AVG reports virus in standalone MS Windows FRP .exe

Post questions and comments about installing the program, getting it to run on your computer, and unexpected error messages.
Post Reply
dogstone
Posts: 2
Joined: Thu May 02, 2019 9:26 am

AVG reports virus in standalone MS Windows FRP .exe

Post by dogstone »

I downloaded the MS Windows standalone version of the FRP tool (frp-standalone-04-02-17.exe). When I attempted to execute the file, my AVG anti-virus tool reported that the file was infected with Win32:MdeClass, and moved the file to a Quarantine area.
It appears that within AVG I have the option of "Report as false positive", so I think I can still run the tool if I choose.
I am wondering if other users have experienced a similar issue.
jimr
Posts: 821
Joined: Thu Feb 28, 2008 6:48 pm

Re: AVG reports virus in standalone MS Windows FRP .exe

Post by jimr »

It sounds like a false positive, but there are a couple of things you can do to double check.

1) Upload the downloaded installer exe file to https://www.virustotal.com and have them do a free scan.

If the scan looks good, that's a good indication that the file is fine. I just did a quick check myself by downloading the file from the FRP website and uploading it to virustotal and it came out completely clean.

2) Another important check is to verify that the program installer is correctly signed with a security certificate that prevents tampering. When you go to install the program, you should see a popup window from Windows showing Random Walk Ventures, LLC as the verified publisher of the program. If windows says that the program is from some other developer or has an error in its security certificate, this can be an indication that the executable might have been tampered with.
dogstone
Posts: 2
Joined: Thu May 02, 2019 9:26 am

Re: AVG reports virus in standalone MS Windows FRP .exe

Post by dogstone »

Thanks for the reply.

I re-downloaded the frp .exe and then went to the virustotal website and chose my new downloaded copy and clicked "Open" and Virustotal stated there were no issues.

When I then attempted to execute the downloader installer .exe, AVG again detected a virus and quarantined the file.
I went to the AVG quarantine area and selected the downloader installer .exe and then selected "Restore and add exception".

I then attempted to execute the downloader installer .exe and when the pop-up window from Windows displayed, Windows indicated that the program is from an unknown developer.

I suspect I may still be having issues with AVG corrupting the file somehow.
jimr
Posts: 821
Joined: Thu Feb 28, 2008 6:48 pm

Re: AVG reports virus in standalone MS Windows FRP .exe

Post by jimr »

That makes sense. The installer definitely should show the program was signed by Random Walk Ventures, LLC. Otherwise, it's a sign the file was modified by malicious software somewhere between the web server and your computer, or even by a malicious program that's already running on your computer that's trying to trick you into giving it administrative (installer) permissions to it.


Here's how the Windows User Account Control popup window should look with an unaltered installer file:
ResizerImage638X466.jpg
Post Reply

Who is online

Users browsing this forum: No registered users and 18 guests