flat assembler
Message board for the users of flat assembler.
Index
> Windows > Just AVG again (I hope!) Goto page 1, 2 Next |
Author |
|
revolution 29 Nov 2008, 13:48
I suggest you send your file to virustotal.com. This will run 37 vrius scanner engines over it. If you see a lot of red indicators then it is time delete the file and download a new copy. Although it is quite common for just a few of the scanners to show hits even for perfectly safe files so don't be too alarmed if you get just a few hits.
|
|||
29 Nov 2008, 13:48 |
|
kas 29 Nov 2008, 13:51
Ok... I will. Thanks,
Kas |
|||
29 Nov 2008, 13:51 |
|
kas 29 Nov 2008, 14:06
Well I did as you suggested revolution... and I got a quite a few red checks coming up. So I then downloaded the latest fasmw zip and sent that to the virustotal website too. The report (minus about twenty passes) was as follows... seems scary to a non-virus expert like myself!
Antivirus Version Last Update Result AntiVir 7.9.0.36 2008.11.28 TR/Crypt.XPACK.Gen AVG 8.0.0.199 2008.11.29 Generic12.QUJ CAT-QuickHeal 10.00 2008.11.29 Win32.TrojanDownloader.Small.gen!B.1 eSafe 7.0.17.0 2008.11.27 Suspicious File Ikarus T3.1.1.45.0 2008.11.29 Virus.Win32.JunkPoly Norman 5.80.02 2008.11.28 W32/Smalltroj.IEOU SecureWeb-Gateway 6.7.6 2008.11.28 Trojan.Crypt.XPACK.Gen Sophos 4.36.0 2008.11.29 Sus/UnkPacker TrendMicro 8.700.0.1004 2008.11.28 PAK_Generic.001 What do you think? Is it just because I'm using an infected machine or is the download infected? Kas. |
|||
29 Nov 2008, 14:06 |
|
revolution 29 Nov 2008, 14:12
This is pretty normal, unfortunately. These virus programs tend to be quite conservative.
Here is my result from my machine. So I wouldn't worry about what you see. |
|||
29 Nov 2008, 14:12 |
|
kas 29 Nov 2008, 14:22
What a pain... guess I just have to configure AVG to ignore fasm somehow... hopefully there'll be a whitelist somewhere.
Anyway, thanks again for the feedback revolution, Kas. |
|||
29 Nov 2008, 14:22 |
|
revolution 29 Nov 2008, 14:25
You're welcome, you owe me a drink when I am in the UK this coming January. Don't worry, I'm just kidding, no drinks required.
|
|||
29 Nov 2008, 14:25 |
|
kas 29 Nov 2008, 14:33
Is that mineral water?
Kas. |
|||
29 Nov 2008, 14:33 |
|
revolution 29 Nov 2008, 14:39
Only if it comes from here.
|
|||
29 Nov 2008, 14:39 |
|
kas 29 Nov 2008, 14:48
God... some people! At $40-60 a 750ml bottle... I think it better be some bloody awesome glass of water!
|
|||
29 Nov 2008, 14:48 |
|
revolution 29 Nov 2008, 14:50
kas wrote: God... |
|||
29 Nov 2008, 14:50 |
|
dacid 29 Nov 2008, 15:01
all the antivirus (from evolution`s link) that gives suspicius results are pure shit...
I suggest you to use one of this: DrWeb, F-prot, F-Secure, Kaspersky, McAfee, Nod32, Panda. |
|||
29 Nov 2008, 15:01 |
|
Picnic 29 Nov 2008, 23:14
kas wrote: Both versions of fasmw167.zip and in particular the Minipad example exe. Hi kas, Same results may occur if you upload and test other assemblers too in virustotal.com I check -quite some time ago- TASM 5.0 and MASM32 version 7, and output virus found results. |
|||
29 Nov 2008, 23:14 |
|
kas 30 Nov 2008, 04:29
Hi,
dacid - I'll check out your recommendations. One never knows how good or bad these virus checkers are at their job - even if they ignore FASM thimis - I suppose when I think about it - it makes sense - as all assemblers are designed to manipulate opcodes and addresses - and virus checkers are on the lookout for programs that... manipulate opcodes and addresses. However, the problem they have with minipad.exe does seem surprising. Thanks for both your replies, Kas. |
|||
30 Nov 2008, 04:29 |
|
OldTabby 13 Dec 2008, 22:51
It's been a while but this false positive file infection was reported to me today- AGAIN
I'm not a programmer, I manage the content for a download listing site & I have researched more false positive virus/trojan/malware/spyware reports than I can count. In over 10 years only two reports were valid threats & in both cases the author's server had been hacked. I'm used to seeing a FASM report, it only takes a few minutes to be sure it's a false positive. Generic12.QUJ - the word 'Generic' is an immediate giveaway to me but I did a search anyway - it doesn't exist in AVG's database & Google has never heard of it! Chances of it being a brand new threat? About 1 in a million The reason I'm here is that I wanted to update my listing for Flat Assembler (I've now quoted & linked to your FAQs, hopefully that might help a little) & thought I'd also check the forum comments on false positives. You guys are obviously plagued with FP's & do your best to find what causes them & fix it so I was surprised to see kas's comment: Quote:
I assumed that programmers would understand how anti virus/trojan/malware programs work. I also assumed you would know that the AV producers don't give a damn how many FPs their programs throw out, the more the merrier usually, & getting them to fix one has been known to require a court case! FPs help to convince the vast array of inexperienced users that the program is doing its job & ensures they will open their wallets to buy whatever useless bloated 'upgrades' are offered:!: kas these programs look for code that might do something bad, then they try to match it to a known threat, then they warn you. Look very carefully at the name of the threat then do a Google search AND an AVG (or whatever AV program you use) virus database search for it. The results will tell you what to do next I've used the free version of AVG for years, up to version 7.5 it was great. V. 8 is more than double the size but not doubly as good. I believe that there is now a better line-of-defense program & I personally recommend Malwarebytes' Anti-Malware (the free version of course!) Anti-Malware is proving to be better at identifying & removing the *real* threats & it reported ALL of the files in the Fast Assembler download as CLEAN. Hope you find some of this info useful. _________________ FreewareHome: we search for true freeware so you don't have to |
|||
13 Dec 2008, 22:51 |
|
kas 13 Dec 2008, 23:14
Hi OldTabby,
Very interesting. After quite a bit of searching through the forum on what code gets marked as infected and what not - I've come to the conclusion that my estimation of virus checkers in general was way way too high. I just assumed that any kind of professional virus checker would after an initial search of a binary file - check anything found as suspicious for some sort of tell-tail algorithm or behaviour... i.e. not just the crass approach looking for/matching "bad numbers"... then hey presto here's your scan results and you've DEFINATELY infected! Oh well I'm amazed once more about what utterly crap code gets written by mainstream programmers. Thanks for the reply and all the info OldTabby, appreciated. Kas. |
|||
13 Dec 2008, 23:14 |
|
revolution 14 Dec 2008, 01:15
OldTabby wrote: I believe that there is now a better line-of-defense program & I personally recommend Malwarebytes' Anti-Malware (the free version of course!) Anti-Malware is proving to be better at identifying & removing the *real* threats & it reported ALL of the files in the Fast Assembler download as CLEAN. This is not to say that the above AV is bad, just that it is less conservative. Some users may prefer that. Each to their own I guess. I never use any AV so I don't really care about what they report, I can look at the code in my disassembler and decide for myself. But I would not expect that the average user is capable of that so I don't recommend everyone do that. |
|||
14 Dec 2008, 01:15 |
|
OldTabby 15 Dec 2008, 09:47
My apologies revolution I didn't make myself clear - Anti-Malware is NOT an anti virus program. If you don't use an AV then it's a useful program to have around if you want to check a file or folder quickly. If you do use an AV use Anti-Malware as a backup/second opinion.
I use AVG, it's never let me down & actually rarely reports a false positive. It told me the Minipad FASM file was infected so I ran an Anti-Malware check - it said it was clean, which we know it is! I still did Google & AVG database searches just to be sure _________________ FreewareHome: we search for true freeware so you don't have to |
|||
15 Dec 2008, 09:47 |
|
revolution 15 Dec 2008, 10:05
I like to use virustotal to check anything quickly.
Last edited by revolution on 15 Dec 2008, 10:39; edited 1 time in total |
|||
15 Dec 2008, 10:05 |
|
OldTabby 15 Dec 2008, 10:26
I think you'd better fix the spelling in the actual link revolution "virsutotal.com" goes to a Sedo parking search engine site
The link you posted earlier in this thread is fine. |
|||
15 Dec 2008, 10:26 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.