Donate to Remove ads

Got a credit card? use our Credit Card & Finance Calculators

Thanks to johnstevens77,Bhoddhisatva,scotia,Anonymous,Cornytiv34, for Donating to support the site

AVG Quarantining HYP Spreadsheet

Discussions regarding financial software
escalader
Posts: 32
Joined: November 4th, 2016, 2:10 pm
Been thanked: 11 times

AVG Quarantining HYP Spreadsheet

#420650

Postby escalader » June 18th, 2021, 11:20 pm

Today AVG antivirus (free) won't let me open the HYP spreadsheet. It thinks that it contains a trojan horse malware.

I have sent a copy for analysis but as yet had no reply.

Regards Escalader

Breelander
Lemon Quarter
Posts: 4178
Joined: November 4th, 2016, 9:42 pm
Has thanked: 999 times
Been thanked: 1855 times

Re: AVG Quarantining HYP Spreadsheet

#420658

Postby Breelander » June 18th, 2021, 11:57 pm

escalader wrote:Today AVG antivirus (free) won't let me open the HYP spreadsheet....

Which one? The Excel version or the OpenOffice one?

escalader
Posts: 32
Joined: November 4th, 2016, 2:10 pm
Been thanked: 11 times

Re: AVG Quarantining HYP Spreadsheet

#420663

Postby escalader » June 19th, 2021, 1:04 am

The Excel version.
I also down loaded the latest version just to make sure there wasn't a genuine problem

kiloran
Lemon Quarter
Posts: 4092
Joined: November 4th, 2016, 9:24 am
Has thanked: 3234 times
Been thanked: 2827 times

Re: AVG Quarantining HYP Spreadsheet

#421345

Postby kiloran » June 22nd, 2021, 10:10 am

escalader wrote:Today AVG antivirus (free) won't let me open the HYP spreadsheet. It thinks that it contains a trojan horse malware.

I have sent a copy for analysis but as yet had no reply.

Regards Escalader

It does sound like AVG is flagging a false positive, which can occur with any antivirus software. I've seen reports of slow AVG response to analysing submitted files.

Does this help: https://smallbusiness.chron.com/turn-of ... 69481.html

--kiloran

escalader
Posts: 32
Joined: November 4th, 2016, 2:10 pm
Been thanked: 11 times

Re: AVG Quarantining HYP Spreadsheet

#421409

Postby escalader » June 22nd, 2021, 3:09 pm

Thanks Kiloran.

I have made the whole folder an exception and it seems to have done the trick.

Escalader

kiloran
Lemon Quarter
Posts: 4092
Joined: November 4th, 2016, 9:24 am
Has thanked: 3234 times
Been thanked: 2827 times

Re: AVG Quarantining HYP Spreadsheet

#424692

Postby kiloran » July 4th, 2021, 2:56 pm

escalader wrote:Thanks Kiloran.

I have made the whole folder an exception and it seems to have done the trick.

Escalader

I've had another report of Avast detecting a HYPTUSS virus. I found that by saving the HYPTUSS as a macro-enabled .xlsm file, instead of .xls, no virus was detected.
Certainly sounds like a false positive to me.

--kiloran

midgesgalore
2 Lemon pips
Posts: 249
Joined: November 5th, 2016, 12:02 am
Has thanked: 266 times
Been thanked: 71 times

Re: AVG Quarantining HYP Spreadsheet

#425893

Postby midgesgalore » July 8th, 2021, 2:44 pm

kiloran wrote:
escalader wrote:Thanks Kiloran.

I have made the whole folder an exception and it seems to have done the trick.

Escalader

I've had another report of Avast detecting a HYPTUSS virus. I found that by saving the HYPTUSS as a macro-enabled .xlsm file, instead of .xls, no virus was detected.
Certainly sounds like a false positive to me.

--kiloran


I keep my HYPTUSS as a macro-enabled .xlsm file (because it takes up significantly less memory in the file system) but AVG free version recently flagged this xlsm format too.

Specifically in the AVG report there must be a script called "SNH-gen" as that is the potential trojan being flagged.
The AVG report does give the option to report as a false positive (and presumably it will be relocated back into my original file system) however like a previous poster I let AVG quarantine the HYPTUSS spreadsheet until I checked this out.
I guess I am happy that AVG is proactive in hunting out sneaky scripts so they can be verified before they are allowed to run, causing potential havoc.

Does this, "SNH-gen", script look familiar to your macro enabled spreadsheet as that is what is being flagged?

thanks

midgesgaolore

kiloran
Lemon Quarter
Posts: 4092
Joined: November 4th, 2016, 9:24 am
Has thanked: 3234 times
Been thanked: 2827 times

Re: AVG Quarantining HYP Spreadsheet

#426279

Postby kiloran » July 9th, 2021, 9:09 pm

midgesgalore wrote:
I keep my HYPTUSS as a macro-enabled .xlsm file (because it takes up significantly less memory in the file system) but AVG free version recently flagged this xlsm format too.

Specifically in the AVG report there must be a script called "SNH-gen" as that is the potential trojan being flagged.
The AVG report does give the option to report as a false positive (and presumably it will be relocated back into my original file system) however like a previous poster I let AVG quarantine the HYPTUSS spreadsheet until I checked this out.
I guess I am happy that AVG is proactive in hunting out sneaky scripts so they can be verified before they are allowed to run, causing potential havoc.

Does this, "SNH-gen", script look familiar to your macro enabled spreadsheet as that is what is being flagged?

thanks

midgesgaolore

I've looked at everything I can and can find no evidence of a virus. I used https://www.virustotal.com/gui/ to submit the file to over 50 anti-virus detectors and this is what it found with hyp_top-up_spreadsheet_-_v11-74.xls
https://postimg.cc/hJFdfZY1
So, Avast, AVG and Tachyon thought the file was infected.

I then deleted a random bit of code and the file was reported as clean. I put that bit of code back and deleted another random bit of code and the file was reported as clean. Those bits of code were totally innocuous.
I then just renamed the file as hyp_top-up_spreadsheet_-_v11-74 virus test.xls and this was also reported as clean.

If a simple change of file name can remove the report of a virus, it strikes me that it is a false positive. I don't know what else I can do.

--kiloran

midgesgalore
2 Lemon pips
Posts: 249
Joined: November 5th, 2016, 12:02 am
Has thanked: 266 times
Been thanked: 71 times

Re: AVG Quarantining HYP Spreadsheet

#426296

Postby midgesgalore » July 9th, 2021, 10:50 pm

kiloran wrote:...

If a simple change of file name can remove the report of a virus, it strikes me that it is a false positive. I don't know what else I can do.

--kiloran



You are absolutely correct Kiloran, I don't think there is anything you can do.
I honestly didn't think you would do any work on this other than you might check to see if the script SNH_gen was one of yours.
Considering everything you detailed in your previous post, and it seems quite a comprehensive exercise on proving how fickle these virus checkers can be, I also believe it to be a false positive.

The fact others are all of a sudden experiencing the same thing corroborates the false positive.

Thanks
midgesgalore

kiloran
Lemon Quarter
Posts: 4092
Joined: November 4th, 2016, 9:24 am
Has thanked: 3234 times
Been thanked: 2827 times

Re: AVG Quarantining HYP Spreadsheet

#426302

Postby kiloran » July 9th, 2021, 11:30 pm

midgesgalore wrote:
kiloran wrote:...

If a simple change of file name can remove the report of a virus, it strikes me that it is a false positive. I don't know what else I can do.

--kiloran



You are absolutely correct Kiloran, I don't think there is anything you can do.
I honestly didn't think you would do any work on this other than you might check to see if the script SNH_gen was one of yours.
Considering everything you detailed in your previous post, and it seems quite a comprehensive exercise on proving how fickle these virus checkers can be, I also believe it to be a false positive.

The fact others are all of a sudden experiencing the same thing corroborates the false positive.

Thanks
midgesgalore

No, nothing like SNH_gen in HYPTUSS. I found various tools which could be downloaded to remove SNH_gen from a file but I'm EXTREMELY wary about these.

--kiloran

csearle
Lemon Quarter
Posts: 4764
Joined: November 4th, 2016, 2:24 pm
Has thanked: 4812 times
Been thanked: 2083 times

Re: AVG Quarantining HYP Spreadsheet

#433305

Postby csearle » August 8th, 2021, 5:54 pm

I'm getting AVG quarantining my HYPTUSS because of SNH-gen[Trj]. I've got to go find it now as it has deleted the original.

Chris

csearle
Lemon Quarter
Posts: 4764
Joined: November 4th, 2016, 2:24 pm
Has thanked: 4812 times
Been thanked: 2083 times

Re: AVG Quarantining HYP Spreadsheet

#433306

Postby csearle » August 8th, 2021, 5:59 pm

csearle wrote:I'm getting AVG quarantining my HYPTUSS because of SNH-gen[Trj]. I've got to go find it now as it has deleted the original.

Chris
Found it. Now I am struggling to email it myself (new computer) because my email client (server?) has detected a virus too! :shock:

csearle
Lemon Quarter
Posts: 4764
Joined: November 4th, 2016, 2:24 pm
Has thanked: 4812 times
Been thanked: 2083 times

Re: AVG Quarantining HYP Spreadsheet

#433308

Postby csearle » August 8th, 2021, 6:02 pm

csearle wrote:
csearle wrote:I'm getting AVG quarantining my HYPTUSS because of SNH-gen[Trj]. I've got to go find it now as it has deleted the original.

Chris
Found it. Now I am struggling to email it myself (new computer) because my email client (server?) has detected a virus too! :shock:

Oh wait, I think that was AVG sticking its fingers in again. C.


Return to “Financial Software - Discussion”

Who is online

Users browsing this forum: No registered users and 6 guests