Avira detecting Trojan TR/Crypt.ZPACK.Gen2 on Metatrader 4

 

Hi, my Avira anti virus flagged a trojan TR/Crypt.ZPACK.Gen2 upon launching Metatrader 4 on Windows 10 concerning terminal.exe

Anyone else getting this problem? 

 

1) there is an option after probable malware has been found (mouse, right button options) to ignore it!

2) sent it to Avira as "false positive" to Avira Dateiprüfung <virus@avira.com>

3) google for Avire-webpage to upload your terminal.exe as "false positive".

If you do 2) or 3) even other Avira clients will benefit from that!

 

Before classifying as a "false" positive, make sure that you really don't have another virus on your machine that is perhaps infecting ".exe" files and "adding" itself to them, thus making "terminal.exe" an infected executable.

Try doing a clean installation of MetaTrader 4 on another machine (or safe environment) and comparing the byte files sizes or hash signatures of both the "terminal.exe" and "metaeditor.exe" files to make sure there are no differences.

 
FMIC:

Before classifying as a "false" positive, make sure that you really don't have another virus on your machine that is perhaps infecting ".exe" files and "adding" itself to them, thus making "terminal.exe" an infected executable.

Try doing a clean installation of MetaTrader 4 on another machine (or safe environment) and comparing the byte files sizes or hash signatures of both the "terminal.exe" and "metaeditor.exe" files to make sure there are no differences.

Hi, my machine is a clean install of windows 10 on a complete reformatted HD. Only Metatrader 4 is installed aside from whatever Windows installs by default. This makes the alert more annoying since I just had a new install and already get a virus. =(
 
knowsnotrading:
Hi, my machine is a clean install of windows 10 on a complete reformatted HD. Only Metatrader 4 is installed aside from whatever Windows installs by default. This makes the alert more annoying since I just had a new install and already get a virus. =(

Then in that case, it is probably a "false" positive as "gooly" stated. Here are the MD5 Hashes for my installation of Build 971 for comparison:

41bbbd4299670202445fdb18b2520348 *metaeditor.exe
abf3b7cd8baac22faef9e6cc18e7ed47 *terminal.exe
 
FMIC:

Before classifying as a "false" positive, make sure that you really don't have another virus on your machine that is perhaps infecting ".exe" files and "adding" itself to them, thus making "terminal.exe" an infected executable.

Try doing a clean installation of MetaTrader 4 on another machine (or safe environment) and comparing the byte files sizes or hash signatures of both the "terminal.exe" and "metaeditor.exe" files to make sure there are no differences.

Sorry, but I would not recommend this as what you suggest cost quite some time - but here the sooner the better is important!

1) In the rare opportunity that one of the mt-programs is really infected immediately let MQ so that they can withdraw the programs directly to check them - the sooner the better for MQ!

2) If you send or upload a file with false positive they do not assume it is false positive they are going check it no matter how you define it. If it is a false positive they will change their detection pattern (or false positive pattern) and even here the other clients will benefit from an early knowledge - the sooner the better for us!

 
gooly:

Sorry, but I would not recommend this as what you suggest cost quite some time - but here the sooner the better is important!

1) In the rare opportunity that one of the mt-programs is really infected immediately let MQ so that they can withdraw the programs directly to check them - the sooner the better for MQ!

2) If you send or upload a file with false positive they do not assume it is false positive they are going check it no matter how you define it. If it is a false positive they will change their detection pattern (or false positive pattern) and even here the other clients will benefit from an early knowledge - the sooner the better for us!

I did not say that the MetaTrader was infected by MetaQuotes. I said that the OP could have ANOTHER virus on his PC that was infecting various ".exe" files, including the "terminal.exe" as a means of propagating itself.

It may take longer to verify this, but it is safer than just outright marking the file as a "false" positive in the AV's "ignore list" without first verifying the condition.

As for sending, the file to the AV's supplier for further analysis, that has nothing to do with verifying the conditions on one's own machine.

 

That's a false positive since years, on each update we have some people reporting the same.

About False Alerts by Anti-Virus Software
 
angevoyageur:

That's a false positive since years, on each update we have some people reporting the same.

About False Alerts by Anti-Virus Software

So, as you are a moderator with connections to the 'big boss' suggest Metaquotes to send each new built to Avira to check for a false positive before it's release?

They send it to AVG (Point 7) so why not Avira too?

I posted their email address and that would enable Avira to update their patterns before some of the clients of Metaquotes are heavily shocked.

 
angevoyageur:

That's a false positive since years, on each update we have some people reporting the same.

About False Alerts by Anti-Virus Software

So I should just ignore the warning? Or should I quarantine Terminal.exe until it is resolved?

 Will this correct itself after a day or two when Avira recognizes it as false positive? Or will I have to live with this for the rest of my trading life?

I specifically installed Windows 10 because I didn't want to use the web trader of the broker, I never imagined that this virus thing would stress me out that much. 

 And since Avira automatically blocks terminal.exe, and let's say Avira can't add to exceptions, does this mean my MT4 will have problems? What exactly does Terminal.exe do?

Will I have to switch to AVG?

Do they still send build to AVG until today as stated by the link above (old post so I'm wondering if they still send their build to AVG as a policy until today)?


Thank you.

gooly:

So, as you are a moderator with connections to the 'big boss' suggest Metaquotes to send each new built to Avira to check for a false positive before it's release?

They send it to AVG (Point 7) so why not Avira too?

I posted their email address and that would enable Avira to update their patterns before some of the clients of Metaquotes are heavily shocked.

I agree. Why doesn't Metaquotes send this to Avira beforehand as this will save a lot of people the trouble, especially people with OCD such as myself. In the link, #6 says that warnngs are only generated by not very popular antivirus. I would think Avira is pretty popular, or am I wrong?

 

 Thank you 

 
knowsnotrading:

So I should just ignore the warning? Or should I quarantine Terminal.exe until it is resolved?

 Will this correct itself after a day or two when Avira recognizes it as false positive? Or will I have to live with this for the rest of my trading life?

I specifically installed Windows 10 because I didn't want to use the web trader of the broker, I never imagined that this virus thing would stress me out that much. 


Thank you.

I agree. Why doesn't Metaquotes send this to Avira beforehand as this will save a lot of people the trouble, especially people with OCD such as myself. In the link, #6 says that warnngs are only generated by not very popular antivirus. I would think Avira is pretty popular, or am I wrong?

 Thank you 

I am using Avira for a long time now and I am quite happy with it!

Once and a while they ware modifying their patterns and all of a sudden older files are detected as malicious.

In this case I 1) tell the local Avira progrtam to ignore them and 2) I send them in to Avira as "false positive".

In case of MQ's new terminal I think one can take the risk to mark it to ignore it and send it in and wait for the answer (~1,2 days)

In other cases I when I am not really sure I put them in quarantine and send them in.

Here (at the bottom) you can see that - as they claim - Avira was installed nearly 500 million times - you are right not very popular ;)