AVG Antivirus finds a new Generic24.BZCM signature

[ElectricMucus]

Code:

VirSCAN.org Scanned Report :
Scanned time   : 2011/09/13 03:51:53 (CEST)
Scanner results: 3% Scanner(s) (1/37) found malware!
File Name      : bitcoin.exe
File Size      : 10949632 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 80a9fdb41380a8e24f5aaff42a8c6e7d
SHA1           : 5fcef94ff6ba494e1e98cf47736473663733272e
Online report  : http://r.virscan.org/bd8eee25fef51709166d4016a234c6b0

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.3         20110913020625    2011-09-13  0.97   -
AhnLab V3      2011.09.12.01   2011.09.12        2011-09-12  2.18   -
AntiVir        8.2.6.60        7.11.14.180       2011-09-12  0.28   -
Antiy          2.0.18          20110913.12455110 2011-09-13  0.02   -
Arcavir        2011            201109061639      2011-09-06  2.46   -
Authentium     5.1.1           201109121948      2011-09-12  1.78   -
AVAST!         4.7.4           110912-1          2011-09-12  0.95   -
AVG            8.5.850         271.1.1/3893      2011-09-13  0.23   Generic24.BZCM
BitDefender    7.90123.9106139 7.38995           2011-09-13  4.45   -
ClamAV         0.97.1          13601             2011-09-12  1.44   -
Comodo         5.1             10092             2011-09-12  2.01   -
CP Secure      1.3.0.5         2011.09.12        2011-09-12  0.00   -
Dr.Web         5.0.2.3300      2011.09.13        2011-09-13  17.41  -
F-Prot         4.6.2.117       20110912          2011-09-12  1.16   -
F-Secure       7.02.73807      2011.09.12.05     2011-09-12  0.26   -
Fortinet       4.2.257         14.123            2011-09-12  0.10   -
GData          22.1993         20110913          2011-09-13  0.11   -
ViRobot        20110910        2011.09.10        2011-09-10  0.34   -
Ikarus         T3.1.32.20.0    2011.09.13.79347  2011-09-13  5.19   -
JiangMin       13.0.900        2011.09.12        2011-09-12  1.62   -
Kaspersky      5.5.10          2011.09.12        2011-09-12  0.11   -
KingSoft       2009.2.5.15     2011.9.13.9       2011-09-13  0.91   -
McAfee         5400.1158       6467              2011-09-12  10.35  -
Microsoft      1.7604          2011.09.13        2011-09-13  6.05   -
NOD32          3.0.21          6451              2011-09-09  0.76   -
Norman         6.07.11         6.07.00           2011-09-12  16.02  -
Panda          9.05.01         2011.09.12        2011-09-12  3.40   -
Trend Micro    9.500-1005      8.422.13          2011-09-12  1.04   -
Quick Heal     11.00           2011.09.12        2011-09-12  5.95   -
Rising         20.0            23.74.03.03       2011-09-08  2.92   -
Sophos         3.23.2          4.69              2011-09-13  5.38   -
Sunbelt        3.9.2500.2      10457             2011-09-12  3.17   -
Symantec       1.3.0.24        20110912.003      2011-09-12  0.24   -
nProtect       20110912.01     12716439          2011-09-12  2.51   -
The Hacker     6.7.0.1         v00293            2011-09-10  0.66   -
VBA32          3.12.16.4       20110912.0737     2011-09-12  6.32   -
VirusBuster    5.3.0.4         14.0.209.0/61214282011-09-12  0.00   -

This is annoying can we get AVG to be more precise in their tests?

Also please validate the correctness of the hashes just in case, who knows I might have a wallet stealer who specifically infests only the bitcoin binary

[1715198534]

1715198534

[1715198534]

1715198534

[1715198534]

1715198534

[Exonumia]

It is flagging the actual bitcoin.exe very annoying

http://virusscan.jotti.org/en/scanresult/0214bed84935ae396859a7e1f7de742544f8d75d

http://www.virustotal.com/file-scan/report.html?id=a69de4fc3fdfa08a4b2f8a8e65840dfe1a719d28744759e431d2592fb8f2016d-1315886735

[nibor]

Yes getting issue too. Will report to AVG.

What you see is:


I checked the sha1 of the binary (using http://support.microsoft.com/kb/841290) and is:


I also redownloaded the binary from:
http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.24/

and the SHA1 of the binary in this package matches the one above and the SHA1 of the zip matches the sha1 in the signed txt file on sourceforge (can someone just double check that the signature below is valid? As I do not have a good public key for it.

Conclusion is that AVG is wrong (once someone checks the signature below).


To work around the issue
Open AVG app by double clicking on icon in tray.
Doubleclick on Resident Shield
Click on Manage Exceptions
Select the bitcoin binary.

THIS IS DANGEROUS as I do not know if AVG will spot if you change the binary to a different one that is infected?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

4909c17a1cc025c6f6c88d036f0b487c51c510f6  bitcoin-0.3.24-linux.tar.gz
fed0afebe0b0c0f77a637600ac4abecbe5d098ed  bitcoin-0.3.24-macosx.zip
58531249230f769fdc755822b41e0f18ba59512c  bitcoin-0.3.24-src.tar.gz
d4b5425eff673551a326d5326b92a06359dc1a3d  bitcoin-0.3.24-win32-setup.exe
520aed70ee28a0a91ed49dd983639cb1fab2a93c  bitcoin-0.3.24-win32.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTiTMHNodwg8tvwyoAQL8CRAAgraSWP12lbwrhpiElvB7LIWoPbiE1dUx
i2ZO4MVJYKMbyuHu55j1Uq7a4ZqpNhXqq7U6efnoDTCl9sdpyhKxiql0SpsYBLs1
IehX4UEVGVMUE5uepmOs+cYnYuAhNzvxNqKFPv3D7uEOXPmSxlUa4s0GEnTgVR1l
0GFYf2T615MoGAak3+afahp4WB4XlHshttHT2P3o2/7N4Oh7iwFFtkmOj/Sb3Prc
C8skW83kUZ4i8W1HlZTmtr4YlQbKnx6bF6mbkTY1aQa1AV/8htenALkmR2+eCgsd
EY9WM8qruxnVLt/ao+VYw5jYLSYVKHt31ZD4rJM+5lKcTtU1NmNsGloen+hdLwC+
hggqnUQmvBzM7SKqvg4zI9SbgGR5fS3poTrFX7yDKZyLSPcjBND/lWi8evRiSEP0
yftCKL7zotdRy6QTG7tI1Fye1fyYuQdTB1nimE+7VJ8Q2O4DwE0iZKMuXm3GfaOr
T20Znvns9caMKED9T1gg42QgYM6EMMbeukBUkIXPt2tloDnn2tMzvvrKzgGBS1Lc
qv2ndhBCunBxNCQCHly4T2Rz8TJnm2XglS0d/VygcMuMSL0San5DwXYNnN4P0xD/
MXOdqrxcusIzKBbSHWPqInRmYUTymDtcqXWK3Cz6kRUXjBkRoSvDs8PBAvnaC236
1xol6uyMqZo=
=aMy0
-----END PGP SIGNATURE-----

[nibor]

I have reported to AVG.

Bet it would help if lots of people did.

Instructions are at:
http://forums.avg.com/ww-en/avg-forums?sec=thread&act=show&id=395

[nibor]

Also not sure if others saw this to, but my wallet became corrupted. I guess this was because AVG halted the process in the middle of it doing something?

Luckily I had a backup and only 0.5 BTC in it anyway and downloaded a fresh blockchain and ran with -rescan and all looks fine.

[plogank]

I just updated AVG and scanned.  It no longer finds a problem.  They must have fixed it...