Author Topic: Avast detected Frostwire Installer with a Trojan  (Read 10635 times)

0 Members and 1 Guest are viewing this topic.

Offline ryklon

  • Newbie
  • *
  • Posts: 12
Avast detected Frostwire Installer with a Trojan
« on: May 25, 2008, 05:49:16 PM »
My Avast detected my frostiwire installer to contain a Win32:Agent-XIT[trj]
I tried to delete the installer and download a new one but its the same,Avast detected the new installer of frostwire to contain a trojan...I downloaded my frostwire installer at cnet download.com

Do you think this is a false positive because everytime I download the installer of frostwire Avast detects the installer to contain a trojan.

Offline ryklon

  • Newbie
  • *
  • Posts: 12
Re: Avast detected Frostwire Installer with a Trojan
« Reply #1 on: May 25, 2008, 06:07:26 PM »
If it is a false positive,is it safe to continue installing frostwire?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84799
  • No support PMs thanks
Re: Avast detected Frostwire Installer with a Trojan
« Reply #2 on: May 25, 2008, 06:36:45 PM »
The problem being how do you determine it is a false positive. The web shield is what I assume is detecting this as it would scan the content before it is fully downloaded. You could pause the web shield (the standard shield may then alert) so you can at least get it on your system (don't install unless you have confirmed).

Upload to VirusTotal - Multi engine on-line virus scanner and report the findings of these files here.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

Try a forum search, frostwire rings a bell and might have been discussed before.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ryklon

  • Newbie
  • *
  • Posts: 12
Re: Avast detected Frostwire Installer with a Trojan
« Reply #3 on: May 26, 2008, 02:26:23 AM »
I went to the frostwire forum and they said that it is the ask toolbar that it is being detected and they said that it is safe to install.Ill try what youve said,if the solution does not work maybe ill wait for a patch from Avast that excludes the part of frostwire as a virus.I know that this is a false positive because previous versions of avast did not detected the latest version of frostwire to contain a virus.
« Last Edit: May 26, 2008, 02:41:59 AM by ryklon »

Offline ryklon

  • Newbie
  • *
  • Posts: 12
Re: Avast detected Frostwire Installer with a Trojan
« Reply #4 on: May 26, 2008, 02:51:21 AM »
This is the link to the result.

http://www.virustotal.com/analisis/1d7e76346a86814ba4173f5dcda8e9eb

3 anti virus detects it to contain a virus or adware.
now is it safe to install?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84799
  • No support PMs thanks
Re: Avast detected Frostwire Installer with a Trojan
« Reply #5 on: May 26, 2008, 02:41:35 PM »
Whilst 3 detections might not be considered conclusive, considering the frostwire forum say it is the ask toolbar, can a custom installation be carried out that excludes the ask toolbar (or is that essential) ?

It may simply be that it collates information on your browsing activity to deliver related adverts, but I know nothing about frostwire so I can't say.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ryklon

  • Newbie
  • *
  • Posts: 12
Re: Avast detected Frostwire Installer with a Trojan
« Reply #6 on: May 27, 2008, 02:48:42 AM »
Yeah the ask toolbar is the one that is being detected
Avast detects the trojan when you scan it or execute the installer of frostwire therefore before you can go to the option of the installer to install the ask toolbar,the installer is already deleted or moved to the chest.

Frostwire said that they will try to contact and have coordination to the 3 company that detects their product with a trojan.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Avast detected Frostwire Installer with a Trojan
« Reply #7 on: May 27, 2008, 03:28:51 AM »
Ask toolbar is adware as far I know... they always say they're not guilty... ::)
The best things in life are free.

Offline ryklon

  • Newbie
  • *
  • Posts: 12
Re: Avast detected Frostwire Installer with a Trojan
« Reply #8 on: June 09, 2008, 08:06:12 AM »
Hi,
I scanned frostwire today(6/9/08) and it is the same
avast detects it as a trojan.
Can i humbly request to remove frostwire or the ask toolbar from the virus signatures being loaded in avast?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Avast detected Frostwire Installer with a Trojan
« Reply #9 on: June 11, 2008, 01:59:41 AM »
Can i humbly request to remove frostwire or the ask toolbar from the virus signatures being loaded in avast?
I think they're not false positives but indeed adwares...
Anyway, you need to use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.
The best things in life are free.

Offline ryklon

  • Newbie
  • *
  • Posts: 12
Re: Avast detected Frostwire Installer with a Trojan
« Reply #10 on: June 11, 2008, 05:27:19 PM »
I cant risk my system just to use frostwire,even avast detects it as a false positive.
An ounce of prevention is worth a pound of cure.
Maybe I should wait avast to remove frostwire from their Virus Definition Files or maybe Frostire will remove ask toolbar from their installation package.This is the best solution I can think...for now.

Offline rassel

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 468
  • Avast always the best choice
    • www.avast.com
Re: Avast detected Frostwire Installer with a Trojan
« Reply #11 on: June 12, 2008, 11:03:16 AM »
Yea, avast even detect the installer as a trojan when i double click it.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Avast detected Frostwire Installer with a Trojan
« Reply #12 on: June 12, 2008, 09:07:51 PM »
Maybe Frostire will remove ask toolbar from their installation package.
For all I know, it's an eligible installation, you can uncheck this option while installing Frostwire. Am I wrong? The ask toolbar is eligible in Nero installations also.
The best things in life are free.

Offline wyrmrider

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1298
Re: Avast detected Frostwire Installer with a Trojan
« Reply #13 on: June 12, 2008, 09:40:34 PM »
IMHO you do not want ASK toolbar or Search Assistant under any circumstances
(you often find them together)

http://os9user.blogspot.com/2007/09/critical-vulnerability-found-in-askcom.html

post a query at one of the Spyware sites such as Spywarewarrior if you need details
I'll do a search on the Avast forum later but I would not be surprised if these have not been discussed before

bottom line is that Ask is still an adware privacy problem although they deny it - my opinion
« Last Edit: June 12, 2008, 09:50:13 PM by wyrmrider »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Avast detected Frostwire Installer with a Trojan
« Reply #14 on: June 13, 2008, 01:19:31 AM »
bottom line is that Ask is still an adware privacy problem although they deny it - my opinion
Fully agree.
The best things in life are free.