Virus!!!!! AVG reports

[badgerballs]

Is anyone here using AVG 8.0 as mine reports a trojan horse downloader banload.WPR

I suspect it is a load of bull, but have quarantined it anyway until I can verify otherwise. The trojan is apparently in the unstall.exe.
I have sent it to AVG for analysis.
regards

[Echostatic]

Just happened to me as well.

[klmonline]

Same thing with Kaspersky anti-virus, also located in the uninstall pack. Except mine shows banload.ohf

[DewDude420]

If you're downloaded goldwave from a trusted source...then these are completely bogus.

I'm starting to wonder if some of these AV vendors are getting kickbacks from some other companies...make competing products look like they're a virus.

AVG has a free version....so I don't expect this thing to get it 100% right every time...analysis can go wrong at times.

Anti-Virus is one part scanning and one part use-yer-noggin. If you know the program you got was from a trusted source (and i could consider c|net and goldwave a trusted source), then 9 times out of 10 you're ok...

[klmonline]

Yeah, but that tenth time is a doozy. Having worked in software manufacturing and distribution, I can tell you that just because it's a download from the manufacturer's site is no guarantee of immunity. Employees' computers at software companies get viruses just like anyone else. It is certainly possible for the download copy they put on a server to get infected somewhere along the line. Until I have a formal statement from the vendor saying they have investigated the report and stand behind the safety of the specific file on the server, I choose not to take the chance.

By the way, you have reports on this thread from at least two and maybe more antivirus programs coming up with the same trojan. So it's not a case of a single checking algorithm making a mistake.

Why on earth would you jump in with the recommendation that people not be cautious? "It's probably fine" is pretty faint reassurance from someone without any personal stake in the software.

Good luck to you on your download. I can afford to wait.

[GoldWave Inc.]

I have done binary comparisons with the downloads on the main GoldWave websites and the original file stored on backup and there are no differences. Furthermore, anti-virus programs are making similar false reports on older versions of the GoldWave download that have been thoroughly scanned by major download sites and are known to be clean.

All indications are that these are false positives. Please contact your anti-virus vendor and request they update their profiles to correct the problem.

If you have any concerns, simply delete the unstall.exe file (the uninstaller program) from your computer. It is not required to run GoldWave and the software can be uninstalled manually by following the directions in the ReadMe.txt file.

Chris

[klmonline]

Excellent. Just the report I wanted. Thank you for the double checking and posting the results.

[DewDude420]

Having worked in software manufacturing and distribution, I can tell you that just because it's a download from the manufacturer's site is no guarantee of immunity. Employees' computers at software companies get viruses just like anyone else. It is certainly possible for the download copy they put on a server to get infected somewhere along the line. Until I have a formal statement from the vendor saying they have investigated the report and stand behind the safety of the specific file on the server, I choose not to take the chance.

Sure, it's possible...however, there are these lovely things like CRC and checksums that will allow someone to verifiy a file has not been tampered with after it reaches server....and the same can be applied for a file that gets downloaded from the server to your computer. Are you saying if the checksum matches an orginal but comes up as a virus, you're not going to go with the false positive and wait for the AV company to send you a statement...what some aluminium foil underpants to go with that hat?

In my cases, most of the time AV companies won't send you anything back (espically if you're using some of the free ones), they'll say they recieved the report and that's that. If you choose to not use goldwave because your AV program says it's a virus, that's fine..maybe it's not a program for you. I will tell you this...I've yet to upgrade to AVG 8.0, i'm still running 7.5, and none of the goldwave applications trigger anything..and my definitions are updated.

9 times out of 10 AVG has false-positives..i've seen it kick some Vista componets back as viruses.

[mh]

Any AV program is perfectly capable of false positives. I've seen a commercial and well respected one bring down an email server (ouch!) entirely on account of a false positive.

I was an AVG user until they brought out version 8; since then I've switched to Avast, and have never had a report of a virus in any version of GoldWave with either program. There may be something else on your PC that is infecting executable files after they're downloaded, or simply upgrading to GoldWave 5.25 may resolve it.

[Coriolanus]

I just sent the file to AVG for analsysis and got this back from them
:

[i]C:\GOLDWAVE\GoldWave\unstall.exe" - detection is correct[/i]

[Coriolanus]

Any AV program is perfectly capable of false positives. I've seen a commercial and well respected one bring down an email server (ouch!) entirely on account of a false positive.

I was an AVG user until they brought out version 8; since then I've switched to Avast, and have never had a report of a virus in any version of GoldWave with either program. There may be something else on your PC that is infecting executable files after they're downloaded, or simply upgrading to GoldWave 5.25 may resolve it.

I just installed and Avast and didn't much care for it. I can't schedule its checks for the middle of the night as I could with AVG. this is the free version. Also I don't care for the UI.

[cataclysm1]

so uhhh.. I dont think all of us have the exact same virus infecting the exact same unstall.exe with the same type of trojan..

And Its been positively detected by AVG when the file was sent in..

This is really scary if Goldwave really does have malicious code in it.....

>:|

[mh]

GoldWave is a well-known reputable product that gets a lot of custom through word-of-mouth. I don't believe for one minute that Chris would put malicious code in; it must be something else causing this.

May I suggest:
* Identify where you got your copy of GoldWave from. If you downloaded it from one of the links on this site, then we'll be concerned. If you got a cracked version from a warez site or elsewhere (for shame!), I'm sorry but you brought it on yourself.
* Download and install the latest version from this site.
* Take a checksum of your unstall.exe (@Chris - it might be an idea to publish checksums of core GW files to help mitigate these kind of problems in future). An MD5 of a clean version 5.25 unstall.exe should match to 328722405138d96562dc0b61bcc7c1bf - anything else, and your version is bogus, corrupt, poxed, or whatever.

Once we've established these, we'll take it further if necessary, but for now, all scare-talk is counter-productive.

[DewDude420]

you know, i was going to produce an MD5 checksum of my unstall.exe file...but i realized something..for starters, i apparently don't have 5.25 installed anywhere, and another..unstall.exe appears to be missing from both my directories..and i don't remember getting rid of them.

in reality..an MD5 checksum of the install file is all you need..if the md5's match up, then you know your install is clean...however, this doesn't take account anything you might of stuck on your system that's infecting these things post-install.

[Coriolanus]

you know, i was going to produce an MD5 checksum of my unstall.exe file...but i realized something..for starters, i apparently don't have 5.25 installed anywhere, and another..unstall.exe appears to be missing from both my directories..and i don't remember getting rid of them.

in reality..an MD5 checksum of the install file is all you need..if the md5's match up, then you know your install is clean...however, this doesn't take account anything you might of stuck on your system that's infecting these things post-install.

I switched to Avast and they did not flag it.

I just scanned with Trend Micro and nothing was flagged in the Goldwave file. I am sure it was a false positive and AVG won't admit it.