV vendors should improve their detection routine as well in order to reduce the alarming rate of false alarms. smiley

Well, Lanux...

False alarms are extremely boring to you and me, but for the average client the false alarm is perceived as legit, thus improving his/her confidence in the product image, choice and fidelity.

False alarms increase sales... otherwise they would be long gone.
Logged
lanux128
Global Moderator
*****
Posts: 6,133



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: October 31, 2008, 11:17:47 PM »

False alarms increase sales... otherwise they would be long gone.

that's why AV vendors find it easier label a program as a malware instead. what can i say, fear mongering works apparently.
Logged

gdot
Participant
*
Posts: 4


View Profile WWW Give some DonationCredits to this forum member
« Reply #15 on: November 05, 2008, 05:19:55 AM »

Opened support ticket at avast!  thumbs up

No reply, but false positivie disappeared 2 days after complaint (solution probably embedded in an auto-update) and GridMove is working again.
Logged
lanux128
Global Moderator
*****
Posts: 6,133



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #16 on: November 05, 2008, 06:37:28 AM »

excellent job, gdot! thumbs up at least now we know avast! at least listen to their users' complaints. smiley
Logged

jgpaiva
Global Moderator
*****
Posts: 4,711



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: November 05, 2008, 07:05:08 AM »

smiley thanks a lot, gdot!!
Logged

lanux128
Global Moderator
*****
Posts: 6,133



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #18 on: November 05, 2008, 11:18:55 PM »

Opened support ticket at avast!  thumbs up

No reply, but false positivie disappeared 2 days after complaint (solution probably embedded in an auto-update) and GridMove is working again.

gdot: just curious, is the support line for paying customers only? if not, is it possible to link that post so that future visitors can re-directed to this thread. thanks again. smiley
Logged

wickedwookie
Participant
*
Posts: 1

View Profile Give some DonationCredits to this forum member
« Reply #19 on: November 06, 2008, 06:00:56 AM »

I also complained to the Avast! people a couple of days ago, but with a simple email to virus@avast.com
Told them about the false positive etc...
Logged
jgpaiva
Global Moderator
*****
Posts: 4,711



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #20 on: November 06, 2008, 07:53:49 AM »

Oh man, now that's cool. I seriously wasn't expecting you guys to do that, since it was my own job. Thanks a lot! cheesy
Logged

Kamel
Honorary Member
**
Posts: 138


View Profile Give some DonationCredits to this forum member
« Reply #21 on: November 21, 2008, 06:00:36 PM »

lol@ "cleaned by deletion" - why can't the monkeys just call it deleted?

I personally feel it's a really bad/dangerous choice to let an AV whack off files on its own without prompting the user for action, you never know what'll scare it next.



I actually had an AV remove a whole custom folder of things a friend helped me make for remotely controlling my PC. The AV (I think it was norton ironically enough) listed them as "hacking tools" and removed them without asking, gone forever. What the AV does when it finds what it THINKS are 'infections' is one of my #1 concerns when finding an AV now.
Logged

I'm the guy you yell at when your DSL goes down...
lanux128
Global Moderator
*****
Posts: 6,133



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #22 on: November 25, 2008, 10:19:44 PM »

i heard BitDefender has an option to exclude files/folders from being scanned. i wonder if there is any truth in that? while it'll be good for custom AHK scripts, it leaves a door open for other malwares to reside in that folder.
Logged

jgpaiva
Global Moderator
*****
Posts: 4,711



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #23 on: December 03, 2008, 11:10:28 AM »

I've made an update to gridmove, let's see if it solves these problems.
Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.047s | Server load: 0.33 ]