big problem - trojan.Win32.Agent.kl

Convert your BATch files into EXEcutable format in one click.
sixpack
Posts: 13
Joined: Wed Dec 08, 2004 9:16 am

Post by sixpack » Fri Oct 21, 2005 9:43 am

I have f-secure anti virus and recently it see's the compiled exe's as a trojan called trojan.Win32.Agent.kl


please a solution

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Fri Oct 21, 2005 5:07 pm

Yes, I know. Somebody sent report to F-Secure and they add signature to database.
Moreover, AVG antivirus detect trojans inside compiled files too.
I think this problem will be fixed after next update, but....another person may use QuickBFC for creating virus and antivirus will detect viruses inside ALL compiled files.

fireball500

Post by fireball500 » Fri Oct 21, 2005 6:58 pm

Hi,

It apprears that the anti-virus software I use, Microtrend, also detects the final .exe file as a virus and does not allow me to create the file.

Any solution?

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Sat Oct 22, 2005 4:57 pm

I really don't know.... We sent reports to many antivirus companies but still no reaction.



Edited By Oleg Tsheglov on 1130072517

Code Cloude
Posts: 3
Joined: Thu Oct 20, 2005 5:33 pm

Post by Code Cloude » Sat Oct 22, 2005 11:05 pm

Pack quickbfd.exe(unpack it first -it's packe with UPX) with some exepacker like PE-compact, ASpack, Morphin some old or not very well known one to knock out the AV-Scanners. :angry:
http://protools.cjb.net
Also try combination of different packers.



Edited By Code Cloude on 1130025706

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Sun Oct 23, 2005 1:06 pm

Code Cloude wrote:Pack quickbfd.exe(unpack it first -it's packe with UPX) with some exepacker like PE-compact, ASpack, Morphin some old or not very well known one to knock out the AV-Scanners. :angry:
http://protools.cjb.net
Also try combination of different packers.
No, this is only temporary solution. Virus detected inside EXE loader. If we compresss it with another EXE packer then antiviruses will add new signature to database in short time.
We really must rewrite internal compression routines to avoid false alarms.

Eddy Wuyts

Post by Eddy Wuyts » Thu Oct 27, 2005 6:57 am

Hi,

I used QBFC on my work to write a lot of batch procedures.
Procedures like automatic starting up some server drives when launching some specific programs.
Yesterday the AV soft simply deleted all my exe (batch files) created with QBFC. There seems to be a trojan horse in these exe files.
I don't have to mention what kind of problems this as caused (and still is causing).
Can i have an official answer of abyssmedia ?
My e-mail is
eddy@wuyts.com
Thanks.

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Thu Oct 27, 2005 1:06 pm

Our official answer: "This is false positive." We sent a lot of emails to AV vendors, but still not have any answers.
AVG antivirus always detect trojan inside our compiler, we sent at least 6 emails to them, but.... no reaction.

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Thu Oct 27, 2005 1:31 pm

I recormmend all AVG customers read this threads:

http://forum.grisoft.cz/freefor....ge=,sv=
http://forum.grisoft.cz/freeforum/read. ... page=4,sv=
http://www.coolmon.org/forum/viewtopic.php?t=4057

Grisoft claimed many installers and compilers as trojans and never remove it from database!

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Thu Oct 27, 2005 1:36 pm

Finally we got answer from Grisoft (AVG Antivirus) !

Dear Sir/Madam,

Thank you for your email.

The file will be removed from the detection rules.

Best regards,

Oldrich Muller
AVG Technical Support

website: http://www.grisoft.com
mailto: technicalsupport@grisoft.com

sixpack
Posts: 13
Joined: Wed Dec 08, 2004 9:16 am

Post by sixpack » Thu Oct 27, 2005 9:06 pm

Oleg Tsheglov wrote:Finally we got answer from Grisoft (AVG Antivirus) !

Dear Sir/Madam,

Thank you for your email.

The file will be removed from the detection rules.

Best regards,

Oldrich Muller
AVG Technical Support

website: http://www.grisoft.com
mailto: technicalsupport@grisoft.com
did you sent f-secure a e-mail to?

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Fri Oct 28, 2005 6:44 am

Yes, waiting for reaction...

thickfreakness
Posts: 14
Joined: Thu Apr 21, 2005 3:50 am

Post by thickfreakness » Tue Dec 27, 2005 2:58 am

some people that use my files get this problem, I have never used Mcafee

Image



Edited By thickfreakness on 1135893635

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Tue Dec 27, 2005 8:12 pm

McAfee don't like baseball :-)

rge
Posts: 1
Joined: Thu Jan 19, 2006 11:01 am

Post by rge » Thu Jan 19, 2006 11:10 am

Hi, after download this compiler and create a exe file, my anti-virus from Mcafee detect the Univ.script/99 virus in the bat file created in %temp%. I don't know what can I do to resolve this. Can anyone help-me?

Post Reply