Trojan Horse Generic11.AHCS warning in v1.0.11?

[htpcmax]

Hi guys,

I used to use Free*EPG, but on reinstalling my HTPC over this last weekend found that it was no longer available, which I wasn't really happy with, but ok, there's an alternative, so I grab XMLTV: Guide Pack, and install away.

Now I'm getting warnings from AVG 8.0 (virus def 169) that there is a Trojan Horse: Generic11.AHCI every time anything touches the exe files that were installed: UACNET.exe, xmltvMerge.exe, xmltvAlter.exe, xmltvDownload.exe, and the guide proxy. I've tried uninstalling and reinstalling, and as soon as the installer goes to drop these files into my computer, up pops AVG wanting to clean them again.

Imagining this to be a false positive, I sent one of the exe's at random up to http://www.virustotal.com, which runs many virus scanners over the file and gives you a report. 3 of the 36 run came back with trojan positives.

I thought maybe I had grabbed a funky install pack, so I've downloaded it once more and tried to install it again, but with the same results.

I'm pretty sure that it's not epgStream.net putting trojans into their software, but I don't like when virus scanners back each other up about something like this.

Maybe you could look into the problem, and post a pack that doesn't give false positives? I don't know what causes it, maybe if you talk to AVG they will be able to add you to their 'it's not really a virus guys' list, which would be nice also, or tell you what it is about your file that is giving a false positive.

Any information would be great. For now, I'll go guideless.

Waiting hopefully!
Max

[veefore]

I just got the same warning from AVG saying that xmltvDownload.exe is a trojan horse Generic11.ahcs. I guess I'll have to go epg-less until this is sorted too.

[banger@epgStream]

Hi,

Sorry, I received an email from a user and posted straight away, not realising there was already a post! Good to see we all run for the same virus scanning tools!

Looks like a false-positive because of the EXE compressor we use. Our pre-compression binaries all test ok from our deployment machine, and compressor itself tests ok. I'd hazard a guess to say that within the past 2 weeks a virus/trojan has been detected that happens to use the same compacter version as us.

To be honest I'd only be worried if it appeared on Norton, Kaspersky, NOD, McAfee or Microsoft ... But I might keep an eye on it and maybe disable compression in future versions.

FYI: uacnet.exe is used to start and stop Windows Services (XMLTV Download Schedule) with a UAC prompt.


Thanks,

[banger@epgStream]

Hi,

Just for completeness I've scanned deployment file for the last 2 months (even pre-XMLTV: Guide Pack 1.00) and they are being flagged by AVG's new Virus Signature database.

Actually I'm more interested in finding out the history of the specific virus that our compressed software has been mistaken for. The "Generic11.AHCI" doesn't even show up in their online database!?


Thanks,

[banger@epgStream]

Hi Maybe you could look into the problem, and post a pack that doesn't give false positives? I don't know what causes it, maybe if you talk to AVG they will be able to add you to their 'it's not really a virus guys' list, which would be nice also, or tell you what it is about your file that is giving a false positive.

Your good advice has been gladly actioned: http://www.avg.com/faq.num-1349?srch=fa ... e#faq_1349

[Tumeke]

So whats the solution guys? Wait for epg to fix?

[banger@epgStream]

Hi,

We've just received word from the author of our compression utility (excuse his English):

Hello,

I am sorry for the troubles.

Of course it is a false-positive report! I have submitted a false-positive report to the corresponding authorities. In the past there were few cases of false-positive reports but it could be always solved quickly.

I hope this issue will be solved within the next days as well!

Thank you for your hint.

We'll be repackaging our executables with the latest version of the EXE compressor later tonight which should remove the false-positive.


Thanks,

[jookieapc]

I still have some suspicions about EPGstream because I've noticed other strange symptoms.

1. the icon for XMLTVdownload stops appearing. It becomes the standard unknown program type icon

2. AVG tells me the updates file is corrupted or something similar

and most worringly

3. SBS completely stops working as though the signal has been cut off. However SBS works on my non-Media Centre tv tuner program

What's going on? Is all of this just caused by a false positive? Rescanning for programs does not seem to find SBS again. A rollback seems to correct the problem.

It seemed great until it hit this wall

[banger@epgStream]

Hi,

Looks like we've gotten the thumbs-up from AVG: http://forum.epgstream.net/viewtopic.php?f=63&t=653#p2246

Your SBS tuner issue probably is a Windows Media Center issue, I mean who would want to write a virus to just delete SBS? Don't forget AVG might be putting our software in it's "Vault" which could stop it from working.


Thanks,

[jookieapc]

Thanks for the tips. I didn't suspect it was a special anti-SBS virus

I've only noticed it since putting on EPGstream but I found there are general EPG issues only for Australia that can be fixed with some registry settings. http://www.xpmediacentre.com.au/communi ... ile&id=182