Avira Antivirus shows Virus!!!

43 views
Skip to first unread message

offline...@googlemail.com

unread,
Oct 12, 2009, 12:52:24 PM10/12/09
to ZZEE PHPExe
Avira antivirus "www.avira.de" shows "php5_ts.dll" and PHPExe as Virus
TR/Dropper.gen !

Can this be fixed?

Paul (ZZEE)

unread,
Oct 12, 2009, 1:18:47 PM10/12/09
to php...@googlegroups.com
>
> Avira antivirus "www.avira.de" shows "php5_ts.dll" and PHPExe as Virus
> TR/Dropper.gen !
>
> Can this be fixed?

Which ZPE version did you check? Can you give a URL that shows that ZPE is
a virus, if you have one?

TR/Dropper.gen is an old thing, while TR/Dropper.Gen2 is a new virus,
started just recently. Maybe you meant TR/Dropper.Gen2? On their website
there is no description of this virus or what it does, except that is this
is a Trojan and "Drops malicious files" (which is good, btw :)).

I don't know how this can be fixed - not sure why they treat it as malware
in the first place. Someone could have compiled a virus with ZPE (perhaps
this is possible), and since the dll is the same across all compiled
programs, and some antivirus guy could have marked the dll as a virus,
though it is certainly not (in the original intact form).

If you are a client of theirs, you can contact them asking why this dll is
treated as a Trojan. There are lots of false positives in the antivirus
industry. Not so long ago the same thing was with McAfee, posted on this
group, and then it got resolved - they removed it from the list of
malware.

Michael Graf

unread,
Oct 12, 2009, 2:31:35 PM10/12/09
to php...@googlegroups.com
it only happens with PHPExe 2.5, we updated today and got the false alert by avira. We contacted the company and got no response yet.
 
The only chance right now is not giving newly builds with 2.5 to our customers, since the last false alert by Mcaffee caused us a lot of trouble.
 
Do you have a custom php5ts.dll? Because it's not happening with the default install from php.net (all versions)
 
 
greetings, mike

2009/10/12 Paul (ZZEE) <gro...@zzee.com>

Paul (ZZEE)

unread,
Oct 12, 2009, 3:03:14 PM10/12/09
to php...@googlegroups.com
> it only happens with PHPExe 2.5, we updated today and got the false
> alert by
> avira. We contacted the company and got no response yet.

Please roll back to 2.4 then.

> Do you have a custom php5ts.dll?

Sure!

Paul (ZZEE)

unread,
Oct 15, 2009, 6:42:12 AM10/15/09
to php...@googlegroups.com
Hi Mike,

I contacted them about this file, and got this response:

The file 'phpexe.exe' has been determined to be 'FALSE POSITIVE'. In
particular this means that this file is not malicious but a false alarm.
Detection will be removed from our virus definition file (VDF) with one of
the next updates.

So soon it should go from their database.

Paul (ZZEE)

unread,
Oct 16, 2009, 3:30:59 AM10/16/09
to php...@googlegroups.com
Looks like Avira put phpexe.exe 2.5.0 into their latest virus definitions
database and it is not detected as virus any more.

Michael Graf

unread,
Oct 16, 2009, 7:39:25 AM10/16/09
to php...@googlegroups.com
Thanks for the info, we also mailed them the files to remove them from their database.


2009/10/16 Paul (ZZEE) <gro...@zzee.com>

Marcelo Aguiar

unread,
Oct 29, 2014, 3:33:59 PM10/29/14
to php...@googlegroups.com, offline...@googlemail.com
Hi Paul

Avira antivirus show virus "TR/Crypt.XPACK.Gen3" in my compiled files .exe

Do you have any solution?
antivirus detecting virus.png

Waitman Gobble

unread,
Oct 29, 2014, 3:41:49 PM10/29/14
to php...@googlegroups.com

--
--
You received this message because you are subscribed to the Google
Groups "ZZEE PHPExe" group.
To post to this group, send email to php...@googlegroups.com
To unsubscribe from this group, send email to
phpexe+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phpexe?hl=en
---
You received this message because you are subscribed to the Google Groups "ZZEE PHPExe" group.
To unsubscribe from this group and stop receiving emails from it, send an email to phpexe+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Search returns results about avira and false positive with XPACK.Gen3. Recommended action is to disable Avira or bless your application. Might want to try an online scanner with that file to double check. ? A thought.
--
Waitman Gobble
San Jose California USA
510-830-7975

ZZEE Groups

unread,
Oct 29, 2014, 3:42:02 PM10/29/14
to php...@googlegroups.com
Hi Marcelo,

This happened once or twice before. Can you contact them, give your
exe and let them know that this is a legitimate program compiled with
PHPExe? They have a form on their site to report false positives.
> --
> --
> You received this message because you are subscribed to the Google
> Groups "ZZEE PHPExe" group.
> To post to this group, send email to php...@googlegroups.com
> To unsubscribe from this group, send email to
> phpexe+un...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/phpexe?hl=en
> ---
> You received this message because you are subscribed to the Google Groups
> "ZZEE PHPExe" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to phpexe+un...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



--
Regards,
Paul.

Marcelo Aguiar

unread,
Oct 29, 2014, 4:20:43 PM10/29/14
to php...@googlegroups.com, offline...@googlemail.com
I am going to try online scanner for verify if show virus too.

I'm send a email for Avira about this cause.

thank you Paul and Gobble  

I will post news

Sorry my english.

Mike:Hewitt

unread,
Oct 30, 2014, 6:19:43 PM10/30/14
to php...@googlegroups.com
I created an app that avast was classing as malicious.  I submitted a false positive report and they updated their database.

--

Mike:Hewitt

unread,
Oct 30, 2014, 6:32:00 PM10/30/14
to php...@googlegroups.com
Actually it may have been Avira.  It was the curl that was doing it for me.  They were very helpful anyway in rectifying the false positive.

Reply all
Reply to author
Forward
0 new messages