maybe Rustock was written with fasm and fasmlib?
c\c++ + (f)asm

Rustock is just one of many things that AVs report on these files: http://www.virustotal.com/file-scan/report.html?id=5a06b06eb7530a640298c732f77b1a1305b1362846088add21c63b256dc23f43-1256003064

Come on, it's just another false alarm of which we have seen dozens.

Oh, please! Are you serious? Yes, some malware can overwrite the BIOS flash ROM, but this is not really hardware. I would REALLY like to see some solid proof of malware frying NICs or PSUs and it better not be from snopes.com.

On a fun note:

I hope he was messing with the OP.


Actually, a spyware does. Computer viruses emulate biological ones and simply replicate by infecting (overwriting or appending) executables (the vector) so they can spread throughout the entire filesystem (the host). A rootkit infects or replaces system tools in order to hide other activities, such as a hacking in progress or the storage/sharing of illegal material.
As for an identity theft happening to you, are you sure you did not share too much personal information with the whole world on Facebook or logged into your e-mail account while someone was shoulder surfing you?


Aside from the script-kiddie creep next door who has been stalking you for the past 6 months (), most malware outbreaks are indiscriminate attacks usually occurring on a regional or worldwide scale. They occasionally target specific machines/networks depending on the data stored on their disks (e.g. marketing plans, CAD files, suppliers lists) or some running software (e.g. industrial control systems).
Of course you could try to e-mail me some malware and hope I get infected but don't even think you could fool me with a "big_boobs.png.exe" or lure me into following a link to "cheapviagra.com".


It is already working.


Crappy AV heuristics recognizing malware everywhere and not recognizing it when it is there?


Does "dynamic linking" ring a bell? Neither fasm nor fasmlib is pulling anything from any DLL. The source is simply assembled and external code comes into play *only* when the program is ran by the OS's executable loader. There is no mysterious DLL.

Well said ManOfSteel.

Bravo, but, alas, it will fall on deaf ears.

Hungry trolls need feeding, too.

Even my PE from scratch Hello World gets positives from three AV:s.

mindcooler,

Is your PE small enough? Mine (0.3k IIRC) alerts almost all of them.

Well, mine is almost a k, 1021b.

I don't see why size alone should be suspicious.

mindcooler,

Then you have to RE AVs more.

Heuristics are the scourge of AV country. They feel confident in their algorithms, yet those algorithms are so fuzzy that single-section PE is suspicious.

Signature analysers can't beat morphing engines, so they stuff more (and more) detected signatures until the whole thing goes awry.

All in all it's just a brick in the wall.

Thanks janequorzar for the heads up. I say they don't like FASM because they can't detect every detail, beside it's not a MS thing... MS be paying us ... so who cares about FASM anyway.

I started thinking like this last week, actually for a few years now.

I'm like you janequorzar, I hear you loud and clear. You're not claiming to be an expert. All you are saying is:

"Don't drop it, just pass it on! ... with a few notes we can get it back on track"


Reading this thread kind of made me feel this was all your fault. hee hee
..........................
..........................
PS: People
dd if=/dev/zero of=/dev/win_par bs=1M
and please add conv=notrunc,noerror

dd to backup your finest working Windows than dd to clean your programming disk and Windows partition sometimes... I will not go into details but sh*t happens, bigtime, and you never know until the end. Save your project 3 times (in steps) (as app_111 is main with latest changes... get it) and off-site even for ANY kind of change no matter how small. Reboot and make sure it still W O R K . . .. than test it on another machine.

AVs are like strapping on thousands of condoms to avoid STDs (because there are several types). Not only do the condoms break, but the experience is less than pleasurable.

It's a flawed approach - look at how hard it is for our own bodies to fight cancer. A virus could be created to reconfigure whatever software is present on the machine to act in a malicious manner. Meaning the virus is stored at an operational abstraction layer - not existing in a single searchable place.

How could this be detected? The AV industry stopped at a rough approximation of Natural antibodies. Luckily the human body does a great deal more - otherwise we'd all be dead.

The OS/browser can restrict software, but people want control and that makes the system vulnerable. I prefer to trust myself rather than defer to someone else, but it's nice to be informed about what is happening behind the scenes. So, when I make a mistake I know better where the mistake was made.

[I've been thinking a lot about how to protect transparency in many settings.]

I'm using a commercial version of Norman at work and I get trojan alerts on a lot of fasm executables, including the examples and fasmlib.
I have tried to compile the source of the offending example (flibcdll.asm) and I don't get any alerts on the resulting executable.
Even though I have no reason to suspect the developers of these executables, I don't know who has access to the server where theses executables reside. Either way it might be an idea to remove the executables from the example download.

Has anyone verified the executables are untampered with? Wasn't this site hacked once? ... or was it just the forum that was messed with?

TrendMicro HouseCall thought my whole fasm folder was viruses.

This thread is looking too paranoid for me...

There was false positives for Fresh and Fresh compiled binaries at the past, but after sending several examples to Avira support desk, and when I downloaded the next update, the alarms stopped.

Also, on my work computer, there is a Symantec corporate edition installed. When our IT support team installed it for first time, there was also false positives for all Fresh and Fresh compiled files.
It was fixed by our IT support and now I am working with Fresh on every corporate computer without problems.

Before, it was easy for AV makers - if it is bloated and huge - then it is not virus. If it is compact and efficient - then virus.
Now, when there is a growing list of assembly written applications, to detect real viruses is really harder.

Regards.

Is there?

I imagine the ratio is getting smaller but the absolute number will be increasing. One thing is for sure, the list can never get smaller.

Ah, yes, there is.
Of course, not every programmer comes to the forum to post: "I made great program with FASM."

inverses




I'll never cash-in. It been a while, and now I understand the C++ that many FASM is crazy about. I plan to do a lot of FASM modules as HOST for C++ code. I hope this is not cheating toooo much? I just want to put a little time in it.

All I need is the link to vid "OPP's article for FASM". I did clean-up week back in July and I have not found them yet. It's buried so deep in my backup. Google turns-up everything other!!!

Google-Please: (ASM, FASM, vid OPP's for FASM)
but no vid?

http://www.google.com/search?hl=en&source=hp&ie=ISO-8859-1&q=ASM%2C+FASM%2C+vid+OPP%27s+for+FASM&btnG=Google+Search&aq=f&aqi=&aql=&oq=&gs_rfai=

What's up with that? I might as well ask here.

Mostly, I just don't like the curly braces. It can't be impossible to replace them for personal use with the help of codeblocks or something. C++ and FASM. I always have wondered about them. Now it's like they on the same team with my FASM as QUARTERBACK, so jumping-ship is out the question.

http://www.codeblocks.org/