This project has moved. For the latest updates, please go here.

AVG Trojan Detection in MCEBuddy

Feb 21, 2014 at 9:11 PM
AVG keeps detecting "Trojan horse Downloader.Generic13.BVUR" AVG has not been able to resolve this, but they had me delete:

"Internet Explorer"
  • Coupon Companion Plugin
  • Wajam
"Services" Tab;
  • ForceWare Intelligent Application Manager
  • MCEBuddy2x
  • PnkBstrA
  • PnkBstrB
  • WajamUpdater
Now MCEBuddy service is unavailable.

I noticed that there was a false positive detection issue here:

https://mcebuddy2x.codeplex.com/workitem/1306

Is this what is showing up now in my version 2.3 release 13? Is this a false positive? I can't find much info on Downloader.Generic13.BVUR. AVG just keeps saying it is removed and sent to the vault, but it keeps returning.
Coordinator
Feb 22, 2014 at 3:32 AM
I guess their algorithms for detecting unknown viruses isn't that good now is it.

Report it to them that mcebuddy is a valid software and that they need to do a better job at finding malware

Coordinator
Feb 24, 2014 at 11:03 PM
Here is the response from AVG. It's a false positive, if you're facing an issue, update your definitions or submit the software to AVG for analysis:

thank you for your email.

Please be informed that we have been unable to induce any detection on the files included at "MCEBuddy 2.3.13 32bit.zip" archive. We have also noticed that there is released a new version of your software MCEBuddy 2.3.14 but we have been unable to download it from your webpages.

Could you please update AVG to the latest virus definitions and verify the issue again?

In case that you will be able to induce the detection again please attach detected files into the password protected archive and send it to us.

Note:
Create a password-protected archive - http://kb.avg.com/articles/en_US/How_to/How-to-create-a-password-protected-archive

You can also create a screenshot(s) of detection window displayed by AVG.

Note:
Create a screenshot - http://kb.avg.com/articles/en_US/How_to/How-to-create-a-screenshot

We are also pleased to offer you the AVG Whitelisting Service, feel free to read further information at www.avg.com/whitelist and please let us know if you are interested in it.

Thank you for your cooperation. We appreciate it.
Marked as answer by rboy1 on 2/24/2014 at 3:03 PM
Feb 25, 2014 at 12:35 AM
Thanks. Here is what AVG sent to me:

Hello ,
Thank you for contacting AVG.

We have run our test on the file that you sent us and this application or
service from MCEBuddy was detected as malicious. We recommend that you do
not try it as it may cause your comptuer to be vulnerable for more
threats.

To ensure the highest protection from AVG, we recommend that you keep your
operating system up to date as well as the AVG software.

Thank you for choosing AVG.
And here was my reply:

None of the suggestions AVG sent me solved the issue. The virus kept
returning. The problem was apparently malware
(Win32.2UrFace.bho) which was identified and quarantined by Spybot-Search
and Destroy. The MCEBuddy service is in use and I have had no more
indications of any virus from AVG software since the malware was quarantined
by Sbybot-Search and Destroy.

I'll let you know if the virus returns. I'm still wondering if your
MCEBuddy threat is a false positive. I can't find any other information
indicating it as a problem. It seems to be reputable software and works
great.
Feb 25, 2014 at 11:56 AM
Edited Feb 25, 2014 at 1:57 PM
I am also seeing a similar problem. I downloaded/installed version 2.3.13 x64. Trend Micro Office Scan detected WORM_KOLAB.FU in C:\Program Files\MCEBuddy2x\extras\ShowAnalyzerSuite.msi.

Here is the threat description: http://about-threats.trendmicro.com/us/malware/WORM_KOLAB

I am running the latest pattern files. The real time scanner quarantined the file and the damage control component claims to have cleaned it...

I'm currently running a scan with Malwarebytes to see if it sees anything...
Coordinator
Feb 25, 2014 at 2:01 PM
Report it to them so they can improve their software