AVG reports virus in standalone MS Windows FRP .exe

This forum is for the FRP standalone version. This version runs as an application on your own computer instead of in your web browser.
Post Reply
dogstone
Posts: 2
Joined: Thu May 02, 2019 9:26 am

AVG reports virus in standalone MS Windows FRP .exe

Post by dogstone » Thu May 02, 2019 9:36 am

I downloaded the MS Windows standalone version of the FRP tool (frp-standalone-04-02-17.exe). When I attempted to execute the file, my AVG anti-virus tool reported that the file was infected with Win32:MdeClass, and moved the file to a Quarantine area.
It appears that within AVG I have the option of "Report as false positive", so I think I can still run the tool if I choose.
I am wondering if other users have experienced a similar issue.

jimr
Posts: 495
Joined: Thu Feb 28, 2008 6:48 pm

Re: AVG reports virus in standalone MS Windows FRP .exe

Post by jimr » Thu May 02, 2019 1:39 pm

It sounds like a false positive, but there are a couple of things you can do to double check.

1) Upload the downloaded installer exe file to https://www.virustotal.com and have them do a free scan.

If the scan looks good, that's a good indication that the file is fine. I just did a quick check myself by downloading the file from the FRP website and uploading it to virustotal and it came out completely clean.

2) Another important check is to verify that the program installer is correctly signed with a security certificate that prevents tampering. When you go to install the program, you should see a popup window from Windows showing Random Walk Ventures, LLC as the verified publisher of the program. If windows says that the program is from an unknown developer or has an error in its security certificate, this can be an indication that the executable might have been tampered with.

dogstone
Posts: 2
Joined: Thu May 02, 2019 9:26 am

Re: AVG reports virus in standalone MS Windows FRP .exe

Post by dogstone » Mon May 06, 2019 9:11 am

Thanks for the reply.

I re-downloaded the frp .exe and then went to the virustotal website and chose my new downloaded copy and clicked "Open" and Virustotal stated there were no issues.

When I then attempted to execute the downloader installer .exe, AVG again detected a virus and quarantined the file.
I went to the AVG quarantine area and selected the downloader installer .exe and then selected "Restore and add exception".

I then attempted to execute the downloader installer .exe and when the pop-up window from Windows displayed, Windows indicated that the program is from an unknown developer.

I suspect I may still be having issues with AVG corrupting the file somehow.

jimr
Posts: 495
Joined: Thu Feb 28, 2008 6:48 pm

Re: AVG reports virus in standalone MS Windows FRP .exe

Post by jimr » Mon May 06, 2019 7:14 pm

That makes sense. The installer definitely shouldn't indicated it's from an unknown developer and in fact that could be a sign the file was modified by malicious software somewhere between the web server and your computer, or even by a malicious program that's already running on your computer that's trying to trick you into giving it administrative (installer) permissions.


Here's how the Windows User Account Control popup window should look with an unaltered installer file:
ResizerImage638X466.jpg

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest