Download Challenge "Failed - Virus Detected"

[nanders]

This has become a bit of a challenge.

I may not even remember the exact order that got me to this place.

During configuration Microsoft Security Essentials popped up an alert to a file in my epg folder: Behavior:Win32/Presistence.EA!mi Alert level severe

Category: Suspicious Behavior

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:C:\Program Files (x86)\epg123\epg123Client.exe
file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPG123\EPG123 Client.lnk
startup:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPG123\EPG123 Client.lnk

Also: containerfile:C:\xxxx\epg123Setup_v1.3.3.40.zip
file:C:\xxxx\Downloads\epg123Setup_v1.3.3.40.zip->epg123Setup_v1.3.3.40.exe->(inno#000004)
webfile:C:\xxxx\Downloads\epg123Setup_v1.3.3.40.zip|


http://epg123.garyan2.net/downloads/epg ... chrome.exe

Do I just need to allow this?

Thanks for any advice you can offer.
Niles

[garyan2]

It's been a while since any AV tool flagged my stuff. You can check VirusTotal... there are 2 engines that flag it. MSSE for some kind of trojan, and Trapmine because of a low score (never seen before). There are 69 other AV engines that don't detect anything.

Couple questions though: Why would you have the client link in the startup? Why does the link you are providing including the chrome executable?

[nanders]

I copied that dialog directly MS Security Essentials. I have no idea why any of it, but if you have any ideas what my next step should be I would appreciate it.

I would like to install the product and make it work so I can use the guide in Media Center.

[nanders]

I think I know why chrome.exe. Because now it MSSE cleans the downloaded Setup file.

[garyan2]

Well, there's nothing to clean because there is no virus or trojan. I haven't used MSSE in forever so can't remember how you can get something out of quarantine and tell it to ignore the false detects.

Can anyone chime in here? Anyone else using MSSE will probably get this as well today/tomorrow.

[stuartm]

I run MSSE (currently up to date definitions) and I have no problem downloading or extracting the installer.

[Space]

You can "restore" a quarantined item in MSE using the procedure on this page:

https://smallbusiness.chron.com/remove- ... 52112.html

You can start MSE by clicking on the MSE icon in the system tray:

[nanders]

When I download the 1.3.3.30 zip file no problem. When I download 1.3.3.40 zip It flags it:


Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
containerfile:C:\Users\NilesAnders\Downloads\epg123Setup_v1.3.3.40 (1).zip
file:C:\Users\NilesAnders\Downloads\epg123Setup_v1.3.3.40 (1).zip->epg123Setup_v1.3.3.40.exe->(inno#000004)
webfile:C:\Users\NilesAnders\Downloads\epg123Setup_v1.3.3.40 (1).zip|http://epg123.garyan2.net/downloads/epg ... xplore.exe

Deletes it immediately

[garyan2]

If it will let you do 1.3.3.30, go for it. The differences are very minor and may not apply to your setup.

[nanders]

Will give it a try.