AntiVir, Tor Browser Bundle, and trojan Dropper.Gen false positive

by phobos | April 7, 2009

A number of people are reporting that AntiVir's latest update is reporting trojan Dropper.Gen in the Tor Browser Bundle version 1.1.11, specifically the "Start Tor Browser.exe" program.

This appears to be a false positive from AntiVir. No one has confirmed they've checked the pgp signature with their download of TBB. You may want to confirm you've actually downloaded our package, https://decvnxytmk.oedi.net/verifying-signatures.

False positives occurs often enough we have a FAQ entry about it, https://decvnxytmk.oedi.net/faq#VirusFalsePositives

You can read more about the trojan at http://www.avira.ro/en/threats/section/details/id_vir/3647/tr_dropper.g…

I'm building a VM to specifically test this AntiVir version against Start Tor Browser.exe to see what inside the executable is triggering the false positive.

Comments

Please note that the comment area below has been archived.

An easier way to test for FPs is by using services like VirusTotal. I just uploaded the executable, and indeed, as the scan log shows ( http://www.virustotal.com/analisis/27caf4312ace0cf8036bc6d0cbf05f64 ), Avira detects the file (in addition to the gateway version of McAfee).

I also reported it directly to Avira trough their web interface ( http://analysis.avira.com/samples/index.php ) and it said that: "The file 'Start Tor Browser.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.1.3.25. ", so hopefully this will be resolved.

April 09, 2009

Permalink

hey phobos there is aproblem with the tor-project starting page in TBB. It is not showing this message "Congratuations you are using tor, your ip address is so on..... wat is the probem? Plesse fix this.

October 24, 2009

Permalink

I have downloaded the Vidalia software as I need to show myself in different geographic locations than where I am. (Family member doing some cyber stalking of me and I want to lead them a merry dance and as I travel for business all sorts of locations are totally believable and drives them nuts.... Although why it irritates them I have no idea, but it is such a hot button and they are such an ass I want to do this).

My Google research indicated this software could do this and I downloaded it. BUT....

I am not a techie and I cannot seem to even find if I have a Proxy, (I have a home laptop on a wireless network connected to ISP via a DSL service, that is all I know) and couldn't work out if I actually have the software working or how do I use it?? Yes I have the green onion, but.... The help file, er didn't really help me. Sorry Vidalia guys! I know how do I manage to walk and breathe at the same time.... :-)

Can someone give me a real non technical idiots guide? Push this button, then the screen will look like this, now push that button etc etc.

Greatly appreciate any help.

November 19, 2009

Permalink

I installed Tor on my Macbook Pro and initially had no problems running it. When I upgraded to Leopard I deleted and shredded Firefox and Vidalia, then reinstalled them. The Vidalia bundle works fine in that it connects to the Tor Network but when I open Firefox I cannot toggle the Torbutton to turn it on. When I click on it, it will not switch from Disabled to Enabled. It's as if it's frozen. I checked my Tor settings and proxy settings in Firefox and everything seems to be setup right. What could be causing this and how can I change it?