flat assembler
> Heap > OllyDbg & FASMW recognized as viruses by AVG Free.Goto page 1, 2 Next |
| Author |
|
|
Today my AVG Free Edition recognized OllyDbg 1.10 as a virus Obfustat.SS.
 What's going on?
Olly was downloaded from http://www.ollydbg.de/download.htm. The same about 'FASMW.EXE' (see next posts).
Last edited by MHajduk on 11 Jul 2007, 07:37; edited 3 times in total |
||||||||||
10 Jul 2007, 09:42 |
|
|||||||||
|
Probably a false positive.
I suppose AVG must have some kind of contact information or forum where you can ask about it? On AVs... A while ago, all my FASM programs that used the GlobalAlloc memory allocation API were identified as viruses. I reported the false positive but nothing happened. I guess the people who make these idenitification libraries don't care much for the false positives of a few developers... so long as it covers all of their viruses. |
|||
|
10 Jul 2007, 10:33 |
|
|
I agree with DustWolf. It's likely a false positive based on binary signature, which is not all that unusual. Check out this recent article about Kaspersky Labs and a Chinese AV company suing each other over false positives.
 |
|||
|
10 Jul 2007, 10:49 |
|
|
HyperVista wrote: Check out this recent article about Kaspersky Labs and a Chinese AV company suing each other over false positives. Quote: the judge would do well to issue a long-standing subpoena to the parents of each company to make sure no one is spit on, or that no lunch money is brutally stolen while the court makes attempts at progress. |
|||
|
10 Jul 2007, 11:15 |
|
|
when they see routines for handling PE executable header, then it is very supicious for them. Many un/packers and debuggers caused alarm with some AV sometimes.
|
|||
|
10 Jul 2007, 11:26 |
|
|
Yes, I also suspect that it' s false positive.
 Unfortunately AVG "heals" Olly by deleting him. 
I've found partial solution of this problem - by downloading older Olly version ( 1.08 ) which isn't "suspicious" for AVG. |
|||
|
10 Jul 2007, 11:37 |
|
|
Do a full scan, Olly isn't tagged by avg on my compy. You could have something that edited olly and put itself in.
|
|||
|
10 Jul 2007, 12:19 |
|
|
Most interesting is that virus was found also in zip archive with Olly 1.10 which I've downloaded today to "repair" already installed debugger.
BTW, I performed full system scan yesterday. My AVG is updated everyday. |
|||
|
10 Jul 2007, 12:29 |
|
|
It should be even more interesting for you, guys: after today's full system scan FASMW.EXE in 'fasmw167.zip' was recognized as Obfustat.OS virus.
No more threats found.
|
||||||||||
|
10 Jul 2007, 13:18 |
|
|||||||||
|
AVG doesn't provide any info about Obfustat.OS?
|
|||
|
10 Jul 2007, 14:24 |
|
|
10 Jul 2007, 14:57 |
|
|
Quote: Today my AVG Free Edition recognized OllyDbg 1.10 as a virus Obfustat.SS. Shocked What's going on? Known issue, no "fix" can be expected within next 1'000'000'000'000 years
_________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug |
||||||||||
|
10 Jul 2007, 21:16 |
|
|||||||||
|
I ran the AVG update just a bit ago this evening and the AVG scanner is now passing FASMW 1.67.21 and Ollydbg 1.10 as OK.
also see: http://board.flatassembler.net/topic.php?t=7310 |
|||
|
13 Jul 2007, 02:17 |
|
|
ładne imię Mikołaj
Can you add it to a clean list ? I use nod32 at work and Avast at home so I don't no much about the issue |
|||
|
13 Jul 2007, 19:39 |
|
|
Furby wrote: ładne imię Mikołaj
Nawiasem mówiąc, imię to jakby ostatnio spowszedniało... (coraz więcej małych imienników)...
[BTW, this name becomes more common lately... (more and more little namesakes)... ] |
|||
|
13 Jul 2007, 20:06 |
|
|
Not surprising. More programs, so theoretically more signatures, eventually more are going to match, right?
|
|||
|
20 Jul 2007, 16:12 |
|
|
kohlrak wrote: Not surprising. More programs, so theoretically more signatures, eventually more are going to match, right? |
|||
|
20 Jul 2007, 20:26 |
|
|
Even my dumb, wimpy (buggy?) DOS ATTR.COM is (still) detected as "suspicious unknown EXE / COM virus" by AVG Free. (And it doesn't even open / read / create / modify / write / close / delete any files or stay resident!!)
There are three possible ways around it:
If these don't help, please post here!! |
|||
|
20 Jul 2007, 20:27 |
|
|
It's not just AVG free, though avg free is becomming more and more known for this, i guess that would actually be a good sign for AVG because that would mean it's virus db is bigger, hence all the false alarms. But, because this problem is becomming more and more common, i think it's now important that we come up with something other than "signatures" and more towards potential threat opcodes and calls. Especially because the webdav (sp?) thing seems to get through firewalls pretty well.
|
|||
|
22 Jul 2007, 20:30 |
|
|
After loading FASMW on www.virustotal.com i got funny result
Quote: Webwasher-Gateway 6.0.1 2007.07.23 Win32.Malware.gen (suspicious) lol, seems all of us getting a compiled malware ))) _________________ Any offers? |
|||
|
23 Jul 2007, 07:56 |
|
| Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|