07-12-2012 08:22 AM
I am performing a fresh install of Win7 on a T61p. I downloaded the 'Thinkpad Rescue and Recovery' installer (tvtvrnr43_1027fi.exe) from Lenovo's download site and ran it to began installing it. After some unpacking and working through the setup wizard a bit AVG detected the following as a threat:
Threat: Trojan horse Agent_r.BKV
Since I know this package came direct from Lenovo and since R&R is likely doing things that LOOK like a trojan, I have to believe AVG is throwing a false positive here. But before I proceed I wanted to ask anyone else if they have encountered this before? Is it possible that the R&R installer is actually infected with a virus??
07-12-2012 09:26 AM
rbell wrote: Is it possible that the R&R installer is actually infected with a virus??
The answer to this is No... not even your AVG suspects that. A trojan is much different then a Virus. An example of a trojan would be a computer program that claims to do one thing, but really does something different. A virus is a generic definition of a type of malware that infects and reproduces and spreads.
Any program that can make major changes to a computer could easily be detected as a false positive by anti-virus software, and AVG is one of the worse when it comes to false detections.
My advice is to look it up on AVG's database and see what it is they claim to have found. Odds are it's a generic classification or a heuristic definition, meaning their software is basically making a wild guess that it might not be what it claims to be.
If you're overly concerned about this you can update your AVG definitions each day until it's removed from the database. I'd also report it to AVG, they can't rule it out until someone reports it. Odds are it's been reported already, but it's best to check and do your part and improving a freeware product.
I doubt lenovo can do anything about it anyway. If the file was infected with a virus, that may be a different story, but most servers will detect a change in the file and anything infected will be removed very quickly. With a trojan definiton, it would be like trying to prove a negative. For example, if you say you're a doctor, but I say you're a plumber, you can easily prove you are a doctor, but you can't so easily prove you're NOT a plumber, and in this case AVG probably isn't even saying what type of program it thinks this really is, so that makes it infintiely harder to prove... so the ball is in AVG's court, then need to fix it, or provide something specific for lenovo to contest or fix.