Malware or virus detected

Post Reply
demoria7
Posts: 2
Joined: Sat Nov 15, 2014 7:48 pm

Malware or virus detected

Post by demoria7 » Sat Nov 15, 2014 8:07 pm

After the last patch Avast, the virus protection program said it detected a virus and grabbed part of the file and killed GINA.

I tried removing the program and putting it back, same issue.

PLATFORM VERSION INFO
Windows : 6.2.9200.0 (Win32NT)
Common Language Runtime : 4.0.30319.34014
System.Deployment.dll : 4.0.30319.34243 built by: FX452RTMGDR
clr.dll : 4.0.30319.34014 built by: FX45W81RTMGDR
dfdll.dll : 4.0.30319.34243 built by: FX452RTMGDR
dfshim.dll : 6.3.9600.16384 (winblue_rtm.130821-1623)

SOURCES
Deployment url : http://eq.gimasoft.com/GINA/GINA.application
Server : Microsoft-IIS/8.0
X-Powered-By : ASP.NET
Deployment Provider url : http://eq.gimasoft.com/GINA/GINA.application
Application url : http://eq.gimasoft.com/GINA/Application ... e.manifest
Server : Microsoft-IIS/8.0
X-Powered-By : ASP.NET

IDENTITIES
Deployment Identity : GINA.application, Version=1.0.19.2, Culture=neutral, PublicKeyToken=1b6380780390d0f3, processorArchitecture=x86
Application Identity : GINA.exe, Version=1.0.19.2, Culture=neutral, PublicKeyToken=1b6380780390d0f3, processorArchitecture=x86, type=win32

APPLICATION SUMMARY
* Installable application.

ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://eq.gimasoft.com/GINA/GINA.application resulted in exception. Following failure messages were detected:
+ Downloading http://eq.gimasoft.com/GINA/Application Files/GINA_1_0_19_2/GINA.exe.deploy did not succeed.
+ The underlying connection was closed: An unexpected error occurred on a receive.
+ Unable to read data from the transport connection: An established connection was aborted by the software in your host machine.
+ An established connection was aborted by the software in your host machine

COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.

WARNINGS
There were no warnings during this operation.

OPERATION PROGRESS STATUS
* [11/15/2014 5:06:03 PM] : Activation of http://eq.gimasoft.com/GINA/GINA.application has started.
* [11/15/2014 5:06:03 PM] : Processing of deployment manifest has successfully completed.
* [11/15/2014 5:06:03 PM] : Installation of the application has started.
* [11/15/2014 5:06:03 PM] : Processing of application manifest has successfully completed.
* [11/15/2014 5:06:05 PM] : Found compatible runtime version 4.0.30319.
* [11/15/2014 5:06:05 PM] : Request of trust and detection of platform is complete.

ERROR DETAILS
Following errors were detected during this operation.
* [11/15/2014 5:06:10 PM] System.Deployment.Application.DeploymentDownloadException (Unknown subtype)
- Downloading http://eq.gimasoft.com/GINA/Application Files/GINA_1_0_19_2/GINA.exe.deploy did not succeed.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)
at System.Deployment.Application.SystemNetDownloader.DownloadAllFiles()
at System.Deployment.Application.FileDownloader.Download(SubscriptionState subState)
at System.Deployment.Application.DownloadManager.DownloadDependencies(SubscriptionState subState, AssemblyManifest deployManifest, AssemblyManifest appManifest, Uri sourceUriBase, String targetDirectory, String group, IDownloadNotification notification, DownloadOptions options)
at System.Deployment.Application.ApplicationActivator.DownloadApplication(SubscriptionState subState, ActivationDescription actDesc, Int64 transactionId, TempDirectory& downloadTemp)
at System.Deployment.Application.ApplicationActivator.InstallApplication(SubscriptionState& subState, ActivationDescription actDesc)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.Net.WebException
- The underlying connection was closed: An unexpected error occurred on a receive.
- Source: System
- Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)
--- Inner Exception ---
System.IO.IOException
- Unable to read data from the transport connection: An established connection was aborted by the software in your host machine.
- Source: System
- Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
--- Inner Exception ---
System.Net.Sockets.SocketException
- An established connection was aborted by the software in your host machine
- Source: System
- Stack trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.

demoria7
Posts: 2
Joined: Sat Nov 15, 2014 7:48 pm

Re: Malware or virus detected

Post by demoria7 » Sat Nov 15, 2014 8:09 pm

Also all the folks in my guild are getting the same issue. It has crashed from every persons machine. AVAST says it contains a virus.

Gimagukk
Site Admin
Posts: 237
Joined: Wed Oct 26, 2011 9:29 pm

Re: Malware or virus detected

Post by Gimagukk » Sat Nov 15, 2014 9:08 pm

GINA users have reported having issues with AVAST in the past due to false positives in AVAST. Can you post a log from AVAST describing what AVAST thinks it is detecting?

Gimagukk
Site Admin
Posts: 237
Joined: Wed Oct 26, 2011 9:29 pm

Re: Malware or virus detected

Post by Gimagukk » Sun Nov 16, 2014 1:05 am

I installed Avast on a virtual box and their application is reporting it as Win32:Evo-gen, which is their generic algorithm that often has false positives. It's not saying it found a virus, just that there is code that "could be" doing stuff that is dangerous if an executable happens to actually be a new virus that Avast doesn't know about yet. I verified that every file in the installation package is clean using virustotal.com, and that this is Avast yet again detecting a false positive.

Using the 2015 version of their free software, there is a link to "Report as false positive" when that happens. I have submitted the false positive report, which generates a message that they will review the file for an upcoming definition update.

Klotar
Posts: 1
Joined: Sun Nov 16, 2014 11:46 am

Re: Malware or virus detected

Post by Klotar » Sun Nov 16, 2014 12:02 pm

Since the download link always points at the latest version, would it be possible to have an Archive section to download older versions?

Some older versions of GINA will work with Avast, e.g. 1.0.19.1 but Avast users cannot upgrade from .1 to .2, nor will uninstalling GINA and trying to install .2 work. Only uninstalling Avast will work, but reinstalling Avast afterwards kills GINA if it is 1.0.19.2 until Avast updates their files.

While running older versions might not be in anyone's best interests, there is nothing like logging in for a raid and finding you have a sudden problem with GINA. At least an older version of GINA gets you up and running so that you can then tinker with Avast settings/exclusions/etc. AFTER the raid. Yesterday, an older version dated September 11 2012 saved the day.

Just thought I would ask, thanks.

Gimagukk
Site Admin
Posts: 237
Joined: Wed Oct 26, 2011 9:29 pm

Re: Malware or virus detected

Post by Gimagukk » Sun Nov 16, 2014 5:16 pm

If you got Programs in Control Panel and select to uninstall GINA, it should ask you if you want to rollback a version or uninstall. If the previous version you had was not having issues, try the rollback option to the previous version.

Gimagukk
Site Admin
Posts: 237
Joined: Wed Oct 26, 2011 9:29 pm

Re: Malware or virus detected

Post by Gimagukk » Sun Nov 16, 2014 5:38 pm

Also, it looks like you can add the following to your exclusion list to bypass the check and allow GINA to run:

C:\Users\<YOUR_WINDOWS_USERNAME_HERE>\AppData\Local\*\gina.exe

I'm very unimpressed with Avast's implementation of their "we're not sure, but maybe" feature... it should at least provide the option to "proceed anyway".

Gimagukk
Site Admin
Posts: 237
Joined: Wed Oct 26, 2011 9:29 pm

Re: Malware or virus detected

Post by Gimagukk » Sun Nov 16, 2014 9:02 pm

For now, I have turned the beta link back on (http://eq.gimasoft.com/gina/DownloadBeta.aspx). It is the code base that got pushed to live as 1.0.19.0, so it won't have the fixes implemented in 1.0.19.1 and 1.0.19.2.

If you have changed your GINA Data Folder in the live version, you can point to the same folder with GINABeta (assuming you were running 1.0.19.0 or higher before).

Post Reply