Community
HELP!!!!!!!! AVG and other Antivirus issues
Links used in this discussion
Links used in this discussion
- https://www.virustotal.com/gui/file/8c6764cecb249f71668631070b84f515566241a2b67177e820c4e3d796a02d64?nocache=1
- https://support.avg.com/supportarticleview?l=en&supporttype=home&urlname=avg-threat-lab-clean-guideline
- https://www.avg.com/report-malicious-file
- https://www.remoteutilities.com/support/kb/remote-utilities-is-mistakenly-detected-as-malware/
Rob Barrett,
User (Posts: 92)
Sep 13, 2022 11:28:56 am EDT
Support level: Pro
So, I have been experiencing issues with clients that have AVG and Remote Utilities Host exe from MSI the msi configurator. All of a sudden, I am getting errors like exe can't be found due to the antivirus eating the file. I tried talking with AVG about it after submitting samples but they wouldn't listen.. This is what they said.
Thanks for your email. Please, check virustotal link -
https://www.virustotal.com/gui/file/8c6764cecb249f71668631070b84f515566241a2b67177e 820c4e3d796a02d64?nocache=1,
and our clean guidelines for more details
https://support.avg.com/supportarticleview?l=en&supporttype=home&urlname=avg-threat-lab-clean-guideline.
Thank you for your understanding.
Have a nice day.
Miro
AVG Customer Care Team
User-added image
AVG Support Center
Here is the results:
Basic Properties
MD5 a9d7effc8978c05bb06d704812be6a11
SHA-1 1400ba3ed9e1a0a8ad82fe281e1e60eda58a170a
SHA-256 8c6764cecb249f71668631070b84f515566241a2b67177e820c4e3d796a0 2d64
Vhash 01703e0f7d701013z11z401013z1015z13z101dz
Authentihash e7d227cb3f52c26a00ed9713719b79894e6f98f9570b50ea825ec1ec24d5 0a8e
Imphash 19b321cb7a9ce31c90397152f38b67ea
SSDEEP 393216:HFMfDRd5Luew5Pe8K6EKB5W+OilBRLOy2PvXeolk/j0vV066u3cSgEzcy:HED1uew5mmEQg+D3OvPvXeol0ju3cCzp
TLSH T1090733C2E3E00814F9FF437299F65F2C9A7AFC98AB79230E14E4B31574 A3D461916687
File type Win32 EXE
Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID UPX compressed Win32 Executable (66.6%)
TrID Win32 Executable (generic) (11%)
TrID WinArchiver Mountable compressed Archive (7.3%)
TrID OS/2 Executable (generic) (4.9%)
TrID Generic Win/DOS Executable (4.9%)
File size 17.33 MB (18173096 bytes)
PEiD packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
History
Creation Time 2019-07-02 13:49:38 UTC
Signature Date 03:31 PM 12/22/2020
First Submission 2022-09-09 14:26:08 UTC
Last Submission 2022-09-09 14:26:08 UTC
Last Analysis 2022-09-11 07:55:47 UTC
Signature Info
Signature Verification
A certificate was explicitly revoked by its issuer.
File Version Information
Copyright Copyright © 2019 Remote Utilities LLC. All rights reserved.
Product Remote Utilities
Description Remote Utilities
File Version 6.10.10.0
Date signed 2020-12-22 21:31:00 UTC
Signers
Remote Utilities LLC
Sectigo RSA Code Signing CA
USERTrust RSA Certification Authority
Sectigo (AAA)
Counter Signers
Symantec Time Stamping Services Signer - G4
Symantec Time Stamping Services CA - G2
Thawte Timestamping CA
X509 Certificates
Symantec Time Stamping Services CA - G2
Symantec Time Stamping Services Signer - G4
USERTrust RSA Certification Authority
Remote Utilities LLC
Sectigo RSA Code Signing CA
Portable Executable Info
Header
Target Machine Intel 386 or later processors and compatible processors
Compilation Timestamp 2019-07-02 13:49:38 UTC
Entry Point 21060288
Contained Sections 3
Sections
Name Virtual Address Virtual Size MD5 Chi2
UPX0 4096 20115456 d41d8cd98f00b204e9800998ecf8427e -1
UPX1 20119552 942080 17fae7ed8d11319ae1a1446ce4c278c1 121064.54
.rsrc 21061632 17223680 e3a0d47514d89c93abfb2fd8f402a626 870587.19
Imports
msvcrt.dll
version.dll
gdi32.dll
advapi32.dll
KERNEL32.DLL
SHFolder.dll
winspool.drv
netapi32.dll
shell32.dll
ole32.dll
Contained Resources By Type
RT_STRING 37
RT_RCDATA 11
RT_CURSOR 7
RT_GROUP_CURSOR 7
RT_ICON 6
UNICODEDATA 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Contained Resources By Language
NEUTRAL 50
ENGLISH US 27
Contained Resources
SHA-256 File Type Type Language Entropy Chi2
26ad8bd8e5e67fa91f5e84623f14dfa392eba1b7742c1430f24039a16228 f0a2 unknown UNICODEDATA NEUTRAL 4.43 1344588.75
e0a16eb6441e280225f96b9fecb22f42ff8f3891f2c26121d96991b74f88 e9c9 unknown UNICODEDATA NEUTRAL 5.83 857141.5
85090d58aceb2ef630709a15e01e216740e85279abd5022b20b388a07015 c4db unknown UNICODEDATA NEUTRAL 5.65 39383.63
5b94876780408f50c0e7a298f9cb060f5bbcbc2ddf8894fb0edfa3a6b24d 35cd unknown UNICODEDATA NEUTRAL 5.13 1419150
4956615fe2817e88bbe53190d14a4b8f104706547b7eaf1852d686d86c7a 9f2c unknown UNICODEDATA NEUTRAL 5.25 1660242.5
Overlay
entropy 7.433434963226318
offset 18165248
chi2 10505.12
filetype unknown
md5 0fa93d29fc0ef891baf6a6c4170f3a3f
size 7848
Thanks for your email. Please, check virustotal link -
https://www.virustotal.com/gui/file/8c6764cecb249f71668631070b84f515566241a2b67177e
and our clean guidelines for more details
https://support.avg.com/supportarticleview?l=en&supporttype=home&urlname=avg-threat-lab-clean-guideline.
Thank you for your understanding.
Have a nice day.
Miro
AVG Customer Care Team
User-added image
AVG Support Center
Here is the results:
Basic Properties
MD5 a9d7effc8978c05bb06d704812be6a11
SHA-1 1400ba3ed9e1a0a8ad82fe281e1e60eda58a170a
SHA-256 8c6764cecb249f71668631070b84f515566241a2b67177e820c4e3d796a0
Vhash 01703e0f7d701013z11z401013z1015z13z101dz
Authentihash e7d227cb3f52c26a00ed9713719b79894e6f98f9570b50ea825ec1ec24d5
Imphash 19b321cb7a9ce31c90397152f38b67ea
SSDEEP 393216:HFMfDRd5Luew5Pe8K6EKB5W+OilBRLOy2PvXeolk/j0vV066u3cSgEzcy:HED1uew5mmEQg+D3OvPvXeol0ju3cCzp
TLSH T1090733C2E3E00814F9FF437299F65F2C9A7AFC98AB79230E14E4B31574
File type Win32 EXE
Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID UPX compressed Win32 Executable (66.6%)
TrID Win32 Executable (generic) (11%)
TrID WinArchiver Mountable compressed Archive (7.3%)
TrID OS/2 Executable (generic) (4.9%)
TrID Generic Win/DOS Executable (4.9%)
File size 17.33 MB (18173096 bytes)
PEiD packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
History
Creation Time 2019-07-02 13:49:38 UTC
Signature Date 03:31 PM 12/22/2020
First Submission 2022-09-09 14:26:08 UTC
Last Submission 2022-09-09 14:26:08 UTC
Last Analysis 2022-09-11 07:55:47 UTC
Signature Info
Signature Verification
A certificate was explicitly revoked by its issuer.
File Version Information
Copyright Copyright © 2019 Remote Utilities LLC. All rights reserved.
Product Remote Utilities
Description Remote Utilities
File Version 6.10.10.0
Date signed 2020-12-22 21:31:00 UTC
Signers
Remote Utilities LLC
Sectigo RSA Code Signing CA
USERTrust RSA Certification Authority
Sectigo (AAA)
Counter Signers
Symantec Time Stamping Services Signer - G4
Symantec Time Stamping Services CA - G2
Thawte Timestamping CA
X509 Certificates
Symantec Time Stamping Services CA - G2
Symantec Time Stamping Services Signer - G4
USERTrust RSA Certification Authority
Remote Utilities LLC
Sectigo RSA Code Signing CA
Portable Executable Info
Header
Target Machine Intel 386 or later processors and compatible processors
Compilation Timestamp 2019-07-02 13:49:38 UTC
Entry Point 21060288
Contained Sections 3
Sections
Name Virtual Address Virtual Size MD5 Chi2
UPX0 4096 20115456 d41d8cd98f00b204e9800998ecf8427e -1
UPX1 20119552 942080 17fae7ed8d11319ae1a1446ce4c278c1 121064.54
.rsrc 21061632 17223680 e3a0d47514d89c93abfb2fd8f402a626 870587.19
Imports
msvcrt.dll
version.dll
gdi32.dll
advapi32.dll
KERNEL32.DLL
SHFolder.dll
winspool.drv
netapi32.dll
shell32.dll
ole32.dll
Contained Resources By Type
RT_STRING 37
RT_RCDATA 11
RT_CURSOR 7
RT_GROUP_CURSOR 7
RT_ICON 6
UNICODEDATA 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Contained Resources By Language
NEUTRAL 50
ENGLISH US 27
Contained Resources
SHA-256 File Type Type Language Entropy Chi2
26ad8bd8e5e67fa91f5e84623f14dfa392eba1b7742c1430f24039a16228
e0a16eb6441e280225f96b9fecb22f42ff8f3891f2c26121d96991b74f88
85090d58aceb2ef630709a15e01e216740e85279abd5022b20b388a07015
5b94876780408f50c0e7a298f9cb060f5bbcbc2ddf8894fb0edfa3a6b24d
4956615fe2817e88bbe53190d14a4b8f104706547b7eaf1852d686d86c7a
Overlay
entropy 7.433434963226318
offset 18165248
chi2 10505.12
filetype unknown
md5 0fa93d29fc0ef891baf6a6c4170f3a3f
size 7848
Conrad Sallian,
Support (Posts: 3068)
Sep 13, 2022 12:47:32 pm EDT
Hi Rob,
Is it a freshly built installer?
Is it a freshly built installer?
Rob Barrett,
User (Posts: 92)
Sep 13, 2022 12:52:53 pm EDT
Support level: Pro
Yes Conrad it is.... Most of my clients have AVG Free and now I have to go in an manually add the AVG folder Exception, which is a pain with A LOT of clientsConrad Sallian wrote:
Hi Rob,
Is it a freshly built installer?
Rob Barrett,
User (Posts: 92)
Sep 13, 2022 12:54:06 pm EDT
Support level: Pro
I still have the old one but This has got to get fixed somehow.... Did you see the first link?
Rob Barrett,
User (Posts: 92)
Sep 13, 2022 1:51:15 pm EDT
Support level: Pro
Conrad Sallian,
Support (Posts: 3068)
Sep 13, 2022 3:55:16 pm EDT
Hi Rob,
I saw the link and the false positive detections. However, the certificate information is wrong - well, outdated. Even if you use the version 6.10 to build a custom installer there must be another certificate, a valid one issued by DigiCert. Here is a screenshot:
Have you tried to reconfigure your build? That should help.
I saw the link and the false positive detections. However, the certificate information is wrong - well, outdated. Even if you use the version 6.10 to build a custom installer there must be another certificate, a valid one issued by DigiCert. Here is a screenshot:
Have you tried to reconfigure your build? That should help.
Rob Barrett,
User (Posts: 92)
Sep 13, 2022 5:12:57 pm EDT
Support level: Pro
So I am thinking that maybe you all, as the developer, can help to inform those companies of their errors
Conrad Sallian,
Support (Posts: 3068)
Sep 13, 2022 5:32:02 pm EDT
Hi Rob,
It was today that we informed Avast (and by extension AVG) about that the last time :) Frankly, why it is so hard to whitelist at least the digital signature is beyond me.
It was today that we informed Avast (and by extension AVG) about that the last time :) Frankly, why it is so hard to whitelist at least the digital signature is beyond me.
Rob Barrett,
User (Posts: 92)
Sep 14, 2022 3:21:23 pm EDT
Support level: Pro
Those companies are big.. Try doing it with Msft....
Rob Barrett,
User (Posts: 92)
Sep 15, 2022 9:22:10 am EDT
Support level: Pro
Hi Rob,
If all issues have been fixed it, just install the latest version. Otherwise, please send me the updated installation file and our ThreatLab will check it.
All Best,
Miro
AVG Customer Care Team
User-added image
AVG Support Center
https://www.avg.com/report-malicious-file
--------------- Original Message ---------------
From: Rob
Sent: 9/14/2022, 3:23 PM
To: support@help.avg.com
Subject: Re: AVG Customer Care - AVG: False positive file RMRESupportV8.exe
If all issues have been fixed it, just install the latest version. Otherwise, please send me the updated installation file and our ThreatLab will check it.
All Best,
Miro
AVG Customer Care Team
User-added image
AVG Support Center
https://www.avg.com/report-malicious-file
--------------- Original Message ---------------
From: Rob
Sent: 9/14/2022, 3:23 PM
To: support@help.avg.com
Subject: Re: AVG Customer Care - AVG: False positive file RMRESupportV8.exe
* Website time zone: America/New_York (UTC -5)