Keyboard Shortcuts
ctrl + shift + ? :
Show all keyboard shortcuts
ctrl + g :
Navigate to a group
ctrl + shift + f :
Find
ctrl + / :
Quick actions
esc to dismiss
Likes
Search
weird attack from AVG AntiVirus on Windows
|
Greetings, all users.
There may be a problem, not with YAAC, but with the AVG AntiVirus tool. I have received a report from a user that he couldn't run YAAC. It turns out his YAAC.jar file was gone. Attempts to reinstall it failed with a "no permissions" error trying to unpack the YAAC.jar file from the YAAC.zip file (all other files were unpacked successfully). After rebooting the system, the user was able to unpack the YAAC.zip file, but, upon attempting to run YAAC, it immediately aborted and the AVG antivirus software claimed the jar file contained a virus named IDP.HELU.JarMal14 and moved the file to its quarantine area (which also contained the previous copy of YAAC.jar). This so far only appears to be an issue for build#159, but I'm not sure if it applies to other releases. There does not appear to be a successful attack on my webserver, so the distribution file should be OK. I am assuming that somehow the latest compile of the JAR file put in a bit pattern that looked like a virus signature, so I am going to get the next build out as soon as possible. Please let me know if you are seeing similar issues, and, if so, the name and version/build of your operating system and the antivirus software you are using. Andrew, KA2DDO author of YAAC |
|
Hmmm... which other site did you download it from? And what build of YAAC did you end up downloading?
That's really suspicious, as there are only two authorized sites to get YAAC from, that are mentioned in every build release notes, which are my personal website, and SourceForge. Anyplace else is not authorized or verified by me, and most of those other sites are months or years out of date (like the SoftPedia site pushing build 58, 101 builds out of date as of this message's publishing date). In the meantime, I am working on an early release of build 160, in hopes that will clear whatever bit-pattern issue caused the anti-virus tools to trigger on build 159. Andrew, KA2DDO author of YAAC ________________________________________ From: [email protected] <[email protected]> on behalf of wk1f via groups.io <wk1f@...> Sent: Friday, November 27, 2020 8:56 AM To: [email protected] Subject: Re: [yaac-users] weird attack from AVG AntiVirus on Windows This happened to me also. I'm using Avast antivirus software Ver 220.9.2437 (build 20.9.5758.615). YAAP - version 1.0-beta 1590(16-nov-2020) Winversion - 2004(OS build 19041-630) It occurred when I tried to use the link from your "update" message. Down loaded from another site and it works ok. Fred |
|
Hi.
Maybe a false positive. Try submitting the file(s) to the virustotal website ??? and see how many (if any) other AV tools spark on it... It's also not unknown, for legitimate and safe library code to have been used by some miscreant, so it then gets wrongly tagged with a "It's Malicious" flag. Had that happen at work some years ago with code I was working on.? A third party multi-mode communications library was being flagged as bad.? Our co's IT people helped submit it for "analysis", where it was found safe.? Seems someone else was using the same library embedded in some malware. 73. Dave G8KBV -- Created on and sent from a Unix like PC running and using free and open source software: |
|
I hope it didn't really say "YAAP 1590" instead of "YAAC 159", because that definitely would have been a hacked version.
I just downloaded from SourceForge, and it's bit-for-bit identical with the version on my own website, so I'm not sure why that one worked but the other one didn't. I confirmed that the SSL certificate for my website hasn't expired yet, so that's not an issue. Andrew, KA2DDO ________________________________________ From: [email protected] <[email protected]> on behalf of wk1f via groups.io <wk1f@...> Sent: Friday, November 27, 2020 10:43 AM To: [email protected] Subject: Re: [yaac-users] weird attack from AVG AntiVirus on Windows Hi Andrew, I believe it was SourceForge and it was "YAAP - version 1.0-beta 1590(16-nov-2020)", what I am now using as test site (WK1F-3) Fred |
|
Thanks for reminding me of that little twist. There is no good technology that some <censored> individual can't turn to evil. However, the website you suggested isn't raising flags from the same AV products that I got the reports on from YAAC users, and I sent them the YAAC.jar file from the official build 159 release (re-extracted from the zip file on my website, in case the website was attacked).
So, hopefully the rebuild for build 160 will move the bits around enough to avoid further false positives. Andrew, KA2DDO author of YAAC ________________________________________ From: [email protected] <[email protected]> on behalf of Dave_G0WBX via groups.io Sent: Friday, November 27, 2020 11:23 AM Subject: Re: [yaac-users] weird attack from AVG AntiVirus on Windows Hi. Maybe a false positive. Try submitting the file(s) to the virustotal website and see how many (if any) other AV tools spark on it... It's also not unknown, for legitimate and safe library code to have been used by some miscreant, so it then gets wrongly tagged with a "It's Malicious" flag. Had that happen at work some years ago with code I was working on. A third party multi-mode communications library was being flagged as bad. Our co's IT people helped submit it for "analysis", where it was found safe. Seems someone else was using the same library embedded in some malware. 73. Dave G8KBV -- Created on and sent from a Unix like PC running and using free and open source software: |
to navigate to use esc to dismiss