flat assembler
Message board for the users of flat assembler.

Index > Main > Does is really Trojans

Author
Thread Post new topic Reply to topic
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Avira AntiVir Personal
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]

Version information:
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 12:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 15:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21.03.2008 21:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25.03.2008 10:27:50
...

Starting the file scan:
Begin scan in 'C:\A\WinSxS\services\Documents\Fasm\examples'
C:\A\WinSxS\services\Documents\Fasm\examples\ddraw\ddraw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

What is this?

my fasm is 1.67.26 for win

_________________
Memory=8388608
Post 13 May 2008, 18:52
View user's profile Send private message ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
First check that your copy of ddraw.exe has not been altered. If you find it is still the original ddraw.exe included in the zip then change to a different anti-virus program that doesn't give false reports.
Post 13 May 2008, 19:00
View user's profile Send private message Visit poster's website Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
http://www.virustotal.com/ru/analisis/93c339b90c464c78012bc1faf6eaa112

F-Secure - - Suspicious:W32/Malware!Gemini

But AntiVir this quiet! Very Happy
Post 13 May 2008, 19:07
View user's profile Send private message ICQ Number Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Post 13 May 2008, 19:13
View user's profile Send private message ICQ Number Reply with quote
SomeoneNew



Joined: 12 Aug 2006
Posts: 54
SomeoneNew
It appears as if heuristics are catching false results here, it happens to me a lot when I'm writing stuff that includes injecting to another process or similar (specially if I call functions such as CreateRemoteThread() in win32 which almost always gives me a red flag while compiling (it's annoying, actually - I setup my dev dir to the scan ignore list and it still scans it from the running processes or memory...)

And all this due to some jackass using similar code patterns to fulfill their malware dreams... I would literally kill them with their own keyboard if I could.

_________________
Im new, sorry if I bothered with any stupid question Smile
Post 17 May 2008, 16:40
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.