flat assembler
Message board for the users of flat assembler.

Index > Windows > [b]trojan in fasmw167.zip???[/b]

Author
Thread Post new topic Reply to topic
taichin



Joined: 28 Jul 2007
Posts: 2
taichin
trojan in fasmw167.zip???

Win32/Static....

NOD32
2426


IS TRUE OR FALSE??
IT IS INFECTED??


Description: INFECTION IMAGE .... IS TRUE OR FALSE??
Filesize: 147.38 KB
Viewed: 2580 Time(s)

Nueva imagen.jpg


Post 28 Jul 2007, 04:15
View user's profile Send private message Reply with quote
Ivan2k2



Joined: 08 Sep 2004
Posts: 80
Location: Russia, Angarsk
Ivan2k2
no, it's not infected, it's false positive...
also check http://board.flatassembler.net/topic.php?t=7302
Post 28 Jul 2007, 04:55
View user's profile Send private message ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Now NOD32 enjoys being stupid? I'm disappointed Sad
Post 28 Jul 2007, 05:11
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
You have a much bigger risk getting infections from eMule than official FASM zips Smile
Post 28 Jul 2007, 12:29
View user's profile Send private message Visit poster's website Reply with quote
taichin



Joined: 28 Jul 2007
Posts: 2
taichin
I downloaded of the official page:

http://flatassembler.net/download.php


But it is a false alarm?...
Procedere with the installation....

thank


pd: Forgive me. My English is bad, but I use translators Smile .
Post 28 Jul 2007, 18:20
View user's profile Send private message Reply with quote
Vortex



Joined: 17 Jun 2003
Posts: 318
Vortex
taichin,

That's surely a false alarm. Probably, the internals of the assembler handling the PE \ MS COFF file creation triggered this false positive.

_________________
Code it... That's all...
Post 29 Jul 2007, 09:32
View user's profile Send private message Visit poster's website Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo
taichin, turn off heuristics (AV guesses) so that it won't check for "unknown variants" of pre-existing viruses. Granted, that's not a perfect solution, but these antivirus guys don't have the time or interest to prevent every false alarm. Or get a better antivirus scanner (but I don't know of any, even my AVG Free whines, doh).
Post 31 Jul 2007, 02:45
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
rugxulo wrote:
taichin, turn off heuristics (AV guesses) so that it won't check for "unknown variants" of pre-existing viruses. Granted, that's not a perfect solution, but these antivirus guys don't have the time or interest to prevent every false alarm. Or get a better antivirus scanner (but I don't know of any, even my AVG Free whines, doh).


Better to keep heuristics turned on, and do some manual investigation... that way you might have false positives that are a bit annoying, but you have less risk of getting infected by something nasty.

_________________
Image - carpe noctem
Post 31 Jul 2007, 13:20
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
And, what about careful computer utilization? I have no AV at all and I'm clean anyway. AVs are not able to detect all the existent viruses, only the ones that are popular enough (or have similar code that heuristics can detect).

It doesn't matter for you all that AVs are by itself pseudo-viruses by the amount of computer resources they spend?
Post 31 Jul 2007, 14:37
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Yes, an antivirus software won't catch everything, but they can catch a lot - especially if they don't scan for just virus signatures/heuristics, but also 'suspicious behaviour' (KAV has some interesting stuff in that respect).

I currently get by on "careful computer utilization" myself, but all it takes is one undisclosed exploit in IE or FF, one careless friend that borrows your computer for 5 minutes, or one person that visits you with an infected laptop...
Post 31 Jul 2007, 15:03
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Amen. What i hate is when people borrow your computer without your liking and they are practically searching for the stuff. They right away install all their addons like msnplus and FunWebProducts (Zwinky, Smiley Central, Cursor Mania, etc)... Then they go to porn sites... XD
Post 31 Jul 2007, 17:33
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
KRA



Joined: 14 Jun 2005
Posts: 24
KRA
Do like me...
When using Windows I always run uncertain programs like browsers and such in a sandbox.
I installed SandBoxIe and it works great.
When I suspect something is not as it should I simply deletes the content
of the sandbox and it's Ok to start over again.
You can even specify that certain programs always should be run sandboxed.
Try it out, You may like it like me...
Post 31 Jul 2007, 21:22
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Yea, but dosn't that take a performance hit? Plus, the most dangerous ones will use hooking to break out of teh sandbox anyway.
Post 31 Jul 2007, 21:28
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
kohlrak: sandboxie should only take a negligible performance hit, and they're taking a lot of precautions to make it hard to 'break out of'. I wouldn't use it as an environment for doing malware analysis, but for safer surfing and testing out apps, it should be quite decent enough. (and heck, even vmware seems to have had the possibility for break-outs).
Post 31 Jul 2007, 23:34
View user's profile Send private message Visit poster's website Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo
f0dder wrote:

Better to keep heuristics turned on, and do some manual investigation... that way you might have false positives that are a bit annoying, but you have less risk of getting infected by something nasty.


That's fine until it actually says somethings a virus that you know isn't (e.g. something you wrote or even FASM, what we don't trust Tomasz?? It's open source, people, it ain't hard to figure what he's up to.).

Anyways, if you're worried, just scan it with another antivirus program (or test it at http://www.virustotal.com ).
Post 02 Aug 2007, 21:56
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
> actually says somethings a virus that you know isn't (e.g. something you wrote or even FASM, what we don't trust Tomasz??

I really hope when Tomasz has time to work on FASM again he will fix
the real (minor) problems rather than crippeling it in attempt to "fix" this
"critical bug" Sad Sad

Same applies to Rugxulo's ATTRIB Confused

http://board.flatassembler.net/topic.php?t=7302
http://board.flatassembler.net/topic.php?t=7310
http://board.flatassembler.net/topic.php?t=7314 (kicked ??? Laughing )
http://board.flatassembler.net/topic.php?t=7406

_________________
Bug Nr.: 12345

Title: Hello World program compiles to 100 KB !!!

Status: Closed: NOT a Bug
Post 04 Aug 2007, 06:08
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.