Got a credit card? use our Credit Card & Finance Calculators
Thanks to Wasron,jfgw,Rhyd6,eyeball08,Wondergirly, for Donating to support the site
AVG Quarantining HYP Spreadsheet
AVG Quarantining HYP Spreadsheet
Today AVG antivirus (free) won't let me open the HYP spreadsheet. It thinks that it contains a trojan horse malware.
I have sent a copy for analysis but as yet had no reply.
Regards Escalader
I have sent a copy for analysis but as yet had no reply.
Regards Escalader
-
- Lemon Quarter
- Posts: 4179
- Joined: November 4th, 2016, 9:42 pm
- Has thanked: 1002 times
- Been thanked: 1855 times
Re: AVG Quarantining HYP Spreadsheet
escalader wrote:Today AVG antivirus (free) won't let me open the HYP spreadsheet....
Which one? The Excel version or the OpenOffice one?
Re: AVG Quarantining HYP Spreadsheet
The Excel version.
I also down loaded the latest version just to make sure there wasn't a genuine problem
I also down loaded the latest version just to make sure there wasn't a genuine problem
-
- Lemon Quarter
- Posts: 4112
- Joined: November 4th, 2016, 9:24 am
- Has thanked: 3254 times
- Been thanked: 2855 times
Re: AVG Quarantining HYP Spreadsheet
escalader wrote:Today AVG antivirus (free) won't let me open the HYP spreadsheet. It thinks that it contains a trojan horse malware.
I have sent a copy for analysis but as yet had no reply.
Regards Escalader
It does sound like AVG is flagging a false positive, which can occur with any antivirus software. I've seen reports of slow AVG response to analysing submitted files.
Does this help: https://smallbusiness.chron.com/turn-of ... 69481.html
--kiloran
Re: AVG Quarantining HYP Spreadsheet
Thanks Kiloran.
I have made the whole folder an exception and it seems to have done the trick.
Escalader
I have made the whole folder an exception and it seems to have done the trick.
Escalader
-
- Lemon Quarter
- Posts: 4112
- Joined: November 4th, 2016, 9:24 am
- Has thanked: 3254 times
- Been thanked: 2855 times
Re: AVG Quarantining HYP Spreadsheet
escalader wrote:Thanks Kiloran.
I have made the whole folder an exception and it seems to have done the trick.
Escalader
I've had another report of Avast detecting a HYPTUSS virus. I found that by saving the HYPTUSS as a macro-enabled .xlsm file, instead of .xls, no virus was detected.
Certainly sounds like a false positive to me.
--kiloran
-
- Lemon Slice
- Posts: 257
- Joined: November 5th, 2016, 12:02 am
- Has thanked: 275 times
- Been thanked: 72 times
Re: AVG Quarantining HYP Spreadsheet
kiloran wrote:escalader wrote:Thanks Kiloran.
I have made the whole folder an exception and it seems to have done the trick.
Escalader
I've had another report of Avast detecting a HYPTUSS virus. I found that by saving the HYPTUSS as a macro-enabled .xlsm file, instead of .xls, no virus was detected.
Certainly sounds like a false positive to me.
--kiloran
I keep my HYPTUSS as a macro-enabled .xlsm file (because it takes up significantly less memory in the file system) but AVG free version recently flagged this xlsm format too.
Specifically in the AVG report there must be a script called "SNH-gen" as that is the potential trojan being flagged.
The AVG report does give the option to report as a false positive (and presumably it will be relocated back into my original file system) however like a previous poster I let AVG quarantine the HYPTUSS spreadsheet until I checked this out.
I guess I am happy that AVG is proactive in hunting out sneaky scripts so they can be verified before they are allowed to run, causing potential havoc.
Does this, "SNH-gen", script look familiar to your macro enabled spreadsheet as that is what is being flagged?
thanks
midgesgaolore
-
- Lemon Quarter
- Posts: 4112
- Joined: November 4th, 2016, 9:24 am
- Has thanked: 3254 times
- Been thanked: 2855 times
Re: AVG Quarantining HYP Spreadsheet
midgesgalore wrote:
I keep my HYPTUSS as a macro-enabled .xlsm file (because it takes up significantly less memory in the file system) but AVG free version recently flagged this xlsm format too.
Specifically in the AVG report there must be a script called "SNH-gen" as that is the potential trojan being flagged.
The AVG report does give the option to report as a false positive (and presumably it will be relocated back into my original file system) however like a previous poster I let AVG quarantine the HYPTUSS spreadsheet until I checked this out.
I guess I am happy that AVG is proactive in hunting out sneaky scripts so they can be verified before they are allowed to run, causing potential havoc.
Does this, "SNH-gen", script look familiar to your macro enabled spreadsheet as that is what is being flagged?
thanks
midgesgaolore
I've looked at everything I can and can find no evidence of a virus. I used https://www.virustotal.com/gui/ to submit the file to over 50 anti-virus detectors and this is what it found with hyp_top-up_spreadsheet_-_v11-74.xls
https://postimg.cc/hJFdfZY1
So, Avast, AVG and Tachyon thought the file was infected.
I then deleted a random bit of code and the file was reported as clean. I put that bit of code back and deleted another random bit of code and the file was reported as clean. Those bits of code were totally innocuous.
I then just renamed the file as hyp_top-up_spreadsheet_-_v11-74 virus test.xls and this was also reported as clean.
If a simple change of file name can remove the report of a virus, it strikes me that it is a false positive. I don't know what else I can do.
--kiloran
-
- Lemon Slice
- Posts: 257
- Joined: November 5th, 2016, 12:02 am
- Has thanked: 275 times
- Been thanked: 72 times
Re: AVG Quarantining HYP Spreadsheet
kiloran wrote:...
If a simple change of file name can remove the report of a virus, it strikes me that it is a false positive. I don't know what else I can do.
--kiloran
You are absolutely correct Kiloran, I don't think there is anything you can do.
I honestly didn't think you would do any work on this other than you might check to see if the script SNH_gen was one of yours.
Considering everything you detailed in your previous post, and it seems quite a comprehensive exercise on proving how fickle these virus checkers can be, I also believe it to be a false positive.
The fact others are all of a sudden experiencing the same thing corroborates the false positive.
Thanks
midgesgalore
-
- Lemon Quarter
- Posts: 4112
- Joined: November 4th, 2016, 9:24 am
- Has thanked: 3254 times
- Been thanked: 2855 times
Re: AVG Quarantining HYP Spreadsheet
midgesgalore wrote:kiloran wrote:...
If a simple change of file name can remove the report of a virus, it strikes me that it is a false positive. I don't know what else I can do.
--kiloran
You are absolutely correct Kiloran, I don't think there is anything you can do.
I honestly didn't think you would do any work on this other than you might check to see if the script SNH_gen was one of yours.
Considering everything you detailed in your previous post, and it seems quite a comprehensive exercise on proving how fickle these virus checkers can be, I also believe it to be a false positive.
The fact others are all of a sudden experiencing the same thing corroborates the false positive.
Thanks
midgesgalore
No, nothing like SNH_gen in HYPTUSS. I found various tools which could be downloaded to remove SNH_gen from a file but I'm EXTREMELY wary about these.
--kiloran
-
- Lemon Quarter
- Posts: 4836
- Joined: November 4th, 2016, 2:24 pm
- Has thanked: 4860 times
- Been thanked: 2123 times
Re: AVG Quarantining HYP Spreadsheet
I'm getting AVG quarantining my HYPTUSS because of SNH-gen[Trj]. I've got to go find it now as it has deleted the original.
Chris
Chris
-
- Lemon Quarter
- Posts: 4836
- Joined: November 4th, 2016, 2:24 pm
- Has thanked: 4860 times
- Been thanked: 2123 times
Re: AVG Quarantining HYP Spreadsheet
Found it. Now I am struggling to email it myself (new computer) because my email client (server?) has detected a virus too!csearle wrote:I'm getting AVG quarantining my HYPTUSS because of SNH-gen[Trj]. I've got to go find it now as it has deleted the original.
Chris
-
- Lemon Quarter
- Posts: 4836
- Joined: November 4th, 2016, 2:24 pm
- Has thanked: 4860 times
- Been thanked: 2123 times
Re: AVG Quarantining HYP Spreadsheet
csearle wrote:Found it. Now I am struggling to email it myself (new computer) because my email client (server?) has detected a virus too!csearle wrote:I'm getting AVG quarantining my HYPTUSS because of SNH-gen[Trj]. I've got to go find it now as it has deleted the original.
Chris
Oh wait, I think that was AVG sticking its fingers in again. C.
Return to “Financial Software - Discussion”
Who is online
Users browsing this forum: No registered users and 27 guests