Index
> Heap > OllyDbg & FASMW recognized as viruses by AVG Free.Goto page 1, 2 Next |
| Author |
|
|
MHajduk
Today my AVG Free Edition recognized OllyDbg 1.10 as a virus Obfustat.SS.
 What's going on?
Olly was downloaded from http://www.ollydbg.de/download.htm. The same about 'FASMW.EXE' (see next posts).
Last edited by MHajduk on 11 Jul 2007, 07:37; edited 3 times in total |
||||||||||
10 Jul 2007, 09:42 |
|
|||||||||
|
HyperVista
I agree with DustWolf. It's likely a false positive based on binary signature, which is not all that unusual. Check out this recent article about Kaspersky Labs and a Chinese AV company suing each other over false positives.
 |
|||
|
10 Jul 2007, 10:49 |
|
|
DustWolf
HyperVista wrote: Check out this recent article about Kaspersky Labs and a Chinese AV company suing each other over false positives. Quote: the judge would do well to issue a long-standing subpoena to the parents of each company to make sure no one is spit on, or that no lunch money is brutally stolen while the court makes attempts at progress. |
|||
|
10 Jul 2007, 11:15 |
|
|
vid
when they see routines for handling PE executable header, then it is very supicious for them. Many un/packers and debuggers caused alarm with some AV sometimes.
|
|||
|
10 Jul 2007, 11:26 |
|
|
MHajduk
Yes, I also suspect that it' s false positive.
 Unfortunately AVG "heals" Olly by deleting him. 
I've found partial solution of this problem - by downloading older Olly version ( 1.08 ) which isn't "suspicious" for AVG. |
|||
|
10 Jul 2007, 11:37 |
|
|
kohlrak
Do a full scan, Olly isn't tagged by avg on my compy. You could have something that edited olly and put itself in.
|
|||
|
10 Jul 2007, 12:19 |
|
|
MHajduk
Most interesting is that virus was found also in zip archive with Olly 1.10 which I've downloaded today to "repair" already installed debugger.
BTW, I performed full system scan yesterday. My AVG is updated everyday. |
|||
|
10 Jul 2007, 12:29 |
|
|
MHajduk
It should be even more interesting for you, guys: after today's full system scan FASMW.EXE in 'fasmw167.zip' was recognized as Obfustat.OS virus.
No more threats found.
|
||||||||||
|
10 Jul 2007, 13:18 |
|
|||||||||
|
LocoDelAssembly
AVG doesn't provide any info about Obfustat.OS?
|
|||
|
10 Jul 2007, 14:24 |
|
|
MHajduk
|
|||
|
10 Jul 2007, 14:57 |
|
|
DOS386
Quote: Today my AVG Free Edition recognized OllyDbg 1.10 as a virus Obfustat.SS. Shocked What's going on? Known issue, no "fix" can be expected within next 1'000'000'000'000 years
_________________ Bug Nr.: 12345 Title: Hello World program compiles to 100 KB !!! Status: Closed: NOT a Bug |
||||||||||
|
10 Jul 2007, 21:16 |
|
|||||||||
|
handyman
I ran the AVG update just a bit ago this evening and the AVG scanner is now passing FASMW 1.67.21 and Ollydbg 1.10 as OK.
also see: http://board.flatassembler.net/topic.php?t=7310 |
|||
|
13 Jul 2007, 02:17 |
|
|
Furby
ładne imię Mikołaj
Can you add it to a clean list ? I use nod32 at work and Avast at home so I don't no much about the issue |
|||
|
13 Jul 2007, 19:39 |
|
|
MHajduk
Furby wrote: ładne imię Mikołaj
Nawiasem mówiąc, imię to jakby ostatnio spowszedniało... (coraz więcej małych imienników)...
[BTW, this name becomes more common lately... (more and more little namesakes)... ] |
|||
|
13 Jul 2007, 20:06 |
|
|
kohlrak
Not surprising. More programs, so theoretically more signatures, eventually more are going to match, right?
|
|||
|
20 Jul 2007, 16:12 |
|
|
MHajduk
kohlrak wrote: Not surprising. More programs, so theoretically more signatures, eventually more are going to match, right? |
|||
|
20 Jul 2007, 20:26 |
|
|
rugxulo
Even my dumb, wimpy (buggy?) DOS ATTR.COM is (still) detected as "suspicious unknown EXE / COM virus" by AVG Free. (And it doesn't even open / read / create / modify / write / close / delete any files or stay resident!!)
There are three possible ways around it:
If these don't help, please post here!! |
|||
|
20 Jul 2007, 20:27 |
|
|
kohlrak
It's not just AVG free, though avg free is becomming more and more known for this, i guess that would actually be a good sign for AVG because that would mean it's virus db is bigger, hence all the false alarms. But, because this problem is becomming more and more common, i think it's now important that we come up with something other than "signatures" and more towards potential threat opcodes and calls. Especially because the webdav (sp?) thing seems to get through firewalls pretty well.
|
|||
|
22 Jul 2007, 20:30 |
|
|
asmfan
After loading FASMW on www.virustotal.com i got funny result
Quote: Webwasher-Gateway 6.0.1 2007.07.23 Win32.Malware.gen (suspicious) lol, seems all of us getting a compiled malware ))) _________________ Any offers? |
|||
|
23 Jul 2007, 07:56 |
|
| Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|