flat assembler
Message board for the users of flat assembler.

flat assembler > Heap > malware alert for FASM.EXE (WIN32 command line tool) COMODO

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
AsmGuru62



Joined: 28 Jan 2004
Posts: 1393
Location: Toronto, Canada
I have AVG subscription for ~2 yrs now, and I had only two false positives -- to my surprise both of them being built freshly by tools:

1. My C++ program for some stuff I did and it got marked after I played with the LINK-er ENTRY changing option.

2. My STAR TREK code built by FASM. I do not know
what code lines triggered the alarm here. Maybe, it was sections order...

I sent both of the built EXE to AVG -- no response so far.
Post 16 Jan 2012, 15:13
View user's profile Send private message Send e-mail Reply with quote
shutdownall



Joined: 02 Apr 2010
Posts: 518
Location: Munich
JohnFound wrote:
I am fully agree with revolution here! If AV gives you false positive it is not your fault, it is fault of the AV!


In life it doesn't help much to discuss about who's fault is it. It is like it is. Shocked

@all
Thanks for discussion, this was quite new for me and I think I will ignore the warning. But it is always a good thing to keep care what AV kit is warning about and keep this in eyes, proove it and decide yourself wethet to use it or trust it or not.

Anyway it would be a good idea for AV kits to show at what location found possibly problematic code for developpers. But this might help virus programmer as well. Laughing
Post 18 Jan 2012, 12:04
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
^^that would take up your CPUs resources since the AV would have to scan the file.

But in reality most AVs use hashes to identify these malwares. The real task is in the first place the virus/malware is detected in order to make a unique hash out of it. There are different ways of detecting .i.e API hooking to monitor resource queries or scanning for a sequence of known bytes.
Post 18 Jan 2012, 15:58
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.