Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Virus Checks for Oxygen Please :)

  1. #1

    Virus Checks for Oxygen Please :)


    I have made some important changes to the BASIC prolog and use of PE sections. To a virus checker the executables will look very different, so I wonder if those of you who have had false positives from Avira or Nod32 antivirus sofware would be so kind as to check the files zipped below and see whether the alarm bells still sound.


    Charles

    PS: Not necessary for checking but if you want to run these files, you will need the new Oxygen for compatibility.
    http://community.thinbasic.com/index.php?topic=2517
    Attached Files Attached Files

  2. #2

    Re: Virus Checks for Oxygen Please :)

    You might want to submit them to VirusTotal who will scan them with a collection of all of the major AV engines out there and give you a detailed report of who gives you a pass, and who has any issues. It's free, and the only limitation is that they won't accept a file that's >20MB.

  3. #3

    Re: Virus Checks for Oxygen Please :)


    Many thanks Mike,

    I had no idea there were so many virus checkers out there!

    Out of the 41 virus checkers I only got one false positive. This was from AntiVir who thought that my PortViewer and HelloWin1 programs contained a Trojan called TR/Crypt.XPACK.GEN

    Charles


  4. #4
    thinBasic author ErosOlmi's Avatar
    Join Date
    Sep 2004
    Location
    Milan - Italy
    Age
    57
    Posts
    8,777
    Rep Power
    10

    Re: Virus Checks for Oxygen Please :)

    Charles,

    do not let them pass this.
    Send a mail to AntiVir support.

    Ciao
    Eros

    www.thinbasic.com | www.thinbasic.com/community/ | help.thinbasic.com
    Windows 10 Pro for Workstations 64bit - 32 GB - Intel(R) Xeon(R) W-10855M CPU @ 2.80GHz - NVIDIA Quadro RTX 3000

  5. #5
    Super Moderator Petr Schreiber's Avatar
    Join Date
    Aug 2005
    Location
    Brno - Czech Republic
    Posts
    7,128
    Rep Power
    732

    Re: Virus Checks for Oxygen Please :)

    Hi Charles,

    I tried Nod32 4, and no problems reported. Good news is that I got new notebook with 64bit Windows 7, so I could run your test64bit.exe.

    The odd thing is that the rest of programs did not do anything when I clicked on them.

    The test64bit.tBasic script, in the examples of latest Oxygen download, does complain about unidentified symbol.


    Petr
    Learn 3D graphics with ThinBASIC, learn TBGL!
    Windows 10 64bit - Intel Core i5-3350P @ 3.1GHz - 16 GB RAM - NVIDIA GeForce GTX 1050 Ti 4GB

  6. #6

    Re: Virus Checks for Oxygen Please :)

    Thanks Petr,
    If the offending symbol in the 64bit script may be proc_address_list, It should now be import_address_table.
    Also The ExitProcess params are not correct though it still works, (and has no dependency on Oxygen).


    The other progs may not be able to find thinBasic_Oxygen. Have you hidden it in an unusual place

    Eros,
    I will carry out a few more tweaks before reporting to any of these antivirus producers.


    I went on to submit thinBasic_Oxygen.dll and got 1 false positive:

    McAfee-GW-Edition 2010.1 2010.06.18 Heuristic.BehavesLike.Win32.Dropper.H

    I then submitted thinCore.dll and got one false positive as well:

    Comodo 5143 2010.06.18 Heur.Packed.Unknown

    Charles


  7. #7
    thinBasic author ErosOlmi's Avatar
    Join Date
    Sep 2004
    Location
    Milan - Italy
    Age
    57
    Posts
    8,777
    Rep Power
    10

    Re: Virus Checks for Oxygen Please :)

    On Comodo: Heur.Packed.Unknown
    heuristic packed unknown equals "I do not know what it is, it is packed, so it must be a virus"
    I will write to them, be sure!

    On AntiVir:
    http://www.avira.com/en/threats/sect...xpack.gen.html
    From that page: "In order to aggravate detection and reduce size of the file it is packed with a runtime packer"
    Again: "I do not know what it is, it is packed, so it must be a virus"


    If I would apply the same logic in my job I would loose it right now.
    AV companies have chosen a job where high precision MUST be the logic. They cannot just simply mark virus what they do not know using the "heuristic" umbrella. They have to go deeper.

    www.thinbasic.com | www.thinbasic.com/community/ | help.thinbasic.com
    Windows 10 Pro for Workstations 64bit - 32 GB - Intel(R) Xeon(R) W-10855M CPU @ 2.80GHz - NVIDIA Quadro RTX 3000

  8. #8

    Re: Virus Checks for Oxygen Please :)

    Avira is simply crazy when see packed or compressed files even if is compressed in memory
    ,but dont respond on binary files which are binded to exe-thats good...

  9. #9
    thinBasic MVPs kryton9's Avatar
    Join Date
    Nov 2006
    Location
    Naples, Florida & Duluth, Georgia
    Age
    67
    Posts
    3,869
    Rep Power
    404

    Re: Virus Checks for Oxygen Please :)

    Quote Originally Posted by Mike Stefanik
    You might want to submit them to VirusTotal who will scan them with a collection of all of the major AV engines out there and give you a detailed report of who gives you a pass, and who has any issues. It's free, and the only limitation is that they won't accept a file that's >20MB.
    Thanks Mike that is a cool site and perfect for this sort of stuff!
    Acer Notebook: Win 10 Home 64 Bit, Core i7-4702MQ @ 2.2Ghz, 12 GB RAM, nVidia GTX 760M and Intel HD 4600
    Raspberry Pi 3: Raspbian OS use for Home Samba Server and Test HTTP Server

  10. #10
    thinBasic author ErosOlmi's Avatar
    Join Date
    Sep 2004
    Location
    Milan - Italy
    Age
    57
    Posts
    8,777
    Rep Power
    10

    Re: Virus Checks for Oxygen Please :)

    Quote Originally Posted by Eros Olmi
    I will write to them, be sure!
    I've submitted an incident to Comodo support center (Ticket ID: NDY-541351).
    I'm Comodo customer so I have access to their Support Center

    Will see.
    Eros
    www.thinbasic.com | www.thinbasic.com/community/ | help.thinbasic.com
    Windows 10 Pro for Workstations 64bit - 32 GB - Intel(R) Xeon(R) W-10855M CPU @ 2.80GHz - NVIDIA Quadro RTX 3000

Page 1 of 2 12 LastLast

Members who have read this thread: 0

There are no members to list at the moment.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •