Win32:IstDnldr-AG in Portable Firefox

I try to download Portable Firefox and get following message:

Sign of “Win32:IstDnldr-AG [Trj]” has been found in

http://ftp.ntua.gr/pub/www/mozdev/portablefirefox/portable_firefox_1.0.4_rc2.zip” file.

What does that mean? I have version Avast Home 4.6.665 and 0521-0.

I’ll check it out :slight_smile:

Yup,it’s false positive.

Try from here too…
http://downloads.mozdev.org/portablefirefox/portable_firefox_1.0.4_rc2.zip

Got the same result. I submitted IstDnldr-AG sample today in the morning,so i doubt this would be malware.

I can also confirm that this “false positive” occurs. I can add that the Home site documentation is aware of the problem as shown below …

"Known Issues
The following are known issues with this package:

avast antivirus - This antivirus package is once again incorrectly identifying Portable Firefox as a trojan. They may fix it with another definitions update. I would suggest contacting the company again and letting them know about the issue or switching to another antivirus solution that doesn’t have the same false-positive issues."

I sincerely hope this will be dealt with by an Avast update.

Howdy folks…

I’m the Portable Firefox developer. I took the time to install avast! and figure out what is causing the problem this time. It appears that the avast! scanner thinks that PortableFirefox.exe is this trojan. It also thinks the launchers for Portable Thunderbird and Portable NVU are the same trojan. (It doesn’t appear to make the same mistake with Portable Sunbird which uses an older-style launcher or Portable OpenOffice which uses a lighter-weight launcher with fewer functions).

Basically, it seems like something created by the Nullsoft Scriptable Installer System (which all the launchers are written using) for some reason looks similar to the avast scanner. NSIS is usually used for installation routines for applications – Abiword, for example, has an installer written in NSIS – so the problem could crop up in other locations.

For anyone at avast working on this, here are just the launchers (and their code) that are registering as false positives:
http://johnhaller.com/jh/mozilla/portable_firefox/#launcher
http://johnhaller.com/jh/mozilla/portable_thunderbird/#launcher
http://johnhaller.com/jh/mozilla/portable_nvu/#launcher

I seem to remember this occuring before with avast last year sometime but can’t find record of it in my old emails. I won’t be working on a solution to this, since the issue is with the avast! scanner itself, but figured I would post what I can to assist in avast! finding a solution.

Regards,
John

It should be fixed now (0521-1).
Sorry for the troubles.

Thank you, tested and it was OK.
Good thing with this was that I learned to use Online malware scan on: http://virusscan.jotti.org/

Yes … no more problems!
Good to see AVast is so responsive
John

Glad to hear. I’ve updated the list of Known Issues to suggest updating avast! virus defnitions.

Welcome to the forum John,

Keep up the good work with the portable firefox version, until this thread I wasn’t aware of it, so I have paid a visit to the link in your earlier post. It looks greate for someone on the move without a laptop, just take a USB Drive with firefox installed and personal settings and extensions with you.

Thank you very much for reacting so promptly!

I think this is really service you give us!

I noticed the same problem yesterday, so I just wanted to start a new subject on this. But I thought it would be better to search first, and so I arrived here, where I red that everything has already been solved! :wink:

Again: thank you!

Kind regards,

Paul