AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B

Published: 2011-03-09
Last Updated: 2011-03-09 21:48:33 UTC
by Kevin Shortt (Version: 2)
4 comment(s)

Some readers from Montreal, Canada wrote in about a problem with AVG Anti-Virus 2011 Free Edition 10.0.1024.  The issue is with the all PDF's being quarantined and marked as infected by Luhe.Exploit.PDF.B.

 
It has been reported and noted on the above AVG Forum that an affected version is the following:
 
    AVG Anti-virus 2011 Free Edition 10.0.1204, virus database version 1497/3490 

 
The following url is a conversation on the issue:
 
    http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=151679where
 
This seems to be a bug in the definition for Luhe.Exploit.PDF.B.   This does not mean other versions of AVG aren't impacted as well.  Please check your version and verify with AVG.  The current version of the virus database as of writing this diary is 3494 and was released today.  I have no confirmed report that the problem has been resolved yet AVG was aware and working on it.
 
Please share what you're seeing and update the readers.
 
Thanks goes to Heber and Tomas for sending in the information to get it out there.
 
UPDATE:
  AVG has responded to the issue and a new virus database was released earlier today.

  http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=151987#post_151987

  "...a virus database update removing the Re: Luhe.Exploit.PDF.x false alarm (where x stands for BCDEH) has been released on 2011-03-08 21:16:44 CET."
 
 
--
Kevin Shortt
ISC Handler on Duty
 
4 comment(s)

Comments

I stopped using AVG after they kept harassing me six times a day to upgrade, even though it applied updates every day. I've used MSE since then... Kills two birds with one stone, I haven't had a need to run SS+D/adaware/MBAM since.
I stopped using AVG after SO many false positives, some of which were critical Windows system files. Do they test any of this stuff before pushing it out? Doesn't seem so.
I once recommended AVG, but after the repeated false positives, the huge resources it ate in later versions and the way it mangled my printer spool on my own computer I dumped it. I no longer recommend it. Avast and Avira seem to be the safest bets at the moment but I am sure that will change too :-)

-Al
Has anyone tested Vipre in a corporate environment yet? A hospital I work with just went from Symantec Corporate AV to Symantec Endpoint Protection. I see it is not as good as the old clunker as far as identifying and removing problems. Not impressed at all. Catches files written to the admin share after they execute, if at all. We're talking things that have been out 4 years now like Down and Up. Not good at all.

Diary Archives