Filter Forge - Trojan.Obfuscated.mu

Active Topics Search

ssamm Posts: 364 Filters: 21	I just ran an AVG Anti-Spyware scan on my computer and it found "Trojan.Obfuscated.mu" and labeled it as High risk. It said it's origin was from "C:\Document and Settings\Owner\Application Data\Filter Forge\Updates\Filter Forge 1.011 Setup.exe" (AVG also listed origins from the other previous FF Setup.exe files (e.g.: Filter Forge 1.009 Setup.exe, etc., but I'm too lazy to type them out also).) I think the AVG description I read about this Trojan was something about how it's used to build your trust, but once it's ran, it creates malicious code (or something). I don't know what to make of this, but thought I'd pass this info on to FF. I did let AVG quarantine those files, and it doesn't affect my FF program (I'm guessing probably because the setup.exe files only get ran once for setting the program up). And, no, I have not noticed any malicious effects. By the way, I don't know what AVG stands for, but I think the "G" stands for "Grisoft". It's a company that has free versions of Anti-Virus and Anti-Spyware programs. (In case you want to Google it or something.) Also, on a different topic, FF might be interested in this link: FF wikipedia Where on that page, there's a last link there from some disgruntled, complaining person about FF. (I guess I'm mentioning the link, now, because I tend to delve into fantasies of paranoia, and was imagining ideas of people wanting to sabotage FF...)
	Posted: March 8, 2008 7:55 pm	Details E-Mail
Carl c r v a Posts: 7289 Filters: 82	After reading the complaint it a shame the individual isn't as passionate about the exploitation of textures and authors, but she did point out she would be consider an exploiter and the changes to the eula would obviously burst her bubble, which as we know won't effect, in anyway the legitimate users which are by by far the majority, I think there is some people that are misinterpreting the eula debate and one or two people were over enthused in there comments. Dilla put a link in the last page of round 2, to a complaint, which seem like the same women by whats written. I just ran a scan [ McAfee ] and it didn't find anything - which isn't to say there isn't anything just if there is McAFee didn't find it visit http://www.carlrolfeart.com/
	Posted: March 8, 2008 11:06 pm	Details E-Mail
Kraellin Kraellin Posts: 12749 Filters: 99	ssamm, i believe you have a false positive. in other words, it's reading as a positive virus/trojan, but really isnt. well, technically, it probably is. remember, FF does 'call home' with things like reporting usage stats and probably some other things having to do with downloads and auto-updates and junk like that. my advice, flag it to remind you later and see what the FF staff has to say first. i dont have avg anti-spyware, but i do have avg anti-virus, so i'm pretty sure you dont have anything truly debilitating there. i'm fairly sure it's a false positive. but, contact FF tech support. dont wait for them to respond here in the forums. and just ask them about it. If wishes were horses... there'd be a whole lot of horse crap to clean up! Craig
	Posted: March 9, 2008 1:01 am	Details E-Mail
ssamm Posts: 364 Filters: 21	Kraellin, Yeah, I'm guessing your "false positive" idea is probably correct (because of the Usage Stats stuff of something). (On the internet, I read someone saying they got this "trojan" in other reputable programs too.) I'm not too concerned, but if they don't respond here, I probably will contact them, just so they are aware of the issue.
	Posted: March 9, 2008 11:06 pm	Details E-Mail
Kraellin Kraellin Posts: 12749 Filters: 99	yeah, pretty much any program with a 'call home' feature is going to be seen as a false positive. that's what the anti-spyware software is checking for and it doesnt always distinguish between the benign and malignant. If wishes were horses... there'd be a whole lot of horse crap to clean up! Craig
	Posted: March 10, 2008 1:29 pm	Details E-Mail
Bella Moderator Filter Forge, Inc. Posts: 274	Scanned Filter Forge 1.011 Setup.exe with AVG Anti-Spyware (fresh databases and all) -- found nothing bad. Sleep securely, everyone
	Posted: March 11, 2008 4:42 am	Details E-Mail
Kraellin Kraellin Posts: 12749 Filters: 99	umm, bella, if you didnt find anything and ssamm did and you're both using the same program to scan, wouldnt that indicate that ssamm does have something bad going on? are you both using the new 8.0 version of avg? or are one of you using 7.5 and the other using 8.0? If wishes were horses... there'd be a whole lot of horse crap to clean up! Craig
	Posted: March 11, 2008 2:07 pm	Details E-Mail
ssamm Posts: 364 Filters: 21	Well, my AVG Anti-Spyware version is only 7.5.1.43. But I'm not sure if that was what happened, as I just updated the database (not the program version), un-quarantined my "C:\Document and Settings\Owner\Application Data\Filter Forge\Updates\Filter Forge 1.011 Setup.exe" file, and then scanned it alone and nothing was found... I wish I remembered how the AVG program worded it, when it found a problem -- where it almost sounded like it found a "trojan" that was "traced back to" the Setup.exe file -- where maybe AVG was looking at something also external to the file? (I really have no idea how those programs work.) When I have time, I'll do another full system scan, to see if I can re-create what happened (but I won't have time for at least a day or so)...
	Posted: March 11, 2008 3:18 pm	Details E-Mail
ssamm Posts: 364 Filters: 21	Update: ...even after the full system scan, the "trojan" still didn't show up. (Maybe when I updated the AVG database, this changed something?) Anyway, everything is appearing correct now.
	Posted: March 12, 2008 7:53 pm	Details E-Mail
Kraellin Kraellin Posts: 12749 Filters: 99	good If wishes were horses... there'd be a whole lot of horse crap to clean up! Craig
	Posted: March 13, 2008 9:08 am	Details E-Mail
onyXMaster Filter Forge, Inc. Posts: 350	Some AV programs are "too good" at their heuristics algorithms to detect unknown viruses. Also, the setup program itself does not "call home" at any point (even FF itself makes it clear about when it and why it "calls home", unless you told it to "update automatically" or anything like that), and I'm almost sure that AVG isn't able to uncompress setup files and remove code protection from contained Filter Forge executables all automatically
	Posted: March 13, 2008 9:40 am	Details E-Mail
Bella Moderator Filter Forge, Inc. Posts: 274	Most probably the problem was a false positive, just as Kraellin mentioned earlier. AVG falsely identified Filter Forge Setup.exe as a trojan -- as far as I understand it, anti-spyware programs identify malware by comparing files with samples in their databases, this is why there is a possibility that an innocent program might be considered bad if it happens to match a sample. When ssamm updated the database, the Setup.exe file stopped being identified as malware because it no longer matched any of the samples in the database. We didn't find the trojan because the tester had new databases from the start, though the AVG program version was the same as ssamm had.
	Posted: March 13, 2008 9:52 am	Details E-Mail
Kraellin Kraellin Posts: 12749 Filters: 99	yup, makes sense If wishes were horses... there'd be a whole lot of horse crap to clean up! Craig
	Posted: March 13, 2008 11:51 am	Details E-Mail
Beliria FilterForger & creative genius ;) Posts: 1932 Filters: 45	been a while since I used FF2 and just did the update myself and got the trojan message am using McAfee, did a screen dump and then clicked to find out more and got this: http://home.mcafee.com/VirusInfo/Viru...key=142018 Don't know if that helps but just thought would mention it. Nothing wrong with a little insanity ;)
	Posted: May 26, 2011 1:32 pm	Details E-Mail
gorgon1001 gorgon1001 Posts: 8	I'm getting the same McAfee error message. In addition I can't complete the installation of the new version - error message attached. When I try to run the program, FF tells me it's missing a resource. In both stand-alone and plug-in mode it stops dead. In plug-in mode, it locks up Photoshop. Yep, it's me!
	Posted: May 26, 2011 7:11 pm	Details E-Mail
gorgon1001 gorgon1001 Posts: 8	Actually, on closer inspection, I'm not getting quite the same McAfee error message; mine tells me that I have to do an immediate re-boot so it can address the problem. Yep, it's me!
	Posted: May 26, 2011 7:13 pm	Details E-Mail
GMM Moderator Filter Forge, Inc Posts: 3491	Looks like McAfee have no more real infection to include in their database, so they've included legitimate software If you turn off MacAfee real-time virus scanning first you should get no problems installing the update.
	Posted: May 27, 2011 6:39 am	Details E-Mail
jitspoe Posts: 189 Filters: 27	I've never been a fan of virus scanners. They often have more ill effects on your system than viruses themselves - constantly thrashing your hard drive, finding false positives, blocking legit programs, and they seem to have an uncanny ability to NOT find the legitimate viruses. Better way to keep your computer virus free: - Never use IE. - Uninstall Java (JVM = Java Virus Machine). - Disable plugins (I use Opera, and there's a quick preferences to enable/disable plugins). - Don't download/run files from questionable sites or email.
	Posted: May 27, 2011 10:19 am	Details E-Mail
Myrrdraal Myrrdraal Posts: 47 Filters: 90	First problem = "I just ran an AVG". My advice? Get a real scanner - Secondary advice MacAfee is not a real scanner. MacAfee, Norton, TrendMicro(PC Cillin), etc. These are placebo-ware. They lack any real abilities to secure your system, unless by secure you mean slow down to a crawl. Further advice? Linux! BTW YES I DO run FF on linux. Both in vbox and straight wine. One thing you can rely on is that if you obtained FF legally it IS clean. ~Myrrdraal~
	Posted: May 31, 2011 12:52 pm	Details E-Mail
eRiKsCoLa Real Estate Broker Posts: 1	oh thanks for the tips... so much appreciated.
	Posted: June 9, 2011 11:46 pm	Details E-Mail