Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: thinBundle - Great, but my Norton antivirus doesn't like it

  1. #1
    Member dcromley's Avatar
    Join Date
    Apr 2009
    Location
    Wyoming, USA
    Age
    86
    Posts
    80
    Rep Power
    23

    thinBundle - Great, but my Norton antivirus doesn't like it

    I've got this (fabulous) program I'm going to post here and also share with some non-TB people. thinBundle does a great job of making a clean executable -- stand-alone with no install. But for some reason, my Norton antivirus doesn't like it. For a local TB.exe, it deletes it, but I can restore it. For a TB.exe on the internet, it deletes it, so I have to turn Norton off for awhile.

    Has anybody else had this happen? A friend of mind didn't have a problem -- I think he has the AVG antivirus. I've posted a simple "Hello world" program at
    HTML Code:
    http://dbarc.net/helloworld.exe
    Last edited by dcromley; 17-11-2011 at 00:52. Reason: pagination

  2. #2
    Works fine here.

    (Ubuntu 11.10 64 bit under Wine)
    Attached Images Attached Images
    ScriptBasic Project Manager
    Project Site
    support@scriptbasic.org

  3. #3
    thinBasic author ErosOlmi's Avatar
    Join Date
    Sep 2004
    Location
    Milan - Italy
    Age
    57
    Posts
    8,777
    Rep Power
    10
    Here your application is working fine. I use "Microsoft Security Essential" and at work I have "Trend Office Scan Corporate edition"
    I've also used online virus scan at http://virscan.org/ to check your example and found anything, see attached PDF scan result

    It is (of course) a false positive and it can happen time to time because thinBundle uses techniques also possibly used in bad applications:
    • reduce executable size using EXE compression
    • memory execution on the fly of components (dlls)
    What to do?
    1. be sure your have you AV up to date to the latest version and av database signature
    2. please let me know exactly what Norton application you have (name and version) and what is the version of the database signature
    3. please let me know exactly what your AV indicates as virus: virus name and other details
    Than I will try to send this material to Symantec support area.
    I've already done this for other AV software companies and all of them were very responsible. For them having a false positive is a bad situation for their credibility.

    Ciao
    Eros
    www.thinbasic.com | www.thinbasic.com/community/ | help.thinbasic.com
    Windows 10 Pro for Workstations 64bit - 32 GB - Intel(R) Xeon(R) W-10855M CPU @ 2.80GHz - NVIDIA Quadro RTX 3000

  4. #4
    Super Moderator Petr Schreiber's Avatar
    Join Date
    Aug 2005
    Location
    Brno - Czech Republic
    Posts
    7,128
    Rep Power
    732
    Tested with ESET NOD32 and no problem found.

    In the past, I had a problem with NOD32 and Oxygen, but I wrote them about the issue, sent a link to Charles website and they removed the false positive in next update.


    Petr
    Learn 3D graphics with ThinBASIC, learn TBGL!
    Windows 10 64bit - Intel Core i5-3350P @ 3.1GHz - 16 GB RAM - NVIDIA GeForce GTX 1050 Ti 4GB

  5. #5
    Member dcromley's Avatar
    Join Date
    Apr 2009
    Location
    Wyoming, USA
    Age
    86
    Posts
    80
    Rep Power
    23
    (You guys are SO responsive!)
    I have an up-to-date NIS (Norton Internet Security) 18.6.0.29
    On your VirSCAN.pdf I see Symantec 1.3.0.24.

    I've attached related screenshots (4-in-1)
    top: Windows XP Media Center Edition 2004
    http://dbarc.net/helloworld.exe
    1) NIS info (NIS 18.6.0.29)
    2) Download info (helloworld.exe)
    3) First NIS message (threat found)
    4) Detail NIS info showing "threat removed"

    So it's not detecting a virus, just few users?

    By turning NIS off, things work fine.

    I'll be glad to do any further testing.  Thanks, Dave
    Attached Images Attached Images

  6. #6
    thinBasic author ErosOlmi's Avatar
    Join Date
    Sep 2004
    Location
    Milan - Italy
    Age
    57
    Posts
    8,777
    Rep Power
    10
    Symantec report this thread as the following: http://www.symantec.com/security_res...051308-1854-99
    So it is not a virus but a series of reports got from Symantec cloud system interacting with Symantec users.

    Can you please make the following try:
    1. rename your "helloworld.tBasic" in something else like "MyFirstTBApp.tBasic" and bundle it again to see if something change?
      I have the suspect in this case of threat the name matters.
    2. do the rename as in point 1 but create your executable again using thinBasic beta version you can download from http://www.thinbasic.biz/projects/th...ic_1.9.0.0.zip

    If nothing will change, I will use Symantec while listing at https://submit.symantec.com/whitelist/isv/
    or false positive web form at https://submit.symantec.com/false_positive/

    Ciao
    Eros
    www.thinbasic.com | www.thinbasic.com/community/ | help.thinbasic.com
    Windows 10 Pro for Workstations 64bit - 32 GB - Intel(R) Xeon(R) W-10855M CPU @ 2.80GHz - NVIDIA Quadro RTX 3000

  7. #7
    thinBasic MVPs
    Join Date
    May 2007
    Location
    UK
    Posts
    1,427
    Rep Power
    159
    You could try unpacking the bundle

    http://upx.sourceforge.net/download/upx307d.zip

    I make a bat file and drop the upx.exe and bat in the root of the thinbasic folder, it will make the file bigger but not by much. It helps with virus scanning because they don't have to unpack the file to scan it.


    bat file :

    upx -d -q *.*
    upx -d -q lib\*.*
    
    regards

    Mike C.
    Home Desktop : Windows 7 - Intel Pentium (D) - 3.0 Ghz - 2GB - Geforce 6800GS
    Home Laptop : WinXP Pro SP3 - Intel Centrino Duo - 1.73 Ghz - 2 GB - Intel GMA 950
    Home Laptop : Windows 10 - Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 2401 Mhz, 2 Core(s), 4 Logical Processor(s) - 4 GB - Intel HD 4400
    Work Desktop : Windows 10 - Intel I7 - 4 Ghz - 8GB - Quadro Fx 370

  8. #8
    Member dcromley's Avatar
    Join Date
    Apr 2009
    Location
    Wyoming, USA
    Age
    86
    Posts
    80
    Rep Power
    23
    Eros,
    OK, I made 2 executables:

    1) MyFirstTBAppA.tBasic under my 1.8.9.0
    Posted at dbarc.net/MyFirstTBAppA.exe (case sensitive)
    Uses "Console"
    printl "Hello world A"
    printl "(Under thinBasic 1.8.9.0)"
    waitkey

    2) MyFirstTBAppB.tBasic under Beta 1.9.0.0
    Posted at dbarc.net/MyFirstTBAppB.exe
    Uses "Console"
    printl "Hello world B"
    printl "(Under thinBasic 1.9.0.0)"
    waitkey

    Both times, I did the "bundling" in an otherwise empty directory.

    The results are the same in all cases. The same screenshots apply.

    My career was with IBM mainframes -- it's no more fun chasing this
    kind of stuff now than it was back then. Regards, Dave
    Last edited by dcromley; 18-11-2011 at 18:34. Reason: chage "as" to "than"

  9. #9
    Member dcromley's Avatar
    Join Date
    Apr 2009
    Location
    Wyoming, USA
    Age
    86
    Posts
    80
    Rep Power
    23
    Michael,

    I downloaded upx -- it looks like a good packer/unpacker.

    Please be more specific about "I make [what] bat file" and "it will
    make [what] file bigger". For this business, I wasn't doing any packing/
    /unpacking (except maybe thinBundle was without my knowledge).

    Showing my age, I am quite satisfied with Yoshi's LHA:
    http://en.wikipedia.org/wiki/LHA_(file_format)

    If it were more common, I would use it. I have no need for
    "smaller and faster"

    Regards, Dave

  10. #10
    thinBasic MVPs
    Join Date
    May 2007
    Location
    UK
    Posts
    1,427
    Rep Power
    159
    Thinbasic library's are packed using UPX and so is the thinBundle.

    What you call the bat file is up to you it won't change what it does, it will make any file that is UPX packed unpack.
    Home Desktop : Windows 7 - Intel Pentium (D) - 3.0 Ghz - 2GB - Geforce 6800GS
    Home Laptop : WinXP Pro SP3 - Intel Centrino Duo - 1.73 Ghz - 2 GB - Intel GMA 950
    Home Laptop : Windows 10 - Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 2401 Mhz, 2 Core(s), 4 Logical Processor(s) - 4 GB - Intel HD 4400
    Work Desktop : Windows 10 - Intel I7 - 4 Ghz - 8GB - Quadro Fx 370

Page 1 of 2 12 LastLast

Similar Threads

  1. The Great Windows 7
    By danbaron in forum Shout Box Area
    Replies: 2
    Last Post: 24-09-2011, 16:57
  2. Great song - Heavy Metal
    By kryton9 in forum Shout Box Area
    Replies: 17
    Last Post: 02-09-2010, 03:21
  3. thinBundle: here it is
    By ErosOlmi in forum thinBundle
    Replies: 2
    Last Post: 21-02-2007, 01:40
  4. thinBundle !?!?
    By ErosOlmi in forum thinBundle
    Replies: 3
    Last Post: 11-02-2007, 12:35
  5. Great stuff!
    By catventure in forum thinBasic General
    Replies: 8
    Last Post: 04-11-2005, 13:28

Members who have read this thread: 0

There are no members to list at the moment.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •