Virus/trojan warnings on installation

Started by Bigstone, December 26, 2021, 01:56:55 PM

Previous topic - Next topic

Bigstone

I get different Virus/trojan warnings on installation, and they differ by pointing out different files between days.
(Could bee because of update of the virus list.) I read earlier that Avast is notorious to scream about this, and yepp, I'm using Avast.
Is this something to bee concerned about or is it just a regular "non-action taking" problem?

Pelle

No complains from other anti-virus programs, so probably false positives. I guess you can always try https://www.virustotal.com ...
/Pelle

Bigstone

#2
I did try Virustotal and 2 programs reported suspicious warnings but others did so should be good or..?

Edit: Just tried to download again but ran into yet another warning and also a new file this time... again.
Avast has been warning about these 3 files so far:
DPgmGILC.exe.part
cAKrYi2A.exe.part
fggZhpNv.exe.part.
All marked as Win32:TrojanX-gen. How come there is different files showing up with about 6 hours apart?
(Avast has not been updated during this time.)

Pelle

I have no idea where "DPgmGILC.exe.part", "cAKrYi2A.exe.part", "fggZhpNv.exe.part" are coming from...
/Pelle

frankie

#4
Quote from: Bigstone on December 26, 2021, 03:29:43 PM
Edit: Just tried to download again but ran into yet another warning and also a new file this time... again.
Avast has been warning about these 3 files so far:
DPgmGILC.exe.part
cAKrYi2A.exe.part
fggZhpNv.exe.part.
All marked as Win32:TrojanX-gen. How come there is different files showing up with about 6 hours apart?
(Avast has not been updated during this time.)
Those files aren't part of PellesC distribution. They should be already on your PC.
From where you downloaded the compiler?
Anyway it is clear that you got infested by some virus.
Check from where they come, clean your PC, then reinstall downloading from the official site.
The compiler must be downloaded from the only official site: http://smorgasbordet.com/pellesc/.
"It is better to be hated for what you are than to be loved for what you are not." - Andre Gide

Bigstone

#5
QuoteThose files aren't part of PellesC distribution. They should be already on your PC.
From where you downloaded the compiler?
Anyway it is clear that you got infested by some virus.
Check from where they come, clean your PC, then reinstall downloading from the official site.
The compiler must be downloaded from the only official site: http://smorgasbordet.com/pellesc/.

The thing is that these Avast warnings only appears directly after I have downloaded the installation file from the official "smorgasbordet.com" site, latest link: http://www.smorgasbordet.com/pellesc/1100/setup.exe .
(I'm running both Avast and Malwarebytes and tries not to get into sketchy sites or downloads to keep my system clean.  ;) ) So what ever these files are they are from the installation file of the Pelles C.
I have never gotten so far to as installing it, it gets banned and put in quarantine as soon as the download is done.
Is there a possibility that someone make's the link re-route to some other server? :-\

Pelle

Which web browser are you using?! I vaguely remember old Internet Explorer saving file "parts" in some temp directory, before combining the "parts" into the final download file. Something like this going on? File "parts" confusing your anti-virus program?!
/Pelle

Bigstone

I have used Firefox, Chrome and even Edge, all gives the same result when downloading the install.exe file. :-\
I will try to download it with another computer as well and see if the result is the same.

frankie

Quote from: Bigstone on December 27, 2021, 12:20:15 AM
I will try to download it with another computer as well and see if the result is the same.
Please let us know
"It is better to be hated for what you are than to be loved for what you are not." - Andre Gide

Bigstone

Ok, tried to download on another computer, running Avast as well, I still get the installation file quarantined so there is something weird going on. file names is now a cache file "f_00a040" and "232765.crdownload" ...I give up...  :(

TimoVJL

Just disable Avast and download Pelles C and install it.
Then enable Avast again.
After that make a zip-package of it and you are able to use it in different PCs.

I gave up with Avast and AVG after they was unable to avoid false alarms.
May the source be with you

Bigstone

Love to but what about those strange files? Where do they come from since it been stated they are not original files in Pelles C in the first place?
I have tested to download and install other (less competent) versions of C ide's with compilers and all installations has worked without any mishaps or warnings, but I have used Pelles C earlier and like it better... ;)

frankie

#12
I have the compiler on different machines controlled by Norton and Kaspersky antivirus. The first sometime reports a "possible" adware on the compiled executables not on the compiler itself.
I complained with Norton.
The Kaspersky never complained.
In any case no strange files are reported by them.
I suppose that the problem is in your computer. Could you make a clean installation by removing the whole compiler first: remove all directories and files from the compiler installation, especially the addin directory and files. Execute a full deep antivirus scan (possibly something better than AVAST). You can eventually use the MS malware remover Windows Defender.
Then reinstall PellesC and run it without any addin that you haven't compiled by yourself.
Please then let us know  :(
"It is better to be hated for what you are than to be loved for what you are not." - Andre Gide

Bigstone

The thing is that I never get to the part to be able to install Pelles C, Avast never gives me a chance to touch the file after download is complete, not on any of the two computers I have tested to download it to.
If I ever get to know what the problem is I will let you guys know.

Stefan Pendl

Forget any of the Antivirus programs, they are all rubbish.
To avoid any issue with your AV program follow these rules:
1. always download from the original site, never from a software collection site
2. disable the AV program, if the download fails, and download again
3. if I remember correctly, VirusTotal also allows checking download URLs
4. never buy any AV program, if your mind is clear Windows Defender is enough, no other software can creep into windows that deep
5. install without AV program active, if VirusTotal reports a majority of no problems
---
Stefan

Proud member of the UltraDefrag Development Team