Virus in Easy Gif Animator?

[knouse]

Sophos Anti-Virus is reporting, "Virus Mal/HcPk-A has been detected in 'c:\program files\Easy Gif Animatory\gifan.exe'"

I downloaded a current version and reinstalled and Sophos immediately threw up the same dialog.

[chrisjlocke]

Any chance you could rename that file "gifan.txt" and email it to me? bluementals [at] chrisjlocke.co.uk
I've Sophos here too, as well as NOD32. What version of Sophos are you using?

I doubt it is a virus, but a false positive, but it would rule that out.
I can also forward the file onto Sophos to check.

[knouse]

I too suspect it is a false positive. I've not used Easy GIF Animator in some weeks so nothing's changed about it. But Sophos is updated multiple times a day.

Sophos version 6.5.2 with Threat detection engine = 2.42.3

I sent you an email with a link to the executable (renamed to gifan.txt) and two attachments: a screen shot of the Sophos warning and a dump of my Sophos configuration.

[chrisjlocke]

Yup, downloading your file kicked off my Sophos too. Interestingly, the IDE has been updated today (25th) and yesterday.

It does mention, "Mal/HckPk-A is a program that has been packed with a protection system typically used by malware authors." so could just be the way Karlis has protected it.

[davidp]

This problem seems to occur with HTMLPad too - htmlpad.exe was deleted after Sophos updated its definitions yesterday. I've submitted the file to Sophos for analysis - I think its probably more Sophos' fault than yours. Will now await response from them.

Meanwhile, I've just excluded HTMLpad from scanning, and reinstalled so I can continue to use this excellent software!

(I probably should have posted this under HTMLPad, but this topic seemed more relevant)

[chrisjlocke]

Thanks for the confirmation.

[knouse]

I can also forward the file onto Sophos to check.

Did you forward the file to Sophos?

[chrisjlocke]

Yes, I sent it to them.

[davidp]

I've just heard back from Sophos - they apologise for the problem and will release an update to correct it shortly:

The file that you sent to us for analysis was indeed producing a false-positive report. An IDE file to correct this will be released on the Databank and our web site shortly.

Hopefully this will also resolve the problem with Easy GIF animator.

[chrisjlocke]

Thanks for posting back. I've yet to hear from my submission, but guess they'll ignore it now, now that its been fixed!

[knouse]

I've just heard back from Sophos - they apologise for the problem and will release an update to correct it shortly:

They haven't released it yet. Sophos is still flagging it as soon as the installation completes.

[Karlis]

I guess there is nothing we can do. Please let me know how this resolves.

[davidp]

Sophos have corrected the problem with HTMLPad in the latest round of updates.

However, the problem with EasyGIF Animator doesn't seem to have been corrected. I downloaded the trial to test it, and the file gifan.exe is still automatically deleted. I guess I could try submitting this file to Sophos as well, but that might be pointless, as Chris has already done it.

[Karlis]

I guess I could try submitting this file to Sophos as well, but that might be pointless, as Chris has already done it.

I think it does make sense. More bugging they receive, more seriously they will take this issue.

[Karlis]

Please, if you can, BUG SOPHOS as many times as you can! They are slow on fixing this issue and this is harming our business.