Opened 10 years ago

Closed 9 years ago

#2910 closed defect (worksforme)

AVG claims that TBB contains malware

Reported by: munster Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I installed the Tor Browser Bundle about a week ago & it extracted fine, worked great.  Accidentally deleted it earlier today (& emptied my trash before I realised Tor'd gone in there).  Just went to download the Browser Bundle (v 1.3.23) again & it again downloaded & extracted fine.

But when I went to start browsing, my AVG (v 10.0.1209) insisted that it contained malware - rated 4/4 in threat severity.  So I let AVG take care of it, but it freaked me out a little.  I'm hoping I just managed to muck something up at my end, but I don't know how to tell.

I'm not a programmer & feel way undereducated on things like this.  Is anyone able to advise whether this was a genuine threat?  Or if it's probably not a real threat, why would AVG "detect" malware at this start-up but none of the other times I started Tor?

I'd really appreciate any thoughts.

Child Tickets

Attachments (4)

AVG Tor Capture.PNG (64.2 KB) - added by munster 10 years ago.
Capture1, now.PNG (157.7 KB) - added by munster 10 years ago.
Capture2, now.PNG (377.6 KB) - added by munster 10 years ago.
Capture3, now.PNG (30.6 KB) - added by munster 10 years ago.

Download all attachments as: .zip

Change History (8)

comment:1 in reply to:  description Changed 10 years ago by munster

Version: Torbutton: 1.3Tor: unspecified

Sorry, I did NOT mean to set "version" to Torbutton: 1.3.  I'm referring to Tor Browser Bundle, v. 1.3.23 (US-en).

comment:2 Changed 10 years ago by rransom

Component: - Select a componentTor bundles/installation
Owner: set to erinn
Summary: "Malware Detected"AVG claims that TBB contains malware
Version: Tor: unspecified

The Tor Browser Bundle does not contain malware, but we need more information to determine whether this was a ‘false positive’ or whether AVG is trying to scare users away from it intentionally.

What specific piece of malware did AVG claim to have found?

Did AVG's ‘security toolbar’ appear in your Tor Browser Bundle after the first time you started it?

Can you reproduce this by extracting another copy of the same version of Tor Browser Bundle and running it?

Changed 10 years ago by munster

Attachment: AVG Tor Capture.PNG added

Changed 10 years ago by munster

Attachment: Capture1, now.PNG added

Changed 10 years ago by munster

Attachment: Capture2, now.PNG added

Changed 10 years ago by munster

Attachment: Capture3, now.PNG added

comment:3 Changed 10 years ago by munster


I was actually just logging in again to add an update, because things really are acting very oddly.  I had successfully extracted & run Tor this morning, from yet another fresh download from the site.  I was using the browser fine about an hour ago, but when I opened it again just before, AVG popped up again with its "malware detected" dialogue box.

I've attached a screen cap from yesterday's first incident (I tried again after I posted, & that time, AVG quarantined Vidalia as well, & said it had removed 5 files, I believe).  I'll also attach a couple of screen caps from what's happening right now.  The box referring to Vidalia's "control socket" has never come up before.  [I'm not sure how to remove Capture3, showing a problem that was my fault & is fixed now.]

As you'll see in the screen caps, the malware AVG thinks it found was just labelled as "unknown".  I'm not sure what files AVG actually removed, because the downloaded file is still on my desktop & the extracted Tor Browser folder in my Program Files (where I extracted to) still appears in tact.  And in fact, Vidalia was still running (seen in Task Manager > Processes); now that I've killed that, I've just been able to restart Tor via the "Start Tor Browser" that was still sitting in Program Files.

To be clear, I'm using the "AVG Anti-Virus Free Edition 2011" - *without* the AVG security toolbar.  So nope, I didn't have the toolbar appear in my Tor Browser Bundle at any time.

Re. reproducing the problem... the file I downloaded *yesterday* - I extracted it, AVG had its hissy fit & removed the file/s.  I *think* I then extracted the browser bundle from that same download, & that was the 2nd time AVG "found" malware.  But to be honest, I'm a little shakey on whether I extracted from the same download or it *may* have been from a fresh download (sorry).

TODAY, I downloaded a fresh version from the website, & it worked fine > AVG did its thing > Tor still works fine.  So it started working again before I tried to extract another copy from this morning's download - but I kept the download if you still want me to try.  I've started/browsed/closed/restarted Tor 3 times now, with no problems - like I was able to do earlier this morning.

Hope this info helps.  Sorry if my explanation's a little jumbled.

comment:4 Changed 9 years ago by Sebastian

Resolution: worksforme
Status: newclosed

Can't reproduce with latest version, please reopen if it still causes trouble

Note: See TracTickets for help on using tickets.