Results 1 to 10 of 10
  1. #1
    Newbie
    Join Date
    January 19th, 2006
    Posts
    24
    Trojan Alert when opening Webmerge? - Resolved: False alarm by AVG
    Hi, I have bee using webmerge for years and today for the first time my AVG antivirus detects a trojan horse when opening Webmerge.

    The trojan exact name is:
    Trojan Horse PSW.OnlineGames3.AEJN

    It is detected both in Webmerge.exe and unwise000d.bin (in the zip file I downloaded at http://www.fourthworld.com/products/.../download.html )

    I unistalled webmerge and reinstalled it but I get the same warning after trying to open the exe file.
    - Is it happening just to me or anybody else is experiencing the same issue?
    - has the file at http://www.fourthworld.com/products/.../download.html been corrupted or is it something limited to my pc only?

    Thanks for your help on this urgent matter,

    fabio

    Below the AVG scan result details:

    "Object name";"C:\Users\Fabio\Desktop\webmerge.exe:\unwise000d.bin"
    "Detection name";"Trojan horse PSW.OnlineGames3.AEJN"
    "Object type";"file"
    "SDK Type";"Core"
    "Result";"Moved to Virus Vault"
    "Action history";""


    "Object name";"C:\Users\Fabio\Desktop\webmerge.exe"
    "Detection name";"Trojan horse PSW.OnlineGames3.AEJN"
    "Object type";"file"
    "SDK Type";"Core"
    "Result";"Moved to Virus Vault"
    "Action history";"Moved to Virus vault"

  2. #2
    The Seal of Aproval rematt's Avatar
    Join Date
    November 19th, 2006
    Location
    The Windy City
    Posts
    4,140
    I just received the same warning. My guess is that AVG has screwed up their definition files AGAIN.

    -rematt
    "I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant." - Richard Nixon

  3. #3
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    England
    Posts
    4,327
    I got the same virus warning from AVG, for webmerge.exe

  4. #4
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    England
    Posts
    4,327
    AVG will not let me run webmerge. This is crazy.

  5. #5
    Affiliate Manager
    Join Date
    January 18th, 2005
    Location
    Los Angeles, California
    Posts
    1,913
    I use Kaspersky here, and have had no warning.

    FWIW, I often run my Win machine without an Internet connection, and do not install any third-party apps except a very few from major vendors (Adobe, Apple, etc.), and almost never use Internet Explorer, preferring the far-more-secure Firefox for testing on that platform. As a general rule I update my Kaspersky database first each time I log on before doing any development work, and stay current with security updates from Microsoft.

    I'm running some additional tests now, and will report back what I find.

    In the meantime, it would be helpful to know if anyone using anything other than AVG has had a warning, and for those using AVG if there's any chance that the infection (if there is an infection at all, as opposed to AVG just misreporting from a corrupt database, etc.) may have come from another source already installed.

    In the future, it would be especially helpful if you report any issues relating to security directly to me at our toll-free number so I can diagnose such reports as quickly as possible: 800-288-5725.

    Thank you for the report. I'll post my test results here shortly.
    Richard Gaskin
    Developer of WebMerge: Publish any data feed on any site
    http://www.fourthworld.com

  6. #6
    Affiliate Manager
    Join Date
    January 18th, 2005
    Location
    Los Angeles, California
    Posts
    1,913
    With a potential security issue reported, I dropped my plans for today and tested this as thoroughly as I could.

    Here are the tests I performed:

    1. Updated Kaspersky, scanned existing installed v2.6b and its uninstaller app.
    RESULT: No viruses found.

    2. Uninstalled existing WebMerge, downloaded copies of WM 2.5 and 2.6b from the fourthworld.com web site. Scanned installers.
    RESULT: No viruses found.

    3. Installed WM 2.5, shipping version. File mod date matches master build copy. Scanned both the app and the uninstaller.
    RESULT: No viruses found.

    4. Uninstalled v2.5; installed v2.6b1 (latest test build on our server). File mod dates match those of our master build copies. Scanned both app and uninstaller.
    RESULT: No viruses found.

    5. Kaspersky Full Scan (all files on system plus RAM).
    RESULT: 59602 files scanned, no viruses found.

    6. Just for the sake of completeness I also check the files on the server. All files match expected mod dates and sizes.

    Given what I can see here, I think Rematt may be on the money: Either AVG is reporting a false positive, or if there is a virus it seems likely that it came from a source other than WebMerge.

    FWIW, the uninstaller included with WebMerge should have the file name "Uninstall.exe", not "unwise000d.bin" as you reported. All master and installed copies here have the file name as "Uninstall.exe". Whatever the source of the problem you're experiencing with your system, it would appear there is something altering at least the file name of that executable.

    Now that we have a thread in my support forum suggesting there's a security issue with WebMerge, it would be very helpful if you could report back what you find as you continue to look for the source of the problem.

    Thanks again for your report, and thanks in advance for your follow-up.
    Richard Gaskin
    Developer of WebMerge: Publish any data feed on any site
    http://www.fourthworld.com

  7. #7
    Newbie
    Join Date
    January 19th, 2006
    Posts
    24
    Ok, I probably found the issue. I downloaded SUPERAntiSpyware (free to try) and checked my all system and found 2 other trojans.
    The software eliminated these trojans and rebooted my pc. After that I tried to download webmerge again and AVG does not report any issue anymore. I am not sure whether it depended on one of the other 2 trojans (like they automatically associated themselves with the webmerge.exe file somehow) or if AVG was just giving a false positive.
    Anyway unwise000d.bin was in the uncompressed Webmerge.exe (before installing) file not in the program directory.
    For your information I report the other 2 trojans SUPERAntiSpyware found on my system (evidently AVG is not good enough to find them and, honestly, it is a bit of a worry):
    Trojan.SVCHost/Fake
    Trojan.Agent/Gen-ModuleR[N] (in the file c:\windows\system32\resoreci.dll)

    In particular I am suspicious about the second trojan in the system32 windows directory.

    Anyway thanks for the prompt and professional response/course of action Richard. I am glad I can still use this great piece of software again.

    Cheers, Fabio

  8. #8
    Affiliate Manager
    Join Date
    January 18th, 2005
    Location
    Los Angeles, California
    Posts
    1,913
    Thank you for the follow-up, Fabio.

    Since I ran my tests I've been in touch with other developers affected by this problem with AVG. Those reports indicate that AVG is reporting false positives for a great many apps as a result of an erroneous entry in their latest update.

    I and other developers affected have been in touch with AVG, and AVG has responded with a confirmation of the false positive, noting that it will be addressed in their next update.

    I've taken the liberty of updating this thread title to reflect AVG's confirmation so folks don't get the wrong idea about our software.

    Thanks again for your report. We take all potential security issues very seriously, which is why we follow very strict practices with all of the OSes here to minimize the risk of infection as much as possible. Given the security holes in Windows and the range of illegal efforts to exploit them, it's not possible to completely eliminate all risks when using Windows or other OSes, but the practices we follow here are uncommonly strict and have given us virus-free systems for more than a decade.

    I'm glad you can use WebMerge now again too.

    If you encounter any other problems related to this or anything else with the program, you're always welcome to call if you like: 800-288-5825.

    I enjoy being in touch with our customers and always look forward to the opportunity to make their work with WebMerge that much easier.
    Richard Gaskin
    Developer of WebMerge: Publish any data feed on any site
    http://www.fourthworld.com

  9. #9
    Affiliate Manager
    Join Date
    January 18th, 2005
    Location
    Los Angeles, California
    Posts
    1,913
    FWIW, here's AVG's email confirming the false report:

    Dear Sir/Madam,

    thank you for your e-mail.

    Unfortunately, the previous virus database might have detected the mentioned virus on some legitimate applications. We can confirm that it was a false alarm. We have immediately released a new virus update that removes the false positive detection on this file. Please advise your customers to update AVG and check their files again.

    We are sorry for the inconvenience.

    Best regards,

    Zlatina Georgieva
    AVG Customer Services
    While this issue has been a time-sink for us to address, I must say I'm very pleased with AVG's prompt response.
    Richard Gaskin
    Developer of WebMerge: Publish any data feed on any site
    http://www.fourthworld.com

  10. #10
    The Seal of Aproval rematt's Avatar
    Join Date
    November 19th, 2006
    Location
    The Windy City
    Posts
    4,140
    Thanks for the follow-up Richard. The problem appears to have been resolved.

    -rematt
    "I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant." - Richard Nixon

  11. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Merchant Alert! Bay Alarm Medical
    By GravityFed in forum AvantLink -AV
    Replies: 0
    Last Post: July 23rd, 2014, 05:47 PM
  2. traffic surge too much for PJ [False Alarm]
    By ToughTurkey in forum eBay Partner Network
    Replies: 1
    Last Post: June 13th, 2011, 09:35 AM
  3. RESOLVED: Webmerge Help not opening in windows 7 64
    By fabio in forum WebMerge (Fourthworld.com)
    Replies: 10
    Last Post: February 14th, 2011, 03:24 PM
  4. AVG Blocking All Linkshare Links? Can Those With AVG Check
    By Trust in forum Rakuten LinkShare - LS
    Replies: 11
    Last Post: October 27th, 2009, 08:00 AM
  5. False Alarm - Sorry
    By Abigail in forum Commission Junction - CJ
    Replies: 1
    Last Post: September 29th, 2003, 08:12 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •