Hi all,
this topic only to inform that installing MASM/WINASM I've been notified for a couple of file infected:
PROCMAP.exe
ENUMWIN.exe
...
I've removed installation, turn off AVAST antivirus, installed all.
Next step to AVAST site for online check. File result still infected (Win32:Trojan-gen {Other}).
Next to Kaspersky site. Result was CLEAN.
Last on Jotti's herebelow the summary
Scan taken on 22 Oct 2008 20:47:11 (GMT)
A-Squared Found Trojan.Crypt.XPACK!IK
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found Trojan.Crypt.XPACK
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
I hope to be a false positive. :bg
Last action excluded MASM & WINASM directory by AVAST scan.
Ciao
Valentino
Thanks for the feedback, the source is available for ENUMWIN in the masm32 sdk and PROCMAP is a very simple application written in a basic compiler with no source code problems either. Sad to say not all AV products are created equal and with the number of false positives from the junky ones, its risky to use stuff that takes shortcuts like this as they may miss serious probklems and leave your machine infected.
Anything that reports GEN or DROPPER or similar has defective heuristic scanning that cannot deal with either very small files or installations that write SFX applications to disk during the installation. If you must use AV stuff, use the classy reliale products but if you are experienced enough setting up computers you can firewall the box so nothing gets in that you don't want and you NEVER download or install anything that you don't know its full contents. Also keep a backup with a disk imaging program like Norton Ghost or Acronis of your most current setup as this cannot be beaten by any virus/trojan.
The second option frees your machine from the risks of both virus writers and AV vendors, in some cases being the same.
Thanks Hutch for your suggestion.
I've a router with hardware firewall (I've disinstalled zonealarm, I don't like so much) and Acronis Image.
Just a question, can you give a name for a freeware AV usefull for MASM?
Tks a lot
Valentino
Valentino,
Mke sure your hardware firewall is set up and running, it even defeats holes in the operating system. I personally use a freeware firewall called Ghostwall as it can be set up to do what I want on top of a hardware version. Remove any automatic AV scanning as it slows your machine down while it scanns everything that runs. If you must keep AV scanners, make sure they only run when you want them to manually. Same with Spyware detection.
Try and get an email scanner that checks what has arrived on the email server before you download it, you then just scan the list and if its spam, not for you or has an attachment that you don't know what it is, delete it without it ever being downloaded onto your machine. Remove any services you don't need, if you are not runing your box as an FTP server, disable it and anything else like it as this reduces the surface area that you can be attacked through.
If you set your machine up like this so you are fully in control of it AND you exercise the appropriate discipline in what you download onto your machine, you are free of the virus merry go round where virus writers and AV vendors compete with each other on your machine.
When you make the Acronis backup, make sure its a clean installation that has what you want on it and archive it at least on another partition so that if something happens, you can restore your machine in about 5 minutes, not days and endless hassles.
An update on Avast...
I did a download of MASM32 on 28th Nov with the 'Win32: Trojan-gen {Other}' issue.
Today I downloaded MASM32 (and installed) with Avast running (no exclusions) without any problems.
Seems like they've fixed the problem.
Virus database is VPS 081227-0
Cheers...
Thanks for the info, note that the masm32 version 10 SDK has not changed and it still has all of its original files so it appears they have fixed something to avoid the false positives from the earlier version.