AVG Free Edition reporting digest.so as a Trojan - Ruby on Rails: Talk

4 messages - Collapse all

JoeFaust

View profile

More options Apr 13 2008, 10:09 pm

From: JoeFaust <jhartf...@gmail.com>

Date: Sun, 13 Apr 2008 19:09:56 -0700 (PDT)

Local: Sun, Apr 13 2008 10:09 pm

Subject: AVG Free Edition reporting digest.so as a Trojan

  Reply to author
  |
  Forward
  | Print
  | Individual message
  | Show original
  | Report this message
  | Find messages by this author
  

I recently started running into trouble with my ruby install. Anytime
I tried to run 'gem' or 'rake' I'd get the following output:

gem list
c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to load
-- digest.so (LoadError)
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:
11
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in
`require'
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501
from c:/ruby/bin/gem.bat:5:in `require'
from c:/ruby/bin/gem.bat:5

I initially worked around this yesterday by reinstalling ruby & rails,
but then today the issue recurred, so I started digging deeper. I
tracked this down to my anti-virus software identifying digest.so as
"Trojan horse Generic10.JXS" and moving it into the Virus Vault
(effectively deleting it). I'm assuming that this is a false-
positive, as it occurred on both my work & home machines.

According to my virus scanner log, this was first detected on
2008-04-11 (the software updates itself daily).

Details:

OS: XP (home) Vista (work)

ruby --version
ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32]

AVG Free Edition (http://free.grisoft.com/)
Internal Virus Database version: 269.22.13/1376

"Virus" details:
Object name: digest.so
Object path: C:\ruby\lib\ruby\1.8\i386-mswin32\
Discovery: Trojan horse Generic10.JXS
Date of detection: 4/13/2008 7:13:40 AM
Source computer: ....
Finder: SYSTEM
File size: 20 KB (20566 bytes)
Healable: No
Source: Backup copy
Status: Infected

Reply to author Forward

pstonline

View profile

More options Apr 16 2008, 4:51 am

From: pstonline <pstonl...@pstonline.co.uk>

Date: Wed, 16 Apr 2008 01:51:27 -0700 (PDT)

Local: Wed, Apr 16 2008 4:51 am

Subject: Re: AVG Free Edition reporting digest.so as a Trojan

  Reply to author
  |
  Forward
  | Print
  | Individual message
  | Show original
  | Report this message
  | Find messages by this author
  

You are a life saver! Had the same problem yesterday 15 April 2008.
This must be due to a recent update on AVG.

I've now restored the offending file digest.so and ruby and my mongrel
service is up and running again.
(Until the file gets virus vaulted again...)
Do we know whether this really is a false positive?
Is there a way to prevent the file from being virus vaulted?

Regards,

Fabricio

On Apr 14, 3:09 am, JoeFaust <jhartf...@gmail.com> wrote:

- Show quoted text -

Reply to author Forward

JoeFaust

View profile

More options Apr 17 2008, 1:19 am

From: JoeFaust <jhartf...@gmail.com>

Date: Wed, 16 Apr 2008 22:19:05 -0700 (PDT)

Local: Thurs, Apr 17 2008 1:19 am

Subject: Re: AVG Free Edition reporting digest.so as a Trojan

  Reply to author
  |
  Forward
  | Print
  | Individual message
  | Show original
  | Report this message
  | Find messages by this author
  

I found this post on the AVG Free Forum titled "You suspect a file to
be a false positive": http://forum.grisoft.cz/freeforum/read.php?4,104930,backpage=,sv=

As per instructions, I ran digest.so through the site mentioned here:
http://virusscan.jotti.org/ and AVG Antivirus is the only scanner
that returns a positive result, which leads me to believe that we are
indeed dealing with a false positive, local to AVG. I have also
emailed digest.so in an encrypted zipfile to vi...@avg.com. I have
not tried disable heuristic scanning on the Resident Shield. I have
just been restoring the file from the virus vault each morning. :(

--Joe

On Apr 16, 4:51 am, pstonline <pstonl...@pstonline.co.uk> wrote:

- Show quoted text -

> You are a life saver! Had the same problem yesterday 15 April 2008.
> This must be due to a recent update on AVG.

> I've now restored the offending file digest.so and ruby and my mongrel
> service is up and running again.
> (Until the file gets virus vaulted again...)
> Do we know whether this really is a false positive?
> Is there a way to prevent the file from being virus vaulted?

> Regards,

> Fabricio

> On Apr 14, 3:09 am, JoeFaust <jhartf...@gmail.com> wrote:

> > I recently started running into trouble with my ruby install. Anytime
> > I tried to run 'gem' or 'rake' I'd get the following output:

> > gem list
> > c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to load
> > -- digest.so (LoadError)
> > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:
> > 11
> > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in
> > `require'
> > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501
> > from c:/ruby/bin/gem.bat:5:in `require'
> > from c:/ruby/bin/gem.bat:5

> > I initially worked around this yesterday by reinstalling ruby & rails,
> > but then today the issue recurred, so I started digging deeper. I
> > tracked this down to my anti-virus software identifying digest.so as
> > "Trojan horse Generic10.JXS" and moving it into the Virus Vault
> > (effectively deleting it). I'm assuming that this is a false-
> > positive, as it occurred on both my work & home machines.

> > According to my virus scanner log, this was first detected on
> > 2008-04-11 (the software updates itself daily).

> > Details:

> > OS: XP (home) Vista (work)

> > ruby --version
> > ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32]

> > AVG Free Edition (http://free.grisoft.com/)
> > Internal Virus Database version: 269.22.13/1376

> > "Virus" details:
> > Object name: digest.so
> > Object path: C:\ruby\lib\ruby\1.8\i386-mswin32\
> > Discovery: Trojan horse Generic10.JXS
> > Date of detection: 4/13/2008 7:13:40 AM
> > Source computer: ....
> > Finder: SYSTEM
> > File size: 20 KB (20566 bytes)
> > Healable: No
> > Source: Backup copy
> > Status: Infected

Reply to author Forward

JoeFaust

View profile

More options Apr 17 2008, 11:14 am

From: JoeFaust <jhartf...@gmail.com>

Date: Thu, 17 Apr 2008 08:14:55 -0700 (PDT)

Local: Thurs, Apr 17 2008 11:14 am

Subject: Re: AVG Free Edition reporting digest.so as a Trojan

  Reply to author
  |
  Forward
  | Print
  | Individual message
  | Show original
  | Report this message
  | Find messages by this author
  

Got a response from AVG already:

Dear Sir/Madam,

thank you for your email.

We analyzed your file and we can confirm, that it is a false positive.
The detection of this file will be removed in next virus update.

If you need to restore deleted files from AVG Virus Vault you can do
it this way: open AVG Virus Vault (Start -> Programs -> AVG Antivirus
-> AVG Virus Vault). Locate the file that was removed, right click on
it and choose "Restore File(s)" option.

We are sorry for the inconvenience.

Answers to the most common questions can be found here as well:
http://www.avg.com/faq/

Best regards,

Martin Hosnedl
AVG Technical Support

website: http://www.avg.com
mailto: supp...@avg.com

On Apr 17, 1:19 am, JoeFaust <jhartf...@gmail.com> wrote:

- Show quoted text -

> I found this post on the AVG Free Forum titled "You suspect a file to
> be a false positive":http://forum.grisoft.cz/freeforum/read.php?4,104930,backpage=,sv=

> As per instructions, I ran digest.so through the site mentioned here:http://virusscan.jotti.org/ and AVG Antivirus is the only scanner
> that returns a positive result, which leads me to believe that we are
> indeed dealing with a false positive, local to AVG. I have also
> emailed digest.so in an encrypted zipfile to vi...@avg.com. I have
> not tried disable heuristic scanning on the Resident Shield. I have
> just been restoring the file from the virus vault each morning. :(

> --Joe

> On Apr 16, 4:51 am, pstonline <pstonl...@pstonline.co.uk> wrote:

> > You are a life saver! Had the same problem yesterday 15 April 2008.
> > This must be due to a recent update on AVG.

> > I've now restored the offending file digest.so and ruby and my mongrel
> > service is up and running again.
> > (Until the file gets virus vaulted again...)
> > Do we know whether this really is a false positive?
> > Is there a way to prevent the file from being virus vaulted?

> > Regards,

> > Fabricio

> > On Apr 14, 3:09 am, JoeFaust <jhartf...@gmail.com> wrote:

> > > I recently started running into trouble with my ruby install. Anytime
> > > I tried to run 'gem' or 'rake' I'd get the following output:

> > > gem list
> > > c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to load
> > > -- digest.so (LoadError)
> > > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:
> > > 11
> > > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in
> > > `require'
> > > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501
> > > from c:/ruby/bin/gem.bat:5:in `require'
> > > from c:/ruby/bin/gem.bat:5

> > > I initially worked around this yesterday by reinstalling ruby & rails,
> > > but then today the issue recurred, so I started digging deeper. I
> > > tracked this down to my anti-virus software identifying digest.so as
> > > "Trojan horse Generic10.JXS" and moving it into the Virus Vault
> > > (effectively deleting it). I'm assuming that this is a false-
> > > positive, as it occurred on both my work & home machines.

> > > According to my virus scanner log, this was first detected on
> > > 2008-04-11 (the software updates itself daily).

> > > Details:

> > > OS: XP (home) Vista (work)

> > > ruby --version
> > > ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32]

> > > AVG Free Edition (http://free.grisoft.com/)
> > > Internal Virus Database version: 269.22.13/1376

> > > "Virus" details:
> > > Object name: digest.so
> > > Object path: C:\ruby\lib\ruby\1.8\i386-mswin32\
> > > Discovery: Trojan horse Generic10.JXS
> > > Date of detection: 4/13/2008 7:13:40 AM
> > > Source computer: ....
> > > Finder: SYSTEM
> > > File size: 20 KB (20566 bytes)
> > > Healable: No
> > > Source: Backup copy
> > > Status: Infected

Reply to author Forward

End of messages

« Back to Discussions

« Newer topic

Older topic »