• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Avast is saying One Click exe is a trogen

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

ShadowCat66

Member
Joined
Aug 20, 2001
Location
Oshkosh,WI
This is the message I get from Avast Antivirus when I run the EXE file.I downloaded the latest from the sticky first also.


OC-FAH-SSE-V2/.exe is infected with Win32:Trogen-gen {VC}


Hmmm,any clues here,just a bug in Avast??
 
ShadowCat66 said:
This is the message I get from Avast Antivirus when I run the EXE file.I downloaded the latest from the sticky first also.


OC-FAH-SSE-V2/.exe is infected with Win32:Trogen-gen {VC}


Hmmm,any clues here,just a bug in Avast??
Probably... I mean it is a strange exectutable that installs as a service and uses LOTS of CPU powah :D Rest assured there is no virus in it.
 
Sweet mother.... I'm sure the footprint of the Core and FAH is throwing off the AV as there are four files in each One-Click:

1. FAH4Console.exe
2. Service-Setup.bat (batch file that registers and starts service)
3. Client.cfg
4. srvany.exe (a Microsoft program that EVERY service install uses)

No virus, just folding.

Wedo
 
It's possible that the F@H zip might have gotten infected. If the AV software starts asking you to act, try the repair function. If it can't repair it, chances are it's not infected and it's just the virus software misdetecting it.
 
matrixzen said:
It's possible that the F@H zip might have gotten infected. If the AV software starts asking you to act, try the repair function. If it can't repair it, chances are it's not infected and it's just the virus software misdetecting it.

Good idea, but there is no chance the zip file was infected from the download site. If the file is infected it came from the computer it was downloaded to.

Wedo
 
Same thing I was thinking. Most of the time if the file is from a reliable internet webhost and you find it's infected after you download and try to install it, it's usually just something on your machine infecting certain types of filetypes or just anything you run in general.
 
HEY! I had the exact same thing happen to me this weekend when i do my weekly scan. Came up saying "...duallie OC-one click..." was a W32 Trojan. I was gonna post something about it but decided against it thinking i somehow got it infected myself, as i was also helping a friend of mine disinfect his box, he had tons of viruses on his HD and i assumed that somehow one of the trojans had jumped over the network and infected a random file on my HD or something. I deleted the file, but i still have it installed and running...

maybe we should send !avast an email or someting....
 
I wouldn't be surprised if that happened. If people borg computers without the owner's permission, and when they see it running, they are like "how did that get there?" Thus it is becomes labeled at a virus.
 
LOL,sorry Wedo,I didnt mean to cause a stir.I figured it wasnt infected.Just wanted to point it out to everyone what happened and the slim chance something could have been wrong.
 
ShadowCat66 said:
LOL,sorry Wedo,I didnt mean to cause a stir.I figured it wasnt infected.Just wanted to point it out to everyone what happened and the slim chance something could have been wrong.

No worries, if you didn't bring it to our attention someone else would. It's just funny to me because it's a totally love-hate with the One-Click. Either people are lovin' it because of the easy install or I read threads about how f'ed up the program is even though it's worked on hundreds of machines. :D

I'll try to score some time this week and send an email to the AV people and figure out why the dually version is coming up as a virus. I'm wondering if it's because the Dually puts a thing in the add/remove and the singles do not.

Wedo
 
Andyman902042 said:
I don't have the Dually version and it still came up as a virus.:confused:

Whoops, my mistake, I guess I need to check the single cpu version AND the dually? Either way, I just figured out why the One-Click comes up as a trojan.

The One-Click is an .exe within an .exe which also registers itself in the registry and adds FAH to the service. All three of these properties are what you everyday trojan would do.

Either way, I'll try to shoot an email to the company.

Wedo
 
I love both the duallie and single One-clicks. I'll use that 4-client One-Click for HT duallies when I build my Xeon duallie soon.

At least you have your own name in the default cfg so silly borgers won't keep feeding that One-Click folding monster that's passed me twice before.

AVG free doesn't seem to mind One-Click nor do Ad-Aware & Spybot S&D.

Np at my end.

Thanx Wedo for all the :cool: tools :thup:
 
Audioaficionado said:
I love both the duallie and single One-clicks. I'll use that 4-client One-Click for HT duallies when I build my Xeon duallie soon.

At least you have your own name in the default cfg so silly borgers won't keep feeding that One-Click folding monster that's passed me twice before.

AVG free doesn't seem to mind One-Click nor do Ad-Aware & Spybot S&D.

Np at my end.

Thanx Wedo for all the :cool: tools :thup:


Its only the program EXE file it doesnt like.After its installed,it seems fine.
 
Back