flat assembler
Message board for the users of flat assembler.
Index
> Windows > AVG antivirus reports fasmw.exe as a virus Goto page 1, 2 Next |
Author |
|
LocoDelAssembly 07 Nov 2007, 23:29
http://board.flatassembler.net/topic.php?t=7302
http://board.flatassembler.net/topic.php?t=7310 Sad to know this issue remains unsolved |
|||
07 Nov 2007, 23:29 |
|
vid 07 Nov 2007, 23:47
We should tell MazeGen to let AVG developers know next time he will be drinking beer with them
but seriosly, did some (preferably with legal copy of AVG) report this? |
|||
07 Nov 2007, 23:47 |
|
MattBro 08 Nov 2007, 00:20
vid wrote: We should tell MazeGen to let AVG developers know next time he will be drinking beer with them I paid for my copy so I can do this if so desired. I just wanted to make sure it was a false alarm. One funny thing is that for a while it was declaring all my linux object files on a fat32 drive I share as viruses. I guess anything compiled with gcc on linux is a virus . Maybe Bill Gates told them that. _________________ -- ------------------------------------------------------- "I am the Way and the Truth and the Light, no one comes to the Father except through me" - Jesus --------------------------------------------------------- |
|||
08 Nov 2007, 00:20 |
|
MHajduk 08 Nov 2007, 08:36
MattBro wrote: With a recent update to the avg anti-virus database, it is now reporting fasmw.exe as a virus. |
|||
08 Nov 2007, 08:36 |
|
ManOfSteel 09 Nov 2007, 12:02
That's weird. It used to happen a few months ago, but the problem was solved in days.
I have the latest version of fasm and the latest AVG AV database updates and both the IDE and the command line versions of fasm are working fine. What version of AVG are you using? |
|||
09 Nov 2007, 12:02 |
|
MHajduk 09 Nov 2007, 12:27
ManOfSteel wrote: What version of AVG are you using?
|
||||||||||
09 Nov 2007, 12:27 |
|
BiMode 10 Nov 2007, 15:32
Some executable files produced by Fasm can be false alarm for NOD as well...
|
|||
10 Nov 2007, 15:32 |
|
vid 10 Nov 2007, 15:38
BiMode: got example? maybe we can find out reason, some unstandard PE header value or something like that.
|
|||
10 Nov 2007, 15:38 |
|
ManOfSteel 10 Nov 2007, 18:54
@MHajduk:
That is definitely weird. I have the exact same version of AVG (even build version) as you. The last time I posted, I had a 1 day old AV database. I updated it today and there is still no problem with fasmw. Even when I scan it manually, I get a "no threats found" message. Are you 100% sure it wasn't infected somehow? Try re-extracting the binary or assembling from source. I am using the latest fasm (1.67.23), BTW. |
|||
10 Nov 2007, 18:54 |
|
Tomasz Grysztar 10 Nov 2007, 19:33
Maybe it was the .flat section (which was both executable and writeable) that got their attention? I splitted it into separate code and data sections now, please try if it helps something.
|
|||
10 Nov 2007, 19:33 |
|
BiMode 11 Nov 2007, 14:13
Tomasz Grysztar wrote: Maybe it was the .flat section (which was both executable and writeable) I thought so, and especially when I turned the "Potentially unwanted applications" on (their advance scan option). vid wrote: BiMode: got example? maybe we can find out reason, some unstandard PE header value or something like that. Its been 3 months since I deleted the test sorry (can't recall it). But Tomasz's modification sould solves the problem well I think... |
|||
11 Nov 2007, 14:13 |
|
MHajduk 11 Nov 2007, 19:01
ManOfSteel, I have done exactly what you said: I have unpacked executable 'FASMW.EXE' from archive and scanned with the newest version of AVG Free. Now it seems that problem has gone. However, demon of the "FASM virus" is still roving around the world.
|
|||
11 Nov 2007, 19:01 |
|
Hayden 14 Nov 2007, 10:00
My FASMW.EXE just got moved to the vault recently too. lol
_________________ New User.. Hayden McKay. |
|||
14 Nov 2007, 10:00 |
|
OzzY 14 Nov 2007, 22:38
I scanned latest fasmw.exe with lots of AV engines:
Quote:
And also scanned latest fasmw zip file: Quote:
As you see it's clean! But some AV's are crazy! |
|||
14 Nov 2007, 22:38 |
|
OzzY 14 Nov 2007, 22:41
I currently use Avira Antivir and it's good.
Do you think AVG is better? |
|||
14 Nov 2007, 22:41 |
|
coconut 16 Nov 2007, 04:03
nod32 displays threat found on latest fasmw zip file. after extracting and running scan, no threat detected. tomasz, what did you use to create the zip?
|
|||
16 Nov 2007, 04:03 |
|
rcmaniac25 16 Nov 2007, 22:06
I got the same error and it won't go away. Since I couldn't get it to work I tried to recompile with the command line version and I got an error saying:
Quote: flat assembler version 1.67.23 (1274057 kilobytes memory) Any Idea what might be wrong? I am just starting to learn assembler and to have the GUI version not work is causing me some difficulty. |
|||
16 Nov 2007, 22:06 |
|
i-don 25 Nov 2007, 08:00
I got the same AVG result too and have to delete it. Then I re-produce fasmw from the source using fasm. Yet, it is the same detection by AVG.
I've scan Fasmw ver 1.64 and has not found any virus threat like in current version. So, the thing has been generated from the source code itself. Another thing in the current fasmw distribution, OPENGL example didn't perform clean exit. The demo look alike exiting, but it still in the process list. It then prevent the next OPENGL demo program execution to work until you terminate all of it's instances from the process list... ps - pc spec: WinXP Home SP2, Intel C2D E2180 2GHz, 1Gb RAM. |
|||
25 Nov 2007, 08:00 |
|
kohlrak 29 Nov 2007, 11:38
I didn't have that trouble I-Don, but i do know that certain people have trouble with certain OpenGL programs (their cards are crap and they thought that opengl was fine by testing any 3d program to see if it works).
I think now would be the time to bring up the curious topic of why avg and other AVs do that. I always make my sections readable and writable, for i really don't like making data section, for i believe it's kind of wasteful (though not by much). My guess is that AVs look for a part of a file that looks like an "entry" in it's "dictionary." If the program is careless and they just throw in any old value for the dictionary entry, then they're gonna have things like this. All in the mood of rushing. |
|||
29 Nov 2007, 11:38 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.