[tor-bugs] #2910 [Tor bundles/installation]: AVG claims that TBB contains malware

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Apr 15 04:29:25 UTC 2011 

#2910: AVG claims that TBB contains malware
--------------------------------------+-------------------------------------
 Reporter:  munster                   |          Owner:  erinn
     Type:  defect                    |         Status:  new  
 Priority:  normal                    |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------

Comment(by munster):

 Hi,

 I was actually just logging in again to add an update, because things
 really are acting very oddly.  I had successfully extracted & run Tor this
 morning, from yet another fresh download from the site.  I was using the
 browser fine about an hour ago, but when I opened it again just before,
 AVG popped up again with its "malware detected" dialogue box.

 I've attached a screen cap from yesterday's first incident (I tried again
 after I posted, & that time, AVG quarantined Vidalia as well, & said it
 had removed 5 files, I believe).  I'll also attach a couple of screen caps
 from what's happening right now.  The box referring to Vidalia's "control
 socket" has never come up before.  [I'm not sure how to remove Capture3,
 showing a problem that was my fault & is fixed now.]

 As you'll see in the screen caps, the malware AVG thinks it found was just
 labelled as "unknown".  I'm not sure what files AVG actually removed,
 because the downloaded file is still on my desktop & the extracted Tor
 Browser folder  in my Program Files (where I extracted to) still appears
 in tact.  And in fact, Vidalia was still running (seen in Task Manager >
 Processes); now that I've killed that, I've just been able to restart Tor
 via the "Start Tor Browser" that was still sitting in Program Files.

 To be clear, I'm using the "AVG Anti-Virus Free Edition 2011" - *without*
 the AVG security toolbar.  So nope, I didn't have the toolbar appear in my
 Tor Browser Bundle at any time.

 Re. reproducing the problem... the file I downloaded *yesterday* - I
 extracted it, AVG had its hissy fit & removed the file/s.  I *think* I
 then extracted the browser bundle from that same download, & that was the
 2nd time AVG "found" malware.  But to be honest, I'm a little shakey on
 whether I extracted from the same download or it *may* have been from a
 fresh download (sorry).

 TODAY, I downloaded a fresh version from the website, & it worked fine >
 AVG did its thing > Tor still works fine.  So it started working again
 before I tried to extract another copy from this morning's download - but
 I kept the download if you still want me to try.  I've
 started/browsed/closed/restarted Tor 3 times now, with no problems - like
 I was able to do earlier this morning.

 Hope this info helps.  Sorry if my explanation's a little jumbled.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2910#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list