# Trojan horse false positive on v0.26 installer?



## cruft (Jul 21, 2007)

AVG free claims that ATITool_0.26.exe is infected with "Trojan horse Downloader.Zlob.MCQ".

I scanned my computer for viruses and it came out clean. I quarantined the installer, deleted it,  and proceeded to download a fresh copy from this site - the installer showed up as infected again.

Is this a false positive?

I also downloaded the 0.27 beta installer and it came out clean.


----------



## hereford (Jul 21, 2007)

I get the same since I updated the avg free virus definition database this afternoon.

The version is now 269.10.12/910

The atitool_0.26.exe was fine when I downloaded and istalled it earlier today, but since updating the definitions avg will no longer let me download another copy, (I deleted the original from the virus vault after it was put there by the daily scan).

I've tried a few other locations I found on google and avg thinks they all contain the zlob trojan, so it probably is a false positive. Let's hope so anyway!

I forgot to add that avg also thought that the uninstall.exe which gets put in the \program files installation directory when installing ati tool was the file that contained the trojan.


----------



## Jimmy 2004 (Jul 21, 2007)

Well, I'm using version 0.24, but this does sound strange. Perhaps try posting it in the AVG forums?


----------



## Dippyskoodlez (Jul 21, 2007)

hereford said:


> I get the same since I updated the avg free virus definition database this afternoon.
> 
> The version is now 269.10.12/910
> 
> ...



Odd, but I would say its most likely a false positive. Hardware tools do this because of the nature of what the program does.


----------



## hereford (Jul 22, 2007)

Phew!

Seems it was a problem with the virus definitions. AVG appear to be getting quite a few false positives on various products looking at the threads on the free avg forum.

As of the update this evening taking the virus database to 269.10.14/912, downloading atitool_0.26.exe no longer gets a trojan alert from avg, or at least the one from the mirror I selected at random didn't

Quite an impressive fix time from the guys at grisoft.


----------



## DRDNA (Jul 22, 2007)

yup a false +...and nice job AVG on the fast fix!


----------

