Antivirus false positive on ransomware and keylogger for MikTex & TexStudio?

[Wrichik Basu]

I suggest that you try copying the installer file into a newly created directory/folder, such as C:\temp01, and when running the installer, specify another newly created directory/folder, such as C:\MikTeX, with no spaces in the directory/folder name, as the target directory/folder. Also ensure that the original installer filename is not changed, including by a (1) or (2) index being inserted into it due it being a subsequent download of the file. If you encounter the problem again, please move the alert box aside before making a screenshot and posting it, so that the content of the window behind it is visible.

Followed your advice word by word. Got the same error:

 

[sysprog]

I had previously not been able to replicate your problem; however, I had been using the 64-bit version. Using the 32-bit version, I was able to replicate the problem when running with (other than the install directory) the default options. When I switched from 'for all users' to 'this user only', the install ran successfully.

 

[Wrichik Basu]

I had previously not been able to replicate your problem; however, I had been using the 64-bit version. Using the 32-bit version, I was able to replicate the problem when running with (other than the install directory) the default options. When I switched from 'for all users' to 'this user only', the install ran successfully.

Thanks, could finally install MikTex properly (I installed in safe mode).

MikTex wants to set the PATH variable to its own bin folder. The variable already has the jdk address. I know I can set multiple addresses with the delimiter ;, but MikTex is not taking this. It wants to be the sole address in the PATH variable.

Any idea how I can keep both addresses (jdk and miktex) in PATH?

 

[sysprog]

Yay! You fixed it! Now you can write $\TeX$ and ftp://ftp.dante.de/tex-archive/info/intro-scientific/scidoc.pdf ($\leftarrow$nice writeup there) stuff to your heart's content. I've rarely had to address any PATH issues since the '80s. Here's a link to a tutorial on modifying the Windows PATH: https://www.h3xed.com/windows/how-to-add-to-and-edit-windows-path-variable

 

[Dr-Flay]

If you are having problems with installing for different types of user, make sure you right-click and run the installer as Admin.When having problems with an AV and installers, simply excluding the installer or folder it is in will not help, as the unpacked files are not the installer, they are new files in a new location.
You have to disable the AV temporarily. If it is still complaining, you didn't actually disable it.

At the end of the install process and before enabling the AV again you can exclude the new program folder.
The problem is that you now lose all protection of the contents of that folder so in future it could be full of malware.

Looking at your picture of the quarantined files it seems to have issue with Qt files in other software, so has obviously borked them or certain features. Either that or you have had a lot of bad downloads.
Looking at Quick Heal ratings, I would say go and buy a magic 8-ball or some lucky heather from a passing gypsy, as it may do much better.
https://www.av-comparatives.org/vendors/quick-heal/Perhaps that is unfair as the AV-Test site does show it has improved this year, but it is up and down like a yo-yo.
https://www.av-test.org/en/antivirus/home-windows/manufacturer/quick-heal/I would suggest you put it to your father that continuing to use it till the end of the current payment is incredibly unwise and downright risky. Sometimes you need to cut your losses and run.
You can get top class protection for free with either Bitdefender, Avira or Kaspersky. They stay in the top 5 more than any others all year long, so you cannot lose out by comparison.
(General rule of thumb) all the best AV offer a free version as they know you are likely to pay for the full thing after using it.
Bad AV do not have free versions or offer a free trial period to force you to buy.

Whatever AV (or OS) you use you should have a VirusTotal or similar extension in your browser for a second opinion, so that all your downloads are scanned my multiple engines (bare in mind VT can be at most 1 month out of date).
You can use the official VT extension https://support.virustotal.com/hc/en-us/articles/115002700745-Browser-Extensions
or alternatives such as https://add0n.com/virus-checker.html and https://www.opswat.com/free-tools/secure-online-downloading
These allow testing of files before you get them or automatically upon finishing download.

If you are not confident in the AV you have it is worth adding more protection the system so that malware can be stopped or do less harm.
https://www.novirusthanks.org/products/osarmor/ (Free)
The tools on that site are useful for all Windows users, with or without AV protection.

 

[elusiveshame]

You can get top class protection for free with either Bitdefender, Avira or Kaspersky. They stay in the top 5 more than any others all year long, so you cannot lose out by comparison.

I would definitely not recommend Kaspersky. The software may be good, but the company behind it isn't, and has been proven that they cannot be trusted.

Avira - I've had a single bad experience with them. I've since moved to AVG Free for the last 9 years (Avira was prior for 5), and I haven't had a single issue or infection with it. I know it's anecdotal, so take that for whatever it is worth, but definitely avoid Kaspersky.

 

[sysprog]

I would definitely not recommend Kaspersky. The software may be good, but the company behind it isn't, and has been proven that they cannot be trusted.

Avira - I've had a single bad experience with them. I've since moved to AVG Free for the last 9 years (Avira was prior for 5), and I haven't had a single issue or infection with it. I know it's anecdotal, so take that for whatever it is worth, but definitely avoid Kaspersky.

That seems like a shameless plug for an ill-mannered package that comes bundled with intrusive popup advertising for paid versions of itself and is not straightforward to remove. If you just use the normal uninstall procedure from Windows, it launches their uninstall wizard, and that process reports that the product was successfully uninstalled, but it's not really true.

Like a bad guest who leaves some of his stuff behind so he can drop by unexpectedly to visit his stuff later, AVG is not completely uninstalled at that point. To completely remove it you have to download their real uninstaller from the vendor's site.

If you don't already know about AVG Clear, which can be discovered from the AVG Resources tab in the AVG product before the uninstall runs, you have find it yourself, or the product will continue to lurk. (Ref: https://smallbusiness.chron.com/completely-uninstall-avg-anti-virus-45439.html)

They tacitly admit that their normal uninstall process is deliberately incomplete. Apparently they want the user to have to experience punishment for trying to uninstall the product before using their real uninstaller.

From https://www.avg.com/en-us/avg-remover

AVG Clear deletes all files associated with your AVG product, including registry items, installation files, and user files. Only use this if your AVG uninstall or repair has failed repeatedly.​

I think that's deeply hateworthy.

 

[elusiveshame]

That seems like a shameless plug for an ill-mannered package that comes bundled with intrusive popup advertising for paid versions of itself and is not straightforward to remove. If you just use the normal uninstall procedure from Windows, it launches their uninstall wizard, and that process reports that the product was successfully uninstalled, but it's not really true.

Like a bad guest who leaves some of his stuff behind so he can drop by unexpectedly to visit his stuff later, AVG is not completely uninstalled at that point. To completely remove it you have to download their real uninstaller from the vendor's site.

Shameless plug? I think you're reading way too much into it. Sure, AVG might leave remnants behind, but why do you want to uninstall it? (FWIW, McAfee, Norton, and a few others do the same). I'd rather have remnants left behind rather than a virus protection software opening backdoors to other government officials. Especially if I have zero plans on removing it (again, why remove something that's actually helping you?)

That being said, Avira, AVG, Avast, etc. all promote their full versions through pop-ups. I was easily able to disable pop-ups on AVG and haven't seen them in years.

I went with my experience and knowledge. If that's a "shameless plug", then I suppose everything anyone says about anything in a positive manner is a "shameless plug". Apparently saying "this is just anecdotal, so take it for whatever it's worth" wasn't a good enough preamble for thwarting ridiculous responses like this.

But yes, if you want outside actors being able to coerce a company into letting them into your workstation, by all means, promote Kaspersky.

 

[sysprog]

Shameless plug? I think you're reading way too much into it. Sure, AVG might leave remnants behind, but why do you want to uninstall it? (FWIW, McAfee, Norton, and a few others do the same). I'd rather have remnants left behind rather than a virus protection software opening backdoors to other government officials. Especially if I have zero plans on removing it (again, why remove something that's actually helping you?)

That being said, Avira, AVG, Avast, etc. all promote their full versions through pop-ups. I was easily able to disable pop-ups on AVG and haven't seen them in years.

I went with my experience and knowledge. If that's a "shameless plug", then I suppose everything anyone says about anything in a positive manner is a "shameless plug". Apparently saying "this is just anecdotal, so take it for whatever it's worth" wasn't a good enough preamble for thwarting ridiculous responses like this.

But yes, if you want outside actors being able to coerce a company into letting them into your workstation, by all means, promote Kaspersky.

I didn't promote Kaspersky, or endorse any product in my post. I deplored the misbehavior of AVG, and chided you for recommending such ill-mannered software. My saying that your recommendation of AVG "seems like a shameless plug of an ill-mannered package" was intended mainly to castigate AVG, and the word "shameless" was partly intended as play on your username. I didn't mean to be too reproachful of you.

From your post:

Sure, AVG might leave remnants behind, but why do you want to uninstall it?

Why should any software company exhibit the effrontery to ask that, or the arrogance to leave things behinds and falsely report to the user that the product is de-installed? Your apparent nonchalance about that is not shared by me. I find it fully hateworthy (detestable).

You mentioned Avast, which is in my opinion just as bad as AVG in this regard.

From https://www.avast.com/en-us/uninstall-utility:

Uninstall our software using avastclear
Sometimes it's not possible to uninstall Avast the standard way - using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility avastclear.

1. Download avastclear.exe on your desktop
2. Start Windows in Safe Mode
3. Open (execute) the uninstall utility
4. If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
5. Click REMOVE
6. Restart your computer

The statement "Sometimes it's not possible to uninstall Avast the standard way" is meretricious; in fact it's never possible.

The fact that other programs, such as Avira, of similar functionality are similarly ill-mannered does not justify recommending any of them.

Well-behaved programs don't try to defy the user when he wants to deinstall them, and they don't "leave remnants behind" when they are de-installed.

If I have any suspicion that a program package I install might be reluctant to be de-installed, or "might leave remnants behind", I will usually install it "under the watchful eye of Revo Uninstaller", which logs all changes to the system made during the install process, so that all of them can be undone during any future uninstall.

Proper backup procedures are much better than relying on AV programs.

 

[Dr-Flay]

I used to promote AVG as a good option when they were a good company with consistent performance.
Since Avast bought AVG it uses the same definitions, so is as good/bad as each other at file recognition.
Avast/AVG/Piriform sell your activity to 3rd parties.
When the pro packages expire they stop updating as they do not offer a free mode, thus leaving you behind and insecure.

The perceived Kaspersky threat is based on Politics not the actual evidence of what went down.
Kaspersky did/does nothing different from any other good AV. When an unknown file is seen it will upload it for analysis.
VirusTotal (owned by Google) is used by hackers and Gov agencies to find secret files in the same way they would end up in any other AV repo, because "Problem in Front of Keyboard", and people send secret files all the time.
It hit the news because.
1) A CIA operative broke the rules and took secret work home.
2) That operative failed to understand that AV will send new files somewhere else.
3) The Russian secret services had infiltrated Kaspersky.
3) Israeli state hackers had infiltrated Kaspersky and were watching the Russians at work.
4) Rather than notify Kaspersky that the Russian spooks were in the system, they notified the US and let the hacking continue.
5) Instead of blaming the CIA operative for the data breach, Kaspersky was seen as a more useful target as the media and general populace will not understand the real implications of how it happened.

Since then all relevant interested parties can have access to the source code for Kaspersky and can compare their own build with the regular distro.
As yet no one has found anything wrong with the code.
As for being the lapdog of the Russian Gov. the actual evidence would seem to show that if info is freely handed over they don't need to waste so much time in hacking the company to gain access. Apparently we are to think they could just use the phone, or walk in and ask.

Back to evidence based security issues, the US agencies have a well proven track record of getting US companies to add backdoors, weak crypto, or just hand over info due to commercial pressure or a 1-size-fits-all warrant.
In the released treasure trove of CIA and NSA hacking tools and docs over the past few years we also see that they had made their own special builds of several AV distros, including AVG, Avast and Kaspersky.

If I am going to draw any conclusions about privacy or security in AV software I would say, stay away from US software because [insert criticism of Russia].

All this aside, what you want is the best in protection, and going by trusted 3rd party tests we see that Bitdefender, Avira and Kaspersky are the top performers when it comes to real-time protection, that also have free versions so you can make up you own mind.
I have to support many users with many different AV so I get to experience the reality of the differences.
To see how they all compared over last year I compared the results from AV-Comparatives.
https://dr-flay.vivaldi.net/2018-anti-virus-comparison/