flat assembler
Message board for the users of flat assembler.

Index > Windows > Trojan:Win32/Wacatac.B!ml

Author
Thread Post new topic Reply to topic
Overclick



Joined: 11 Jul 2020
Posts: 635
Location: Ukraine
Overclick 06 Jun 2023, 16:22
Hi
My own project detected as Trojan on stupid Windows 11. Any idea? Surprised

Maybe fasm infected or what?
Post 06 Jun 2023, 16:22
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19872
Location: In your JS exploiting you and your system
revolution 06 Jun 2023, 16:29
Overzealous AV.

Your options are to rewrite/reorder/change your code.

Or delete your AV.

Note that malware writers can do exactly the same to stop it triggering, so it brings into question the usefulness of AVs.
Post 06 Jun 2023, 16:29
View user's profile Send private message Visit poster's website Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 635
Location: Ukraine
Overclick 06 Jun 2023, 16:38
Hmm..
Could you explain what is AV? AudioVideo?
Post 06 Jun 2023, 16:38
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19872
Location: In your JS exploiting you and your system
revolution 06 Jun 2023, 16:40
AntiVirus.
Post 06 Jun 2023, 16:40
View user's profile Send private message Visit poster's website Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 635
Location: Ukraine
Overclick 06 Jun 2023, 16:49
But that is default Windows Defender and I want my project to be easily used for anyone.
What kind of my code can be detected as that Trojan? I'm confused really. All I do is COM via audio devices, playback and stream to device. That was working for past year no problem until I tried it now.
Post 06 Jun 2023, 16:49
View user's profile Send private message Visit poster's website Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 06 Jun 2023, 18:12
I experienced it from Day 1 since I started FASM programming.

See My simple compiler generates an EXE identified as trojan

It is useless to submit to Microsoft for whitelisting, because it doesn't change their detection algorithm.

Like someone suggested in the thread above, might be useful to make the code bloated?

Perhaps add this somewhere in the .code section?
Code:
_bloat:   times 64000 db 0xCC     


Of course this is not always practical for our programs.
Post 06 Jun 2023, 18:12
View user's profile Send private message Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 635
Location: Ukraine
Overclick 06 Jun 2023, 18:48
That was my previous engine project and new one doesn't have that issue yet until I integrate all things together. Will see but I'm still surprised. Thanks Flier-Mate, I'll keep it in mind.
Post 06 Jun 2023, 18:48
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 3892
Location: vpcmipstrm
bitRAKE 06 Jun 2023, 19:04
This and the increasing Windows Store integration are probably the top two reasons not to use Windows 11.

Something that might help is to add an exclusions to Microsoft Defender, but certainly not an option for anyone that might use your software.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 06 Jun 2023, 19:04
View user's profile Send private message Visit poster's website Reply with quote
Overclick



Joined: 11 Jul 2020
Posts: 635
Location: Ukraine
Overclick 06 Jun 2023, 19:35
I hate windows 11 same as 8-10 because of stupid mobile-choppy-touch-interface. But I had to moved to it for software support. And yes I have to make my project to be compatible for new generation.
But to be honest I have to notice the sound have MUCH BETTER quality on 11 instead of previous windows. Even my old project sounds perfect on it:
https://sourceforge.net/projects/stereo-to-7-1-converter/
Post 06 Jun 2023, 19:35
View user's profile Send private message Visit poster's website Reply with quote
Picnic



Joined: 05 May 2007
Posts: 1378
Location: Piraeus, Greece
Picnic 07 Jun 2023, 05:53
I have the same problem with Hobby BASIC in Windows 10. Badly, I stopped looking for solutions, they seem to don't last. But It's my personal fun project and i don't care much. In Windows 10, real time protection won't even let me download it from the fasm forum. And that happens sometimes, not always. How to explained this?
Post 07 Jun 2023, 05:53
View user's profile Send private message Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 770
Location: Russian Federation, Sochi
ProMiNick 07 Jun 2023, 08:11
Try to sign thour app even with untrusted certificate. AV usually skip signed ones.
Post 07 Jun 2023, 08:11
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 19872
Location: In your JS exploiting you and your system
revolution 07 Jun 2023, 08:16
ProMiNick wrote:
Try to sign thour app even with untrusted certificate. AV usually skip signed ones.
If true then that would speak to how dumb AVs are. Razz

But doesn't that then give another problem with Windows complaining that the binary is untrusted when anyone tries to run it?
Post 07 Jun 2023, 08:16
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.