topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday December 26, 2024, 4:55 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: GridMove Identified by Symantec AntiVirus as Backdoor Trojan  (Read 29114 times)

Matt Caspermeyer

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 2
    • View Profile
    • Donate to Member
Today (July 11, 2008), Symantec AntiVirus identified GridMove as a Backdoor.Trojan with the 7/9/2008 rev. 3 definition file and deleted GridMove.exe from the Program Files folder and also the application link from Startup.

I imagine I can just re-install GridMove and it should be okay, but I'm pretty sure this is a false positive by Symantec AntiVirus since the previous definition file did not detect an infection, no other programs are infected, and GridMove launches on startup every time. Has anyone else had the same problem? I'm running Windows XP x64 if that makes any difference.

Here's a picture of what Symantec AntiVirus did:

GridMove Backdoor.Trojan Infection.PNG

Thanks for any information you can provide.

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #1 on: July 11, 2008, 04:25 PM »
Not again... GRR, damn! Antivirus programs frequently flag programs made with autohotkey, and yes, that's a false positive.
Thanks a lot for the heads up, Matt! Most people just delete it and go on with their lives, I'm glad you took the time to post here.
I have been making some updating to GridMove, and next week I expect to post a new version. This new version will be compiled with the most recent version of AHK, thus, it'll have no problems with antiviruses (at least, for some time  :'()
Sorry for the inconvinience, Matt!

Matt Caspermeyer

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 2
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #2 on: July 11, 2008, 04:52 PM »
jgpaiva:

Thanks for the reply!

I'm more disappointed in the fact that Symantec blew  :'( GridMove away (GridMove is one of my favorite little apps! 8)), without giving me a chance to save it!

Hmmm... since I rarely reboot, and since GridMove is still in memory (Hah! Symantec didn't remove it from memory!), maybe I'll try holding off reinstalling it until you get the new version of GridMove posted (I can probably go a week or two without rebooting unless Symantec (or usually it's Microsoft with an update) makes me).

Can't wait for the new version - thanks and keep up the awesome work! :Thmbsup:

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #3 on: July 11, 2008, 04:58 PM »
You don't actually have to go without rebooting.
Just change the name of the executable to GridMove2.exe or something, I'm pretty sure it won't delete it then ;)

Can't wait for the new version - thanks and keep up the awesome work! :Thmbsup:
-Matt Caspermeyer (July 11, 2008, 04:52 PM)
:) I hope it'll bring some good improvements. Right now, I already have the "drag to edge" method working with multi-monitors, a long-overdue feature.
I also intend to clean up the menus a bit, improve the about box and hopefully add a "cycle to next grid element" feature that I think is really cool and has been requested a few times already ;)
(But shhh.. noone can know about this, it's supposed to be a surprise  :tellme:)

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #4 on: July 11, 2008, 10:17 PM »
judging from the screenshot, Symantec AV has made a poor decision as it deems a "successful healing" is merely deleting the file but being unable to remove it from memory, leaving the user's PC in a vulnerable state. :down: luckily for Symantec, GridMove is NOT a virus/malware.

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #5 on: July 12, 2008, 07:08 AM »
lol@ "cleaned by deletion" - why can't the monkeys just call it deleted?

I personally feel it's a really bad/dangerous choice to let an AV whack off files on its own without prompting the user for action, you never know what'll scare it next.


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,916
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #6 on: July 12, 2008, 07:09 AM »
nosh, i could not agree more.
long thread here dealing with this same behavior for one of my programs: https://www.donation...ex.php?topic=12614.0

mxn

  • Participant
  • Joined in 2006
  • *
  • default avatar
  • Posts: 6
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #7 on: October 08, 2008, 09:58 AM »
Any news regarding this? NOD32 has been buggning me for months now, thinking GridMove.exe is a backdoor trojan. Adding it to the exclude list doesn't help for some reason.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #8 on: October 08, 2008, 10:05 AM »
download the latest version?

mxn

  • Participant
  • Joined in 2006
  • *
  • default avatar
  • Posts: 6
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #9 on: October 08, 2008, 10:48 AM »
Thanks, updating solved the problem. :) I was sure I had the latest version (seeing as it is almost a year old), but I was wrong.

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #10 on: October 08, 2008, 11:51 AM »
Actually, I still haven't updated since this topic was started (I know, my bad.. sorry but been really busy)...
I'm glad updating worked for you, mxn!

gdot

  • Participant
  • Joined in 2007
  • *
  • Posts: 4
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #11 on: October 30, 2008, 12:47 PM »
 :Thmbsup: Keep up the good work, jg... Thanks! :Thmbsup:

FWIW, avast! has just spotted GridMove as a false positive, declared itself unable to heal and quarantined.
I whitelisted and "un-quarantined" GMove but the program was "not found" (apparently the quarantine un-quarantine process blew something up).

Closed avast, downloaded new version (new copy of v1192, indeed), re-installed... and  >:( avast! spotted the false positive again.

Believe this issue belongs in avast! forums: how to whitelist an application!  :down:


lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #12 on: October 30, 2008, 08:23 PM »
in addition to white-listing, i believe that the AV vendors should improve their detection routine as well in order to reduce the alarming rate of false alarms. :)

gdot

  • Participant
  • Joined in 2007
  • *
  • Posts: 4
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #13 on: October 31, 2008, 06:35 AM »
in addition to white-listing, i believe that the AV vendors should improve their detection routine as well in order to reduce the alarming rate of false alarms. :)

Well, Lanux...

False alarms are extremely boring to you and me, but for the average client the false alarm is perceived as legit, thus improving his/her confidence in the product image, choice and fidelity.

False alarms increase sales... otherwise they would be long gone.

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #14 on: October 31, 2008, 11:17 PM »
False alarms increase sales... otherwise they would be long gone.

that's why AV vendors find it easier label a program as a malware instead. what can i say, fear mongering works apparently.

gdot

  • Participant
  • Joined in 2007
  • *
  • Posts: 4
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #15 on: November 05, 2008, 05:19 AM »
Opened support ticket at avast!  :up:

No reply, but false positivie disappeared 2 days after complaint (solution probably embedded in an auto-update) and GridMove is working again.

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #16 on: November 05, 2008, 06:37 AM »
excellent job, gdot! :up: at least now we know avast! at least listen to their users' complaints. :)

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #17 on: November 05, 2008, 07:05 AM »
:) thanks a lot, gdot!!

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #18 on: November 05, 2008, 11:18 PM »
Opened support ticket at avast!  :up:

No reply, but false positivie disappeared 2 days after complaint (solution probably embedded in an auto-update) and GridMove is working again.

gdot: just curious, is the support line for paying customers only? if not, is it possible to link that post so that future visitors can re-directed to this thread. thanks again. :)

wickedwookie

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 1
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #19 on: November 06, 2008, 06:00 AM »
I also complained to the Avast! people a couple of days ago, but with a simple email to [email protected]
Told them about the false positive etc...

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #20 on: November 06, 2008, 07:53 AM »
Oh man, now that's cool. I seriously wasn't expecting you guys to do that, since it was my own job. Thanks a lot! :D

Kamel

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 138
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #21 on: November 21, 2008, 06:00 PM »
lol@ "cleaned by deletion" - why can't the monkeys just call it deleted?

I personally feel it's a really bad/dangerous choice to let an AV whack off files on its own without prompting the user for action, you never know what'll scare it next.



I actually had an AV remove a whole custom folder of things a friend helped me make for remotely controlling my PC. The AV (I think it was norton ironically enough) listed them as "hacking tools" and removed them without asking, gone forever. What the AV does when it finds what it THINKS are 'infections' is one of my #1 concerns when finding an AV now.
I'm the guy you yell at when your DSL goes down...

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #22 on: November 25, 2008, 10:19 PM »
i heard BitDefender has an option to exclude files/folders from being scanned. i wonder if there is any truth in that? while it'll be good for custom AHK scripts, it leaves a door open for other malwares to reside in that folder.

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: GridMove Identified by Symantec AntiVirus as Backdoor Trojan
« Reply #23 on: December 03, 2008, 11:10 AM »
I've made an update to gridmove, let's see if it solves these problems.