flat assembler
Message board for the users of flat assembler.

Index > Windows > AVG antivirus reports fasmw.exe as a virus

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
MattBro



Joined: 08 Nov 2003
Posts: 37
MattBro
With a recent update to the avg anti-virus database, it is now reporting fasmw.exe as a virus. It claims that it contains the virus
Obfustat.VQS. Is this a mistake?

I am running fasm 1.67.23. It provides no additional information about Obfustat.VQS.

_________________
-- -------------------------------------------------------
"I am the Way and the Truth and the Light, no one comes to the Father except through me" - Jesus
---------------------------------------------------------
Post 07 Nov 2007, 23:22
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Post 07 Nov 2007, 23:29
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
We should tell MazeGen to let AVG developers know next time he will be drinking beer with them Very Happy

but seriosly, did some (preferably with legal copy of AVG) report this?
Post 07 Nov 2007, 23:47
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
MattBro



Joined: 08 Nov 2003
Posts: 37
MattBro
vid wrote:
We should tell MazeGen to let AVG developers know next time he will be drinking beer with them Very Happy

but seriosly, did some (preferably with legal copy of AVG) report this?


I paid for my copy so I can do this if so desired. I just wanted to make sure it was a false alarm.

One funny thing is that for a while it was declaring all my linux object files on a fat32 drive I share as viruses. I guess anything compiled with gcc on linux is a virus . Maybe Bill Gates told them that. Laughing

_________________
-- -------------------------------------------------------
"I am the Way and the Truth and the Light, no one comes to the Father except through me" - Jesus
---------------------------------------------------------
Post 08 Nov 2007, 00:20
View user's profile Send private message Visit poster's website Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
MattBro wrote:
With a recent update to the avg anti-virus database, it is now reporting fasmw.exe as a virus.
Yes, I have also noticed yesterday this problem again. But fortunately command line version of FASM still seems to be "clear". Wink
Post 08 Nov 2007, 08:36
View user's profile Send private message Visit poster's website Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
That's weird. It used to happen a few months ago, but the problem was solved in days.
I have the latest version of fasm and the latest AVG AV database updates and both the IDE and the command line versions of fasm are working fine.
What version of AVG are you using?
Post 09 Nov 2007, 12:02
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
ManOfSteel wrote:
What version of AVG are you using?
All informations on the picture attached below. Smile


Description: AVG
Filesize: 41.54 KB
Viewed: 7737 Time(s)

AVG.png


Post 09 Nov 2007, 12:27
View user's profile Send private message Visit poster's website Reply with quote
BiMode



Joined: 14 Sep 2007
Posts: 14
Location: Thailand
BiMode
Some executable files produced by Fasm can be false alarm for NOD as well...
Post 10 Nov 2007, 15:32
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
BiMode: got example? maybe we can find out reason, some unstandard PE header value or something like that.
Post 10 Nov 2007, 15:38
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
@MHajduk:
That is definitely weird. I have the exact same version of AVG (even build version) as you.
The last time I posted, I had a 1 day old AV database. I updated it today and there is still no problem with fasmw. Even when I scan it manually, I get a "no threats found" message.
Are you 100% sure it wasn't infected somehow? Try re-extracting the binary or assembling from source.
I am using the latest fasm (1.67.23), BTW.
Post 10 Nov 2007, 18:54
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7797
Location: Kraków, Poland
Tomasz Grysztar
Maybe it was the .flat section (which was both executable and writeable) that got their attention? I splitted it into separate code and data sections now, please try if it helps something.
Post 10 Nov 2007, 19:33
View user's profile Send private message Visit poster's website Reply with quote
BiMode



Joined: 14 Sep 2007
Posts: 14
Location: Thailand
BiMode
Tomasz Grysztar wrote:
Maybe it was the .flat section (which was both executable and writeable)

I thought so, and especially when I turned the "Potentially unwanted applications" on (their advance scan option).


vid wrote:
BiMode: got example? maybe we can find out reason, some unstandard PE header value or something like that.

Its been 3 months since I deleted the test sorry (can't recall it). But Tomasz's modification sould solves the problem well I think...
Post 11 Nov 2007, 14:13
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
ManOfSteel, I have done exactly what you said: I have unpacked executable 'FASMW.EXE' from archive and scanned with the newest version of AVG Free. Now it seems that problem has gone. However, demon of the "FASM virus" is still roving around the world. Wink
Post 11 Nov 2007, 19:01
View user's profile Send private message Visit poster's website Reply with quote
Hayden



Joined: 06 Oct 2005
Posts: 132
Hayden
My FASMW.EXE just got moved to the vault recently too. lol

_________________
New User.. Hayden McKay.
Post 14 Nov 2007, 10:00
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY
I scanned latest fasmw.exe with lots of AV engines:

Quote:

Antivirus Version Last Update Result
AhnLab-V3 2007.11.15.0 2007.11.14 -
AntiVir 7.6.0.34 2007.11.14 -
Authentium 4.93.8 2007.11.14 -
Avast 4.7.1074.0 2007.11.14 -
AVG 7.5.0.503 2007.11.14 -
BitDefender 7.2 2007.11.14 -
CAT-QuickHeal 9.00 2007.11.14 -
ClamAV 0.91.2 2007.11.14 -
DrWeb 4.44.0.09170 2007.11.14 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5294 2007.11.14 -
Ewido 4.0 2007.11.14 -
FileAdvisor 1 2007.11.14 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 -
F-Secure 6.70.13030.0 2007.11.14 -
Ikarus T3.1.1.12 2007.11.14 -
Kaspersky 7.0.0.125 2007.11.14 -
McAfee 5163 2007.11.14 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2658 2007.11.14 -
Norman 5.80.02 2007.11.14 -
Panda 9.0.0.4 2007.11.14 -
Prevx1 V2 2007.11.14 -
Rising 20.18.20.00 2007.11.14 -
Sophos 4.23.0 2007.11.14 -
Sunbelt 2.2.907.0 2007.11.14 -
Symantec 10 2007.11.14 -
TheHacker 6.2.9.128 2007.11.14 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.14 -
Webwasher-Gateway 6.0.1 2007.11.14 BlockReason.0

Additional information
File size: 118272 bytes
MD5: 297c9e9fc40f92bdadab3c54a642ac2e
SHA1: 0256ddcc8f54fcda31858c041a6db65d10c10cfa



And also scanned latest fasmw zip file:

Quote:

Antivirus Version Last Update Result
AhnLab-V3 2007.11.15.0 2007.11.14 -
AntiVir 7.6.0.34 2007.11.14 -
Authentium 4.93.8 2007.11.14 -
Avast 4.7.1074.0 2007.11.14 -
AVG 7.5.0.503 2007.11.14 -
BitDefender 7.2 2007.11.14 -
CAT-QuickHeal 9.00 2007.11.14 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.11.14 -
DrWeb 4.44.0.09170 2007.11.14 -
eSafe 7.0.15.0 2007.11.14 suspicious Trojan/Worm
eTrust-Vet 31.2.5294 2007.11.14 Win32/Cotmonger
Ewido 4.0 2007.11.14 -
FileAdvisor 1 2007.11.14 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.14 -
F-Secure 6.70.13030.0 2007.11.14 -
Ikarus T3.1.1.12 2007.11.14 -
Kaspersky 7.0.0.125 2007.11.14 -
McAfee 5163 2007.11.14 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2658 2007.11.14 -
Norman 5.80.02 2007.11.14 -
Panda 9.0.0.4 2007.11.14 Suspicious file
Prevx1 V2 2007.11.14 -
Rising 20.18.20.00 2007.11.14 -
Sophos 4.23.0 2007.11.14 -
Sunbelt 2.2.907.0 2007.11.14 -
Symantec 10 2007.11.14 -
TheHacker 6.2.9.128 2007.11.14 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.14 -
Webwasher-Gateway 6.0.1 2007.11.14 Win32.Malware.gen!94

Additional information
File size: 842943 bytes
MD5: e92e70249dec87fc39205937772e5a10
SHA1: 070463f1bc6e9b1fa6f74265c2479ca1e2f6afaa


As you see it's clean! But some AV's are crazy! Razz
Post 14 Nov 2007, 22:38
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY
I currently use Avira Antivir and it's good.
Do you think AVG is better?
Post 14 Nov 2007, 22:41
View user's profile Send private message Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: usa
coconut
nod32 displays threat found on latest fasmw zip file. after extracting and running scan, no threat detected. tomasz, what did you use to create the zip?
Post 16 Nov 2007, 04:03
View user's profile Send private message Reply with quote
rcmaniac25



Joined: 16 Nov 2007
Posts: 1
rcmaniac25
I got the same error and it won't go away. Since I couldn't get it to work I tried to recompile with the command line version and I got an error saying:
Quote:
flat assembler version 1.67.23 (1274057 kilobytes memory)
SOURCE\IDE\FASMW\FASMW.ASM [3181]:
icon main_icon,main_icon_data,'resource\fasmw.ico'
C:\fasmw16723\INCLUDE/macro/resouce.inc [109] icon [5]:
file icon_file:6,16
error: file not found.

Any Idea what might be wrong? I am just starting to learn assembler and to have the GUI version not work is causing me some difficulty.
Post 16 Nov 2007, 22:06
View user's profile Send private message Reply with quote
i-don



Joined: 18 Jul 2003
Posts: 66
i-don
I got the same AVG result too and have to delete it. Then I re-produce fasmw from the source using fasm. Yet, it is the same detection by AVG.

I've scan Fasmw ver 1.64 and has not found any virus threat like in current version. So, the thing has been generated from the source code itself.



Another thing in the current fasmw distribution, OPENGL example didn't perform clean exit. The demo look alike exiting, but it still in the process list. It then prevent the next OPENGL demo program execution to work until you terminate all of it's instances from the process list...


ps - pc spec: WinXP Home SP2, Intel C2D E2180 2GHz, 1Gb RAM.
Post 25 Nov 2007, 08:00
View user's profile Send private message Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
I didn't have that trouble I-Don, but i do know that certain people have trouble with certain OpenGL programs (their cards are crap and they thought that opengl was fine by testing any 3d program to see if it works).

I think now would be the time to bring up the curious topic of why avg and other AVs do that. I always make my sections readable and writable, for i really don't like making data section, for i believe it's kind of wasteful (though not by much). My guess is that AVs look for a part of a file that looks like an "entry" in it's "dictionary." If the program is careless and they just throw in any old value for the dictionary entry, then they're gonna have things like this. All in the mood of rushing.
Post 29 Nov 2007, 11:38
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.