I recently started running into trouble with my ruby install. Anytime
I tried to run ''gem'' or ''rake'' I''d
get the following output:
gem list
c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to load
-- digest.so (LoadError)
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:
11
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in
`require''
from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501
from c:/ruby/bin/gem.bat:5:in `require''
from c:/ruby/bin/gem.bat:5
I initially worked around this yesterday by reinstalling ruby & rails,
but then today the issue recurred, so I started digging deeper. I
tracked this down to my anti-virus software identifying digest.so as
"Trojan horse Generic10.JXS" and moving it into the Virus Vault
(effectively deleting it). I''m assuming that this is a false-
positive, as it occurred on both my work & home machines.
According to my virus scanner log, this was first detected on
2008-04-11 (the software updates itself daily).
Details:
OS: XP (home) Vista (work)
ruby --version
ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32]
AVG Free Edition (http://free.grisoft.com/)
Internal Virus Database version: 269.22.13/1376
"Virus" details:
Object name: digest.so
Object path: C:\ruby\lib\ruby\1.8\i386-mswin32\
Discovery: Trojan horse Generic10.JXS
Date of detection: 4/13/2008 7:13:40 AM
Source computer: ....
Finder: SYSTEM
File size: 20 KB (20566 bytes)
Healable: No
Source: Backup copy
Status: Infected
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
You are a life saver! Had the same problem yesterday 15 April 2008. This must be due to a recent update on AVG. I''ve now restored the offending file digest.so and ruby and my mongrel service is up and running again. (Until the file gets virus vaulted again...) Do we know whether this really is a false positive? Is there a way to prevent the file from being virus vaulted? Regards, Fabricio On Apr 14, 3:09 am, JoeFaust <jhartf...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I recently started running into trouble with my ruby install. Anytime > I tried to run ''gem'' or ''rake'' I''d get the following output: > > gem list > c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to load > -- digest.so (LoadError) > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb: > 11 > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in > `require'' > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501 > from c:/ruby/bin/gem.bat:5:in `require'' > from c:/ruby/bin/gem.bat:5 > > I initially worked around this yesterday by reinstalling ruby & rails, > but then today the issue recurred, so I started digging deeper. I > tracked this down to my anti-virus software identifying digest.so as > "Trojan horse Generic10.JXS" and moving it into the Virus Vault > (effectively deleting it). I''m assuming that this is a false- > positive, as it occurred on both my work & home machines. > > According to my virus scanner log, this was first detected on > 2008-04-11 (the software updates itself daily). > > Details: > > OS: XP (home) Vista (work) > > ruby --version > ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32] > > AVG Free Edition (http://free.grisoft.com/) > Internal Virus Database version: 269.22.13/1376 > > "Virus" details: > Object name: digest.so > Object path: C:\ruby\lib\ruby\1.8\i386-mswin32\ > Discovery: Trojan horse Generic10.JXS > Date of detection: 4/13/2008 7:13:40 AM > Source computer: .... > Finder: SYSTEM > File size: 20 KB (20566 bytes) > Healable: No > Source: Backup copy > Status: Infected--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I found this post on the AVG Free Forum titled "You suspect a file to be a false positive": http://forum.grisoft.cz/freeforum/read.php?4,104930,backpage=,sv As per instructions, I ran digest.so through the site mentioned here: http://virusscan.jotti.org/ and AVG Antivirus is the only scanner that returns a positive result, which leads me to believe that we are indeed dealing with a false positive, local to AVG. I have also emailed digest.so in an encrypted zipfile to virus-ld0H9BXHJIY@public.gmane.org I have not tried disable heuristic scanning on the Resident Shield. I have just been restoring the file from the virus vault each morning. :( --Joe On Apr 16, 4:51 am, pstonline <pstonl...-6XNpg8cIzCS8qtKVGud/9w@public.gmane.org> wrote:> You are a life saver! Had the same problem yesterday 15 April 2008. > This must be due to a recent update on AVG. > > I''ve now restored the offending file digest.so and ruby and my mongrel > service is up and running again. > (Until the file gets virus vaulted again...) > Do we know whether this really is a false positive? > Is there a way to prevent the file from being virus vaulted? > > Regards, > > Fabricio > > On Apr 14, 3:09 am, JoeFaust <jhartf...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > I recently started running into trouble with my ruby install. Anytime > > I tried to run ''gem'' or ''rake'' I''d get the following output: > > > gem list > > c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to load > > -- digest.so (LoadError) > > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb: > > 11 > > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in > > `require'' > > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501 > > from c:/ruby/bin/gem.bat:5:in `require'' > > from c:/ruby/bin/gem.bat:5 > > > I initially worked around this yesterday by reinstalling ruby & rails, > > but then today the issue recurred, so I started digging deeper. I > > tracked this down to my anti-virus software identifying digest.so as > > "Trojan horse Generic10.JXS" and moving it into the Virus Vault > > (effectively deleting it). I''m assuming that this is a false- > > positive, as it occurred on both my work & home machines. > > > According to my virus scanner log, this was first detected on > > 2008-04-11 (the software updates itself daily). > > > Details: > > > OS: XP (home) Vista (work) > > > ruby --version > > ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32] > > > AVG Free Edition (http://free.grisoft.com/) > > Internal Virus Database version: 269.22.13/1376 > > > "Virus" details: > > Object name: digest.so > > Object path: C:\ruby\lib\ruby\1.8\i386-mswin32\ > > Discovery: Trojan horse Generic10.JXS > > Date of detection: 4/13/2008 7:13:40 AM > > Source computer: .... > > Finder: SYSTEM > > File size: 20 KB (20566 bytes) > > Healable: No > > Source: Backup copy > > Status: Infected--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Got a response from AVG already:
Dear Sir/Madam,
thank you for your email.
We analyzed your file and we can confirm, that it is a false positive.
The detection of this file will be removed in next virus update.
If you need to restore deleted files from AVG Virus Vault you can do
it this way: open AVG Virus Vault (Start -> Programs -> AVG Antivirus
-> AVG Virus Vault). Locate the file that was removed, right click on
it and choose "Restore File(s)" option.
We are sorry for the inconvenience.
Answers to the most common questions can be found here as well:
http://www.avg.com/faq/
Best regards,
Martin Hosnedl
AVG Technical Support
website: http://www.avg.com
mailto: support-XbTVkfnkzC4@public.gmane.org
On Apr 17, 1:19 am, JoeFaust
<jhartf...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> I found this post on the AVG Free Forum titled "You suspect a file to
> be a false
positive":http://forum.grisoft.cz/freeforum/read.php?4,104930,backpage=,sv>
> As per instructions, I ran digest.so through the site mentioned
here:http://virusscan.jotti.org/ and AVG Antivirus is the only scanner
> that returns a positive result, which leads me to believe that we are
> indeed dealing with a false positive, local to AVG. I have also
> emailed digest.so in an encrypted zipfile to
vi...-ld0H9BXHJIY@public.gmane.org I have
> not tried disable heuristic scanning on the Resident Shield. I have
> just been restoring the file from the virus vault each morning. :(
>
> --Joe
>
> On Apr 16, 4:51 am, pstonline
<pstonl...-6XNpg8cIzCS8qtKVGud/9w@public.gmane.org> wrote:
>
> > You are a life saver! Had the same problem yesterday 15 April 2008.
> > This must be due to a recent update on AVG.
>
> > I''ve now restored the offending file digest.so and ruby and
my mongrel
> > service is up and running again.
> > (Until the file gets virus vaulted again...)
> > Do we know whether this really is a false positive?
> > Is there a way to prevent the file from being virus vaulted?
>
> > Regards,
>
> > Fabricio
>
> > On Apr 14, 3:09 am, JoeFaust
<jhartf...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > > I recently started running into trouble with my ruby install.
Anytime
> > > I tried to run ''gem'' or
''rake'' I''d get the following output:
>
> > > gem list
> > > c:/ruby/lib/ruby/1.8/i386-mswin32/digest/sha2.so: no such file to
load
> > > -- digest.so (LoadError)
> > > from
c:/ruby/lib/ruby/site_ruby/1.8/rubygems/source_index.rb:
> > > 11
> > > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501:in
> > > `require''
> > > from c:/ruby/lib/ruby/site_ruby/1.8/rubygems.rb:501
> > > from c:/ruby/bin/gem.bat:5:in `require''
> > > from c:/ruby/bin/gem.bat:5
>
> > > I initially worked around this yesterday by reinstalling ruby
& rails,
> > > but then today the issue recurred, so I started digging deeper.
I
> > > tracked this down to my anti-virus software identifying digest.so
as
> > > "Trojan horse Generic10.JXS" and moving it into the
Virus Vault
> > > (effectively deleting it). I''m assuming that this is a
false-
> > > positive, as it occurred on both my work & home machines.
>
> > > According to my virus scanner log, this was first detected on
> > > 2008-04-11 (the software updates itself daily).
>
> > > Details:
>
> > > OS: XP (home) Vista (work)
>
> > > ruby --version
> > > ruby 1.8.5 (2006-12-25 patchlevel 12) [i386-mswin32]
>
> > > AVG Free Edition (http://free.grisoft.com/)
> > > Internal Virus Database version: 269.22.13/1376
>
> > > "Virus" details:
> > > Object name: digest.so
> > > Object path: C:\ruby\lib\ruby\1.8\i386-mswin32\
> > > Discovery: Trojan horse Generic10.JXS
> > > Date of detection: 4/13/2008 7:13:40 AM
> > > Source computer: ....
> > > Finder: SYSTEM
> > > File size: 20 KB (20566 bytes)
> > > Healable: No
> > > Source: Backup copy
> > > Status: Infected
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---