Welcome Guest.   Make a donation to an author on the site October 02, 2014, 01:34:20 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Your Support Funds this Site: View the Supporter Yearbook.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Kaspersky Reports Gridmove as containing Trojan.Win32.AutoHK.fe  (Read 3588 times)
benrifkah
Participant
*
Posts: 3

View Profile Give some DonationCredits to this forum member
« on: March 16, 2010, 12:42:43 PM »

Greetings,

I'm running Gridmove v1.19.62 On Win 7 Home Premium 64 and it's working great!

However, this morning I got a report from Kaspersky Anti-Virus 6.0 with the latest virus definition database (2010-03-16 06:27:00) saying that c:\program files (x86)\GridMove\GridMove.exe contains "Trojan.Win32.AutoHK.fe".

Unfortunately, Kaspersky's virus dictionary doesn't have anything on the suspected trojan that they're reporting: http://www.viruslist.com/en/search?VN=Trojan.Win32.AutoHK.fe&referer=wks.  It seems a little odd that they'd report a trojan without having any information about what it does but they apparently have a number of Auto Hot Key related definitions in their database without any explanation: http://www.viruslist.com/en/find?search_mode=full&words=Trojan.Win32.AutoHK

I'm betting this is a false positive.
Logged
jgpaiva
Global Moderator
*****
Posts: 4,710



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: March 16, 2010, 02:44:04 PM »

Sad
It is a false positive.
And unfortunatelly I have already compiled GridMove without binary compression, which means there really isn't much I can do...
Logged

benrifkah
Participant
*
Posts: 3

View Profile Give some DonationCredits to this forum member
« Reply #2 on: March 16, 2010, 03:11:45 PM »

Sad
It is a false positive.
And unfortunatelly I have already compiled GridMove without binary compression, which means there really isn't much I can do...

I figured as much.  I mainly posted here so that an explanation would show up in search result for others that get the same report and aren't sure what to do.

I reported it as a false alarm to Kaspersky so we'll see.

Thanks for the quick reply.
Logged
jgpaiva
Global Moderator
*****
Posts: 4,710



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: March 16, 2010, 04:36:21 PM »

Thank you for your effort!
Let's see if it gets solved smiley

[edit]
I've just noticed that what's flagged is "autohotkey", the language gridmove is built on... Sorry to see that, it means every program compiled with it gets that flag Sad
Logged

benrifkah
Participant
*
Posts: 3

View Profile Give some DonationCredits to this forum member
« Reply #4 on: March 16, 2010, 05:23:34 PM »

I reported it as a false alarm to Kaspersky so we'll see.

Good News!

Just got this email from Kaspersky:

Quote
RE: [VirLabSRF][False Alarm][M:1][LN:EN][L:0] [KLAN-65305705]
   
Hello,

Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.

Best Regards,
Oleg Yurzin

Malware Analyst
Kaspersky Lab
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: March 17, 2010, 08:44:18 AM »

Cool that Kaspersky take the time to answer Thmbsup
Logged

- carpe noctem
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.032s | Server load: 0.24 ]