AVG reports Win32/Heim torjan in Office 365 installer (downloaded from Microsoft's site)

[sirhawkeye64]

I've got a computer that's running AVG (it's a friends computer) and after downloading the Microsoft Office 365 installer from Office.com (which is where you have to log in and download) it now identifies it as a trojan. This is a clean install with just AVG and Windows with drivers. I'm starting to wonder if perhaps since the AVG install is 6 months old (we restored it from a clean disc image that was made 6 months ago) that the definitions weren't up to date, and thus weren't able to identify the current Office 365 installer as being OK, but rather labelled it as a virus because it wasn't in its definitions database? But even then so, I'd assume that it would able to determine who it came from (Microsoft) as Office 365 has been out for quite some time, unless MS changes its digital signatures when the update the installers? I'm about 80% sure this has to be a false positive and is a result of AVG or the old outdate defintions. I just was curious if anyone has run into this with AVG? It seems that it has caused problems with some games, particulary ones from Steam....

Is this a false positive? ESET on my computer (along with another computer running Norton Anti-Virus) doesn't pick it up as a virus. I'm wondering if because the Office 365 installer sends and receives data from a remote server, if AVG thinks that this is malware/virus activity.

Has anyone else run into this with AVG? From basic Googling, it looks like false-positives like this are common with AVG. I would have expected that my machine running ESET would have picked up anything as it's very good at detecting pretty much everything, even things embedded in zip files 6 layers deep, etc, and I have ESET set on a very aggressive scanning/cleaning settings.

 

[jossrik]

There is a chance some one kidnapped the download and inserted something, however, AVG likely wouldn't necessarily detect that as opposed to a virus/malware. Some one doing that would be pretty rare to the point I'd say that's not a worry in this case. If you downloaded it from microsoft, then most likely it's a false positive. If you have reason to think otherwise, just log in through a proxy and download and see what happens. The likelihood of a download getting hijacked twice randomly is well into more slim than the first, and barring physically changing your IP to a different physical location is well into trusted territory. False positive is way more likely than anything else, especially if other AVs don't detect it. Being old definitions, newer definitions would have a better chance of detecting. Update.

 

[rickin432]

Something directly from the MS site is not a malware.

Replace avg with avast, avira or panda.

 

[sirhawkeye64]

I ended up giving him one of my ESET licenses (I usually buy licenses in multi-packs anyway). I'm going to with a false-positive at this piont, because after checking the virus definitions date again, it was about a year out of date, so my assumption is that it didn't recognize the file as being safe. ESET doesn't detect anything, and neither does Norton Anti-Virus (and my version of ESET finds just about anything). Plus i downloaded directly from the Microsoft website so the likeliness (as others have said) of it being malware are slim to none. Now with ESET, no complaints about trojans or malware. (We did a full format, and restore again from the disc image to be sure, and swapped AVG with ESET and then downloaded the Office installer again).

Apparently, my friend had AV updating set to manual, so it didn't check when we booted it up the first time after re-imaging the drive...