Community


HELP!!!!!!!! AVG and other Antivirus issues

Links used in this discussion
Rob Barrett, User (Posts: 92)
Sep 13, 2022 11:28:56 am EDT
So, I have been experiencing issues with clients that have AVG and Remote Utilities Host exe from MSI the msi configurator. All of a sudden, I am getting errors like exe can't be found due to the antivirus eating the file. I tried talking with AVG about it after submitting samples but they wouldn't listen.. This is what they said.
Thanks for your email. Please, check virustotal link -

https://www.virustotal.com/gui/file/8c6764cecb249f71668631070b84f515566241a2b67177e­820c4e3d796a02d64?nocache=1,

and our clean guidelines for more details
https://support.avg.com/supportarticleview?l=en&supporttype=home&urlname=avg-threat-lab-clean-guideline.

Thank you for your understanding.

Have a nice day.

Miro
AVG Customer Care Team
User-added image
AVG Support Center


Here is the results:


Basic Properties
MD5 a9d7effc8978c05bb06d704812be6a11
SHA-1 1400ba3ed9e1a0a8ad82fe281e1e60eda58a170a
SHA-256 8c6764cecb249f71668631070b84f515566241a2b67177e820c4e3d796a0­2d64
Vhash 01703e0f7d701013z11z401013z1015z13z101dz
Authentihash e7d227cb3f52c26a00ed9713719b79894e6f98f9570b50ea825ec1ec24d5­0a8e
Imphash 19b321cb7a9ce31c90397152f38b67ea
SSDEEP 393216:HFMfDRd5Luew5Pe8K6EKB5W+OilBRLOy2PvXeolk/j0vV066u3cSgEzcy:HED1uew5mmEQg+D3OvPvXeol0ju3cCzp
TLSH T1090733C2E3E00814F9FF437299F65F2C9A7AFC98AB79230E14E4B31574­A3D461916687
File type Win32 EXE
Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID UPX compressed Win32 Executable (66.6%)
TrID Win32 Executable (generic) (11%)
TrID WinArchiver Mountable compressed Archive (7.3%)
TrID OS/2 Executable (generic) (4.9%)
TrID Generic Win/DOS Executable (4.9%)
File size 17.33 MB (18173096 bytes)
PEiD packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
History
Creation Time 2019-07-02 13:49:38 UTC
Signature Date 03:31 PM 12/22/2020
First Submission 2022-09-09 14:26:08 UTC
Last Submission 2022-09-09 14:26:08 UTC
Last Analysis 2022-09-11 07:55:47 UTC
Signature Info
Signature Verification
A certificate was explicitly revoked by its issuer.
File Version Information
Copyright Copyright © 2019 Remote Utilities LLC. All rights reserved.
Product Remote Utilities
Description Remote Utilities
File Version 6.10.10.0
Date signed 2020-12-22 21:31:00 UTC
Signers
Remote Utilities LLC
Sectigo RSA Code Signing CA
USERTrust RSA Certification Authority
Sectigo (AAA)
Counter Signers
Symantec Time Stamping Services Signer - G4
Symantec Time Stamping Services CA - G2
Thawte Timestamping CA
X509 Certificates
Symantec Time Stamping Services CA - G2
Symantec Time Stamping Services Signer - G4
USERTrust RSA Certification Authority
Remote Utilities LLC
Sectigo RSA Code Signing CA
Portable Executable Info
Header
Target Machine Intel 386 or later processors and compatible processors
Compilation Timestamp 2019-07-02 13:49:38 UTC
Entry Point 21060288
Contained Sections 3
Sections
Name Virtual Address Virtual Size MD5 Chi2
UPX0 4096 20115456 d41d8cd98f00b204e9800998ecf8427e -1
UPX1 20119552 942080 17fae7ed8d11319ae1a1446ce4c278c1 121064.54
.rsrc 21061632 17223680 e3a0d47514d89c93abfb2fd8f402a626 870587.19
Imports
msvcrt.dll
version.dll
gdi32.dll
advapi32.dll
KERNEL32.DLL
SHFolder.dll
winspool.drv
netapi32.dll
shell32.dll
ole32.dll
Contained Resources By Type
RT_STRING 37
RT_RCDATA 11
RT_CURSOR 7
RT_GROUP_CURSOR 7
RT_ICON 6
UNICODEDATA 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Contained Resources By Language
NEUTRAL 50
ENGLISH US 27
Contained Resources
SHA-256 File Type Type Language Entropy Chi2
26ad8bd8e5e67fa91f5e84623f14dfa392eba1b7742c1430f24039a16228­f0a2 unknown UNICODEDATA NEUTRAL 4.43 1344588.75
e0a16eb6441e280225f96b9fecb22f42ff8f3891f2c26121d96991b74f88­e9c9 unknown UNICODEDATA NEUTRAL 5.83 857141.5
85090d58aceb2ef630709a15e01e216740e85279abd5022b20b388a07015­c4db unknown UNICODEDATA NEUTRAL 5.65 39383.63
5b94876780408f50c0e7a298f9cb060f5bbcbc2ddf8894fb0edfa3a6b24d­35cd unknown UNICODEDATA NEUTRAL 5.13 1419150
4956615fe2817e88bbe53190d14a4b8f104706547b7eaf1852d686d86c7a­9f2c unknown UNICODEDATA NEUTRAL 5.25 1660242.5
Overlay
entropy 7.433434963226318
offset 18165248
chi2 10505.12
filetype unknown
md5 0fa93d29fc0ef891baf6a6c4170f3a3f
size 7848
Conrad Sallian, Support (Posts: 3049)
Sep 13, 2022 12:47:32 pm EDT
Hi Rob,

Is it a freshly built installer?
Rob Barrett, User (Posts: 92)
Sep 13, 2022 12:52:53 pm EDT

Conrad Sallian wrote:

Hi Rob,

Is it a freshly built installer?

Yes Conrad it is.... Most of my clients have AVG Free and now I have to go in an manually add the AVG folder Exception, which is a pain with A LOT of clients
Rob Barrett, User (Posts: 92)
Sep 13, 2022 12:54:06 pm EDT
I still have the old one but This has got to get fixed somehow.... Did you see the first link?
Conrad Sallian, Support (Posts: 3049)
Sep 13, 2022 3:55:16 pm EDT
Hi Rob,

I saw the link and the false positive detections. However, the certificate information is wrong - well, outdated. Even if you use the version 6.10 to build a custom installer there must be another certificate, a valid one issued by DigiCert. Here is a screenshot:

HELP!!!!!!!! AVG and other Antivirus issues - 13 Sep 2022 03:54:11

Have you tried to reconfigure your build? That should help.
Rob Barrett, User (Posts: 92)
Sep 13, 2022 5:12:57 pm EDT
So I am thinking that maybe you all, as the developer, can help to inform those companies of their errors
Conrad Sallian, Support (Posts: 3049)
Sep 13, 2022 5:32:02 pm EDT
Hi Rob,

It was today that we informed Avast (and by extension AVG) about that the last time :) Frankly, why it is so hard to whitelist at least the digital signature is beyond me.
Rob Barrett, User (Posts: 92)
Sep 14, 2022 3:21:23 pm EDT
Those companies are big.. Try doing it with Msft....
Rob Barrett, User (Posts: 92)
Sep 15, 2022 9:22:10 am EDT
Hi Rob,

If all issues have been fixed it, just install the latest version. Otherwise, please send me the updated installation file and our ThreatLab will check it.

All Best,

Miro

AVG Customer Care Team
User-added image
AVG Support Center

https://www.avg.com/report-malicious-file


--------------- Original Message ---------------
From: Rob
Sent: 9/14/2022, 3:23 PM
To: support@help.avg.com
Subject: Re: AVG Customer Care - AVG: False positive file RMRESupportV8.exe

* Website time zone: America/New_York (UTC -5)