flat assembler
Message board for the users of flat assembler.
![]() Goto page 1, 2 Next |
Author |
|
MHajduk
Today my AVG Free Edition recognized OllyDbg 1.10 as a virus Obfustat.SS.
![]() Olly was downloaded from http://www.ollydbg.de/download.htm. The same about 'FASMW.EXE' (see next posts).
Last edited by MHajduk on 11 Jul 2007, 07:37; edited 3 times in total |
||||||||||
![]() |
|
HyperVista
I agree with DustWolf. It's likely a false positive based on binary signature, which is not all that unusual. Check out this recent article about Kaspersky Labs and a Chinese AV company suing each other over false positives.
![]() |
|||
![]() |
|
DustWolf
HyperVista wrote: Check out this recent article about Kaspersky Labs and a Chinese AV company suing each other over false positives. Quote: the judge would do well to issue a long-standing subpoena to the parents of each company to make sure no one is spit on, or that no lunch money is brutally stolen while the court makes attempts at progress. ![]() |
|||
![]() |
|
vid
when they see routines for handling PE executable header, then it is very supicious for them. Many un/packers and debuggers caused alarm with some AV sometimes.
|
|||
![]() |
|
MHajduk
Yes, I also suspect that it' s false positive.
![]() ![]() I've found partial solution of this problem - by downloading older Olly version ( 1.08 ) which isn't "suspicious" for AVG. ![]() |
|||
![]() |
|
kohlrak
Do a full scan, Olly isn't tagged by avg on my compy. You could have something that edited olly and put itself in.
|
|||
![]() |
|
MHajduk
Most interesting is that virus was found also in zip archive with Olly 1.10 which I've downloaded today to "repair" already installed debugger.
BTW, I performed full system scan yesterday. My AVG is updated everyday. |
|||
![]() |
|
MHajduk
It should be even more interesting for you, guys: after today's full system scan FASMW.EXE in 'fasmw167.zip' was recognized as Obfustat.OS virus.
![]() ![]()
|
||||||||||
![]() |
|
LocoDelAssembly
AVG doesn't provide any info about Obfustat.OS?
|
|||
![]() |
|
MHajduk
|
|||
![]() |
|
DOS386
Quote: Today my AVG Free Edition recognized OllyDbg 1.10 as a virus Obfustat.SS. Shocked What's going on? Known issue, no "fix" can be expected within next 1'000'000'000'000 years ![]()
_________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug |
||||||||||
![]() |
|
handyman
I ran the AVG update just a bit ago this evening and the AVG scanner is now passing FASMW 1.67.21 and Ollydbg 1.10 as OK.
also see: http://board.flatassembler.net/topic.php?t=7310 |
|||
![]() |
|
Furby
ładne imię Mikołaj
Can you add it to a clean list ? I use nod32 at work and Avast at home so I don't no much about the issue |
|||
![]() |
|
MHajduk
Furby wrote: ładne imię Mikołaj ![]() Nawiasem mówiąc, imię to jakby ostatnio spowszedniało... (coraz więcej małych imienników)... ![]() [BTW, this name becomes more common lately... (more and more little namesakes)... ![]() |
|||
![]() |
|
kohlrak
Not surprising. More programs, so theoretically more signatures, eventually more are going to match, right?
|
|||
![]() |
|
MHajduk
kohlrak wrote: Not surprising. More programs, so theoretically more signatures, eventually more are going to match, right? ![]() |
|||
![]() |
|
rugxulo
Even my dumb, wimpy (buggy?) DOS ATTR.COM is (still) detected as "suspicious unknown EXE / COM virus" by AVG Free. (And it doesn't even open / read / create / modify / write / close / delete any files or stay resident!!)
There are three possible ways around it:
If these don't help, please post here!! |
|||
![]() |
|
kohlrak
It's not just AVG free, though avg free is becomming more and more known for this, i guess that would actually be a good sign for AVG because that would mean it's virus db is bigger, hence all the false alarms. But, because this problem is becomming more and more common, i think it's now important that we come up with something other than "signatures" and more towards potential threat opcodes and calls. Especially because the webdav (sp?) thing seems to get through firewalls pretty well.
|
|||
![]() |
|
asmfan
After loading FASMW on www.virustotal.com i got funny result
Quote: Webwasher-Gateway 6.0.1 2007.07.23 Win32.Malware.gen (suspicious) lol, seems all of us getting a compiled malware ))) _________________ Any offers? |
|||
![]() |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2019, Tomasz Grysztar.
Powered by rwasa.