AVG Free Edition reporting digest.so as a Trojan
5 views
Skip to first unread message
JoeFaust
Apr 13, 2008, 10:09:56 PM4/13/08
to Ruby on Rails: Talk
I recently started running into trouble with my ruby install. Anytime
I tried to run 'gem' or 'rake' I'd get the following output:
gem list
c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to load
-- digest.so (LoadError)
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:
11
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in
`require'
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501
from c:/ruby/bin/gem.bat:5:in `require'
from c:/ruby/bin/gem.bat:5
I initially worked around this yesterday by reinstalling ruby & rails,
but then today the issue recurred, so I started digging deeper. I
tracked this down to my anti-virus software identifying digest.so as
"Trojan horse Generic10.JXS" and moving it into the Virus Vault
(effectively deleting it). I'm assuming that this is a false-
positive, as it occurred on both my work & home machines.
According to my virus scanner log, this was first detected on
2008-04-11 (the software updates itself daily).
Details:
OS: XP (home) Vista (work)
ruby --version
ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32]
AVG Free Edition (http://free.grisoft.com/)
Internal Virus Database version: 269.22.13/1376
"Virus" details:
Object name: digest.so
Object path: C:\ruby\lib\ruby\1.8\i386-mswin32\
Discovery: Trojan horse Generic10.JXS
Date of detection: 4/13/2008 7:13:40 AM
Source computer: ....
Finder: SYSTEM
File size: 20 KB (20566 bytes)
Healable: No
Source: Backup copy
Status: Infected
I tried to run 'gem' or 'rake' I'd get the following output:
gem list
c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to load
-- digest.so (LoadError)
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:
11
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in
`require'
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501
from c:/ruby/bin/gem.bat:5:in `require'
from c:/ruby/bin/gem.bat:5
I initially worked around this yesterday by reinstalling ruby & rails,
but then today the issue recurred, so I started digging deeper. I
tracked this down to my anti-virus software identifying digest.so as
"Trojan horse Generic10.JXS" and moving it into the Virus Vault
(effectively deleting it). I'm assuming that this is a false-
positive, as it occurred on both my work & home machines.
According to my virus scanner log, this was first detected on
2008-04-11 (the software updates itself daily).
Details:
OS: XP (home) Vista (work)
ruby --version
ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32]
AVG Free Edition (http://free.grisoft.com/)
Internal Virus Database version: 269.22.13/1376
"Virus" details:
Object name: digest.so
Object path: C:\ruby\lib\ruby\1.8\i386-mswin32\
Discovery: Trojan horse Generic10.JXS
Date of detection: 4/13/2008 7:13:40 AM
Source computer: ....
Finder: SYSTEM
File size: 20 KB (20566 bytes)
Healable: No
Source: Backup copy
Status: Infected
pstonline
Apr 16, 2008, 4:51:27 AM4/16/08
to Ruby on Rails: Talk
You are a life saver! Had the same problem yesterday 15 April 2008.
This must be due to a recent update on AVG.
I've now restored the offending file digest.so and ruby and my mongrel
service is up and running again.
(Until the file gets virus vaulted again...)
Do we know whether this really is a false positive?
Is there a way to prevent the file from being virus vaulted?
Regards,
Fabricio
This must be due to a recent update on AVG.
I've now restored the offending file digest.so and ruby and my mongrel
service is up and running again.
(Until the file gets virus vaulted again...)
Do we know whether this really is a false positive?
Is there a way to prevent the file from being virus vaulted?
Regards,
Fabricio
JoeFaust
Apr 17, 2008, 1:19:05 AM4/17/08
to Ruby on Rails: Talk
I found this post on the AVG Free Forum titled "You suspect a file to
be a false positive": http://forum.grisoft.cz/freeforum/read.php?4,104930,backpage=,sv=
As per instructions, I ran digest.so through the site mentioned here:
http://virusscan.jotti.org/ and AVG Antivirus is the only scanner
that returns a positive result, which leads me to believe that we are
indeed dealing with a false positive, local to AVG. I have also
emailed digest.so in an encrypted zipfile to vi...@avg.com. I have
not tried disable heuristic scanning on the Resident Shield. I have
just been restoring the file from the virus vault each morning. :(
--Joe
be a false positive": http://forum.grisoft.cz/freeforum/read.php?4,104930,backpage=,sv=
As per instructions, I ran digest.so through the site mentioned here:
http://virusscan.jotti.org/ and AVG Antivirus is the only scanner
that returns a positive result, which leads me to believe that we are
indeed dealing with a false positive, local to AVG. I have also
emailed digest.so in an encrypted zipfile to vi...@avg.com. I have
not tried disable heuristic scanning on the Resident Shield. I have
just been restoring the file from the virus vault each morning. :(
--Joe
JoeFaust
Apr 17, 2008, 11:14:55 AM4/17/08
to Ruby on Rails: Talk
Got a response from AVG already:
Dear Sir/Madam,
thank you for your email.
We analyzed your file and we can confirm, that it is a false positive.
The detection of this file will be removed in next virus update.
If you need to restore deleted files from AVG Virus Vault you can do
it this way: open AVG Virus Vault (Start -> Programs -> AVG Antivirus
-> AVG Virus Vault). Locate the file that was removed, right click on
it and choose "Restore File(s)" option.
We are sorry for the inconvenience.
Answers to the most common questions can be found here as well:
http://www.avg.com/faq/
Best regards,
Martin Hosnedl
AVG Technical Support
website: http://www.avg.com
mailto: sup...@avg.com
Dear Sir/Madam,
thank you for your email.
We analyzed your file and we can confirm, that it is a false positive.
The detection of this file will be removed in next virus update.
If you need to restore deleted files from AVG Virus Vault you can do
it this way: open AVG Virus Vault (Start -> Programs -> AVG Antivirus
-> AVG Virus Vault). Locate the file that was removed, right click on
it and choose "Restore File(s)" option.
We are sorry for the inconvenience.
Answers to the most common questions can be found here as well:
http://www.avg.com/faq/
Best regards,
Martin Hosnedl
AVG Technical Support
website: http://www.avg.com
mailto: sup...@avg.com
Reply all
Reply to author
Forward
0 new messages