Quake3World

Is this an error in AVG or what is it?

While bringing the taskbar back, cause I have it on auto-hide, as the Quicklaunch icons were re-appearing, which sometimes happens when the taskbar hasn't been shown for a while, an AVG message popped up saying that a program was launching which had a virus in it. That program was one of the programs which I had a shortcut to in the Quicklaunch area. The icon for the program was gone, replaced with the default exe icon. I hadn't tried to launch the program, so why had this happened?

I told AVG to fix the problem, then found that it had deleted the exe to do so.

I still had the zip file I downloaded the exe in so I scanned that and AVG found the virus in that, the exe. So I deleted the zip file.

The program is the latest version of an emulator with online play included that lots of people use, and has been out for some time. I've had the prgram for some time aswell. So I find it strange that only now AVG found something wrong with it.

I thought that maybe a hacker had tampered with the program and tried to launch it so I downloaded the latest version again from the site for it. It was the same version, a new version hadn't come out yet. I scanned it for viruses and it found a virus in the exe again.

The virus was called "Obfustat.AN". I searched the AVG Virus Encyclopaedia for it, both with and without the ".AN" but didn't find anything.

I looked on the AVG new viruses page aswell and it wasn't on there (this was within AVG but via the internet). If it's a new virus why isn't it in the encyclopedia yet? Or on the new viruses page?

Anyway I deleted the zip file.

I searched Google for any information on the virus, but nothing. I searched for "virus" with the name of the program aswell.

I checked previous versions of the program, which I've kept, for viruses, but nothing.

Could this be an error in AVG?

Should I email the programmer of the emulator to tell him I found a virus in it?

Sounds like a false positive. Emulators behave in rather low-level ways, something that might look suspicious to a virus scanner.

DTS wrote:Could this be an error in AVG?

Should I email the programmer of the emulator to tell him I found a virus in it?

As mentioned it sounds like a false positive (meaning the antivirus has matched the file against one of its known virus definitions, but the file may not actually contain a virus, just something that looks a lot like a virus)

First, if the site you got the file from supplies MD5 sums for its downloads, compare the file you downloaded with the MD5. If that checks out, try downloading the file from a mirror site (if available) and compare the MD5 to your original download to see if it checks out.

Try and run a google search for the name of the virus, and the name of the emulator. See if its a known problem and get a general feel for whether there's been similar problems with the program in the past.

If there's no mention of the issue, try and find someone else with AVG and have them check the file out too. It could be that the latest AVG definition is causing the problem or something.

Finally inform the team behind the emulator if all the above checks out and they don't seem to already know about it. Even if its a false-positive, they'll want to know if they don't already.

I said I tried a Google search.

If you have AVG, you could download the emulator called Kawaks at cps2shock.retrogames.com and check it. I'll email the emulator programmer if your AVG finds a virus aswell.

I'm not sure why you say I should check with someone else before emailing the emulator programmer though, Foo?

HOSTS hijacking, a corrupted definitions list, or other PC-specific problems.

If I get the same thing, it proves the issue lies in the emulator + AVG rather than anything else on your PC.

Yep detected for me too.

Google search won't give me ANY results for 'Obfustat', though, so I'm not sure what to make of that. First guess is it's an obscure trojan, which means it probably is a false positive.

Thanks, Foo.

Thanks, ^misantropia^, aswell.

Foo, you said that it is very correct.

what's the point of that? i mean i could understand if the spam post was about viagra or something, but

Spammer's not selling a product, but a service. It's trying to pimp out foo.