News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

virus in GeneSys.ZIP

Started by RuiLoureiro, August 13, 2008, 02:53:40 PM

Previous topic - Next topic

RuiLoureiro

Quote from: PBrennick on August 14, 2008, 08:56:43 PM
Rui,

Please be aware that the editor in that package is not the newest ones and has some problems with console builds.

I have decided to do the major release instead of the patch.

Hi Paul and Vortex,
                                 i wait for that new release.
Rui

DASAz

Quote from: Vortex on August 13, 2008, 05:19:12 PM
RuiLoureiro ,

As Ghirai said, it's a false positive. Some codes can trigger the heuristics analysis.

A powerful and free antivirus : Avira AntiVir Personal



no, one day i write a silly fasm app and this AV detect it as a virus

Vortex

Hi DASAz,

Welcome to the forum.

False positive is a serious problem. Unfortunately, this can happen with very modest asm code too.

Farabi

Just to make sure it was really a virus I upload some tools to see every running executable. All of the tools is free for commercial or non-comercial use. It wasnot me who developed it.

How to use.
1. Check every executable that have an icon of non-executable files. For example if you find an .doc icon or .jpg icon and it was an executable file, it was a virus.
2. If you sure it was a virus, check out the executable address.
3. Terminate all the virus process. Make sure you terminate it all.
4. Delete the file.

If this information break the rules please forgive me because I dont think it will break the MASM forum rules.

[attachment deleted by admin]
Those who had universe knowledges can control the world by a micro processor.
http://www.wix.com/farabio/firstpage

"Etos siperi elegi"

Farabi

Here is the second tool. It will repair your registry setting just in case the virus intercept explorer.exe.

[attachment deleted by admin]
Those who had universe knowledges can control the world by a micro processor.
http://www.wix.com/farabio/firstpage

"Etos siperi elegi"

Vortex

Hi Onan,

Thanks for the CurrProcess utility. It's a nice tool by Nir Sofer.

I googled the word "komputeron.exe" ( the second tool you attached ) and I found this link below :

http://komputeron.livejournal.com/907.html

Is this the right link associated with the komputeron tool?

Farabi

Quote from: Vortex on October 30, 2008, 06:17:50 PM
Hi Onan,

Thanks for the CurrProcess utility. It's a nice tool by Nir Sofer.

I googled the word "komputeron.exe" ( the second tool you attached ) and I found this link below :

http://komputeron.livejournal.com/907.html

Is this the right link associated with the komputeron tool?

Yes, I found it there. It was indonesian software.
Those who had universe knowledges can control the world by a micro processor.
http://www.wix.com/farabio/firstpage

"Etos siperi elegi"

Vortex


Arhk

Quote from: Vortex on August 13, 2008, 05:19:12 PM
RuiLoureiro ,

As Ghirai said, it's a false positive. Some codes can trigger the heuristics analysis.

A powerful and free antivirus : Avira AntiVir Personal


? Avira always gives me a bunch of false positives
~ part of why I started using AVG
~AVG was saying it's a Trojan

PBrennick

Arhk,
I can assure you that there are no visus' in the Genesys package. However, a zip file 'can' become corrupted which really has nothing to do with GeneSys. If you are certain you are having a problem with the zip, delete it and re-download it. Chances are, though, it is just a false positive which is a real problem with some of these 'free' virus testers.

I wish I had a virus that would polish my shoes.  :(

The above is a joke about how crazy these false positives can make a man. If we do not laugh about it, we would cry. As I have said before, how on earth can someone distribute their software if they constantly have to struggle with that?

Paul
The GeneSys Project is available from:
The Repository or My crappy website

Arhk

I was always curious about how are you really suppose to distinguish malware from cleanware when components of many programs could be using components that would other wise be listed as malware if it were not whitelisted.

~ Wasn't saying he was putting out malware just said AVG detected it as such.
~ antimalware protection is indeed flawed.
~ scanners are becoming more & more paranoid if you ask me especially with these zero day scanners since they're looking for a even more less than perfect signature match to get suspicious about the supposed culprit.

Vortex

Hi Arhk,

It's easy. You can monitor the actions of an application with a registry scanner. If the applications drops EXEs and \ or DLLs under the windows folder and creates suspicious enties in the registry then probably you can think that the application is a kind of malware. This scenario can be more complicated but malwares exhibit typical signs when they hit your system and this why you should do your testings under a restricted user account. Utilities like Sandboxie are very useful to create isoled environments to test applications.

Arhk

Quote from: Vortex on February 15, 2009, 10:09:57 AM
Hi Arhk,

It's easy. You can monitor the actions of an application with a registry scanner. If the applications drops EXEs and \ or DLLs under the windows folder and creates suspicious enties in the registry then probably you can think that the application is a kind of malware. This scenario can be more complicated but malwares exhibit typical signs when they hit your system and this why you should do your testings under a restricted user account. Utilities like Sandboxie are very useful to create isoled environments to test applications.
I'll look into it
~ I guess today I have something new to study (yesterday was DoS attacks).

PBrennick

Arhk,
You are being very smart. it is best to know as much as possible about what is going on in your system. It is our responsibility to be as helpful as we can. We strive to achieve a balance by being very careful about what we put in our package. I might write some checksum type software, what do you think, Vortex. Of course, any solution can be defeated so at some point we have to say that enough is enough. GeneSys and any other installation I create may be bundled in a zip; but, the installation app, itself, does NOT use ZIP.

ZIP technology has been around for too long and is easily attacked. That is the reason why secure email systems such as GMail will not allow ZIP attachments. I am very comfortable using RAR and will continue to do so. The SDK itself is compressed using RAR. Next, this RAR is bundled with the Setup program and its DLL into another RAR (this becomes the actual installer) and finally, the entire thing is bundled into a ZIP. This makes it darn near impossible to attack the SDK. Nothing is totally impossible, the idea is to make it not worth the doing.

Paul
The GeneSys Project is available from:
The Repository or My crappy website

Vortex

Hi Paul,

A checksum type software is a good idea.