Potential Trojan in Presence 2.3?

announcements (new versions, changes, bugs, installation problems...) related to program PRESENCE

Potential Trojan in Presence 2.3?

Postby bayne » Sat May 23, 2009 11:19 pm

Hi Jim, I just download Presence 2.3 from http://www.mbr-pwrc.usgs.gov/software/presence.html. Have tried installing several times.

I am using Norton 360 and it keeps saying that presence_int.exe has a Backdoor.Trojan which it describes as a generic detection for Trojan horses that attempt to open a back door on compromised computers. I am running Windows Vista.

Could you please check and make sure that it is a Norton issue not an actual virus

Thx

Erin Bayne
bayne
 
Posts: 3
Joined: Fri May 15, 2009 11:59 pm

potential trojan in Presence 2.3

Postby jhines » Tue May 26, 2009 8:39 am

Hi Erin,

The detection from Norton 360 is a false positive as there is no virus or malware in Presence 2.3. Apparently, the compiler I use is also one frequently used by malware writers and produces code similar to theirs. I've submitted the program to 'virus-total.com', which ran 20 anti-virus scanners on it, and 8 out of 20 scanners produced false positives, and 12 reported that the file was 'clean'.

The solution (for now) is, first to make sure you have the latest version of Presence since each time I recompile the program, it changes the executable code, causing different results from the anti-virus programs. Second, tell your anti-virus program to ignore this file (presence_int.exe). There should be an option in the program somewhere to exclude selected files from the anti-virus scan. With the anti-virus program I use (Symantec), it's done by , clicking the 'configure' menu, then clicking 'exclude selected files and folders', then click the 'exclusions' button. Next, click 'files/folders', then find the c:\Program Files\Presence folder, and check the file, presence_int.exe.

The long-term solution is for me to contact some of the anti-virus vendors to see if there is something I can do to the code to prevent the false-positive detections. For this to happen, it helps if users can let me know which anti-virus program they use which gives the false-positive, and the date they downloaded Presence.

Cheers,

Jim
jhines
 
Posts: 599
Joined: Fri May 16, 2003 9:24 am
Location: Laurel, MD, USA

Re: Potential Trojan in Presence 2.3?

Postby jrfrisch » Tue May 25, 2010 3:36 pm

I have a similar problem with Kaspersky virus software labeling the file as Heur:Trojan.win32.generic when I try to download version 2.4 or version 3.0 beta associated with the presence_int.exe. I tried the equivalent of excluding selected files unsuccesfully. In version 3.0 I noticed that the program was unable to create output storage. My old laptop had Norton anti-virus and I am able to use any models/files transferred from my old laptop (now no longer functional because of bad power cord selection) supporting my hypothesis that there is a problem creating new projects.
Any help would be appreciated.
Thanks,
John
jrfrisch
 
Posts: 2
Joined: Tue May 25, 2010 1:12 pm

Re: Potential Trojan in Presence 2.3?

Postby jhines » Tue May 25, 2010 4:14 pm

John,

I re-tested the current version of PRESENCE (3.0) with the anti-virus program we use here (symantec) as well as the virus-total web-site. Symantec showed no virus, and one anti-virus engine flagged it (Jiangmin), but the Kaspersky engine did not. I suspect that you have your version of Kaspersky anti-virus set to use heuristics to test for viruses, which can give false positives. If you are unable to have the kaspersky anti-virus program exclude presence_int.exe, perhaps you can turn off the feature which uses heuristics.

What sort of problem are you having creating new projects? Is it a problem with Presence 3.0 trying to create a new project from an older version (2.4) results file? Perhaps you can send me the old input (pao) and results (pa2) file which is giving you trouble.

Jim
jhines
 
Posts: 599
Joined: Fri May 16, 2003 9:24 am
Location: Laurel, MD, USA

Re: Potential Trojan in Presence 2.3?

Postby jrfrisch » Tue May 25, 2010 4:46 pm

Hi Jim,
I'm working through your suggestions Re: disabling the heuristic analysis in Kaspersky. It looks like heuristic analyses are performed in multiple locations. My error messages are:

zip warning: name not matched: pres_*.out
zip warning: name not matched: &
zip warning: name not matched: *.pa3

I created the data filename (pao file) and let PRESENCE create the results file so the data file names should be the same and should be saved in the same folder.

Thanks for your help in pointing me in the right direction!
John

Edit: this fix worked, and I was able to run my model, thanks so much!!!
jrfrisch
 
Posts: 2
Joined: Tue May 25, 2010 1:12 pm


Return to software problems/news

Who is online

Users browsing this forum: No registered users and 7 guests

cron