AVG Quarantining HYP Spreadsheet
-
- Posts: 32
- Joined: November 4th, 2016, 2:10 pm
AVG Quarantining HYP Spreadsheet
Today AVG antivirus (free) won't let me open the HYP spreadsheet. It thinks that it contains a trojan horse malware.
I have sent a copy for analysis but as yet had no reply.
Regards Escalader
I have sent a copy for analysis but as yet had no reply.
Regards Escalader
-
- Lemon Quarter
- Posts: 4108
- Joined: November 4th, 2016, 9:42 pm
Re: AVG Quarantining HYP Spreadsheet
Which one? The Excel version or the OpenOffice one?escalader wrote:Today AVG antivirus (free) won't let me open the HYP spreadsheet....
-
- Posts: 32
- Joined: November 4th, 2016, 2:10 pm
Re: AVG Quarantining HYP Spreadsheet
The Excel version.
I also down loaded the latest version just to make sure there wasn't a genuine problem
I also down loaded the latest version just to make sure there wasn't a genuine problem
-
- Lemon Quarter
- Posts: 3865
- Joined: November 4th, 2016, 9:24 am
Re: AVG Quarantining HYP Spreadsheet
It does sound like AVG is flagging a false positive, which can occur with any antivirus software. I've seen reports of slow AVG response to analysing submitted files.escalader wrote:Today AVG antivirus (free) won't let me open the HYP spreadsheet. It thinks that it contains a trojan horse malware.
I have sent a copy for analysis but as yet had no reply.
Regards Escalader
Does this help: https://smallbusiness.chron.com/turn-of ... 69481.html
--kiloran
-
- Posts: 32
- Joined: November 4th, 2016, 2:10 pm
Re: AVG Quarantining HYP Spreadsheet
Thanks Kiloran.
I have made the whole folder an exception and it seems to have done the trick.
Escalader
I have made the whole folder an exception and it seems to have done the trick.
Escalader
-
- Lemon Quarter
- Posts: 3865
- Joined: November 4th, 2016, 9:24 am
Re: AVG Quarantining HYP Spreadsheet
I've had another report of Avast detecting a HYPTUSS virus. I found that by saving the HYPTUSS as a macro-enabled .xlsm file, instead of .xls, no virus was detected.escalader wrote:Thanks Kiloran.
I have made the whole folder an exception and it seems to have done the trick.
Escalader
Certainly sounds like a false positive to me.
--kiloran
-
- 2 Lemon pips
- Posts: 219
- Joined: November 5th, 2016, 12:02 am
Re: AVG Quarantining HYP Spreadsheet
I keep my HYPTUSS as a macro-enabled .xlsm file (because it takes up significantly less memory in the file system) but AVG free version recently flagged this xlsm format too.kiloran wrote:I've had another report of Avast detecting a HYPTUSS virus. I found that by saving the HYPTUSS as a macro-enabled .xlsm file, instead of .xls, no virus was detected.escalader wrote:Thanks Kiloran.
I have made the whole folder an exception and it seems to have done the trick.
Escalader
Certainly sounds like a false positive to me.
--kiloran
Specifically in the AVG report there must be a script called "SNH-gen" as that is the potential trojan being flagged.
The AVG report does give the option to report as a false positive (and presumably it will be relocated back into my original file system) however like a previous poster I let AVG quarantine the HYPTUSS spreadsheet until I checked this out.
I guess I am happy that AVG is proactive in hunting out sneaky scripts so they can be verified before they are allowed to run, causing potential havoc.
Does this, "SNH-gen", script look familiar to your macro enabled spreadsheet as that is what is being flagged?
thanks
midgesgaolore
-
- Lemon Quarter
- Posts: 3865
- Joined: November 4th, 2016, 9:24 am
Re: AVG Quarantining HYP Spreadsheet
I've looked at everything I can and can find no evidence of a virus. I used https://www.virustotal.com/gui/ to submit the file to over 50 anti-virus detectors and this is what it found with hyp_top-up_spreadsheet_-_v11-74.xlsmidgesgalore wrote:
I keep my HYPTUSS as a macro-enabled .xlsm file (because it takes up significantly less memory in the file system) but AVG free version recently flagged this xlsm format too.
Specifically in the AVG report there must be a script called "SNH-gen" as that is the potential trojan being flagged.
The AVG report does give the option to report as a false positive (and presumably it will be relocated back into my original file system) however like a previous poster I let AVG quarantine the HYPTUSS spreadsheet until I checked this out.
I guess I am happy that AVG is proactive in hunting out sneaky scripts so they can be verified before they are allowed to run, causing potential havoc.
Does this, "SNH-gen", script look familiar to your macro enabled spreadsheet as that is what is being flagged?
thanks
midgesgaolore
https://postimg.cc/hJFdfZY1
So, Avast, AVG and Tachyon thought the file was infected.
I then deleted a random bit of code and the file was reported as clean. I put that bit of code back and deleted another random bit of code and the file was reported as clean. Those bits of code were totally innocuous.
I then just renamed the file as hyp_top-up_spreadsheet_-_v11-74 virus test.xls and this was also reported as clean.
If a simple change of file name can remove the report of a virus, it strikes me that it is a false positive. I don't know what else I can do.
--kiloran
-
- 2 Lemon pips
- Posts: 219
- Joined: November 5th, 2016, 12:02 am
Re: AVG Quarantining HYP Spreadsheet
kiloran wrote:...
If a simple change of file name can remove the report of a virus, it strikes me that it is a false positive. I don't know what else I can do.
--kiloran
You are absolutely correct Kiloran, I don't think there is anything you can do.
I honestly didn't think you would do any work on this other than you might check to see if the script SNH_gen was one of yours.
Considering everything you detailed in your previous post, and it seems quite a comprehensive exercise on proving how fickle these virus checkers can be, I also believe it to be a false positive.
The fact others are all of a sudden experiencing the same thing corroborates the false positive.
Thanks
midgesgalore
-
- Lemon Quarter
- Posts: 3865
- Joined: November 4th, 2016, 9:24 am
Re: AVG Quarantining HYP Spreadsheet
No, nothing like SNH_gen in HYPTUSS. I found various tools which could be downloaded to remove SNH_gen from a file but I'm EXTREMELY wary about these.midgesgalore wrote:kiloran wrote:...
If a simple change of file name can remove the report of a virus, it strikes me that it is a false positive. I don't know what else I can do.
--kiloran
You are absolutely correct Kiloran, I don't think there is anything you can do.
I honestly didn't think you would do any work on this other than you might check to see if the script SNH_gen was one of yours.
Considering everything you detailed in your previous post, and it seems quite a comprehensive exercise on proving how fickle these virus checkers can be, I also believe it to be a false positive.
The fact others are all of a sudden experiencing the same thing corroborates the false positive.
Thanks
midgesgalore
--kiloran
-
- Lemon Quarter
- Posts: 4462
- Joined: November 4th, 2016, 2:24 pm
Re: AVG Quarantining HYP Spreadsheet
I'm getting AVG quarantining my HYPTUSS because of SNH-gen[Trj]. I've got to go find it now as it has deleted the original.
Chris
Chris
-
- Lemon Quarter
- Posts: 4462
- Joined: November 4th, 2016, 2:24 pm
Re: AVG Quarantining HYP Spreadsheet
Found it. Now I am struggling to email it myself (new computer) because my email client (server?) has detected a virus too!csearle wrote:I'm getting AVG quarantining my HYPTUSS because of SNH-gen[Trj]. I've got to go find it now as it has deleted the original.
Chris
-
- Lemon Quarter
- Posts: 4462
- Joined: November 4th, 2016, 2:24 pm
Re: AVG Quarantining HYP Spreadsheet
Oh wait, I think that was AVG sticking its fingers in again. C.csearle wrote:Found it. Now I am struggling to email it myself (new computer) because my email client (server?) has detected a virus too!csearle wrote:I'm getting AVG quarantining my HYPTUSS because of SNH-gen[Trj]. I've got to go find it now as it has deleted the original.
Chris