virus in GeneSys.ZIP

RuiLoureiro · August 13, 2008, 02:53:40 PM

Hi Paul,
i found some virus in the file GeneSys.zip when i downloaded it
Rui

Ghirai · August 13, 2008, 03:24:06 PM

It's a false positive; use a decent AV :U

RuiLoureiro · August 13, 2008, 05:01:14 PM

Quote from: Ghirai on August 13, 2008, 03:24:06 PM
a decent AV :U

Hi Ghirai,
Could you give me one link to get it free, please
Thanks
Rui

Vortex · August 13, 2008, 05:19:12 PM

RuiLoureiro ,

As Ghirai said, it's a false positive. Some codes can trigger the heuristics analysis.

A powerful and free antivirus : Avira AntiVir Personal

RuiLoureiro · August 13, 2008, 05:50:06 PM

Hi Vortex,
Thank you for your help.
But it doesnt solve the problem because Avira AntiVir Personal was that found
the virus and you know what it does with it: delete, quarentine, etc.
It warns me the file had a virus Dropper.Gen and another ???
Is there another free AV, good

In any case, thanks
Rui
EDIT: i posted an image

[attachment deleted by admin]

Vortex · August 13, 2008, 06:14:05 PM

Hi RuiLoureiro,

Is it the Extractor ( \GeneSys\examples\Extractor ) example triggering the AV software? I am using Avira and I get the same alert but you can ignore it. The Extractor example has full source code and does not contain any malicious code.

RuiLoureiro · August 13, 2008, 06:41:01 PM

Quote from: Vortex on August 13, 2008, 06:14:05 PM
Is it the Extractor ( \GeneSys\examples\Extractor ) example triggering the AV software?

First it was in the file GeneSys.Zip and i tested some other files and i found it
in Data.rar too. I didnt test Extractor till now. I am running another AV just now.

Rui

PBrennick · August 14, 2008, 01:34:05 AM

Rui,
Data.rar contains all the examples so it will certainly yeild the same results. It is a false positive and should be reported as such to the distributor of the antiVirus software. If it is a certain sequence of opcodes that they are searching for they may not help but there are certainly no virus' in our code. Perhaps it does not like the fact that an EXE is being written to.

-- Paul

lingo · August 14, 2008, 01:54:39 PM

Thanks RuiLoureiro for alert,

I use Avast Antivirus v.4.8 and I get the same virus alert
Next I recompiled the source (because I'm not lazy and irresponsible as some people here)
and received the new Extractor.exe without viruses.(see attached file)

[attachment deleted by admin]

PBrennick · August 14, 2008, 02:15:15 PM

Lingo,

It really is not fair to say that I am lazy. I was unaware of the problem. Thanks to your nice efforts, though, I will do an upload right away.

Thank you for the help.
-- Paul

RuiLoureiro · August 14, 2008, 04:49:35 PM

Lingo,
I did an alert only. Nothing else. It is not good an AV tell us there is a virus in our files,
whithout our Knowledge.

Hi Paul,
I can tell you i ran another AV and it didnt give me any virus report anywhere
( Ad-Aware 2008 free ). There's no problem.

Rui

Vortex · August 14, 2008, 07:01:10 PM

Lingo,

Once again, you are demonstrating your "supposed professionalism" : the executable you created is immediately caught by Avira. It's not enough to test with only one AV software.

The next time you talk about nonsense in this subforum, your post will be edited without warning.

This new version of Extractor is now supported by Jeremy Collake's compression software. It's a simple SFX archive dumping the child executable to disc. Avira does not release now a false positive with this new demo.

[attachment deleted by admin]

PBrennick · August 14, 2008, 08:56:43 PM

Rui,

Please be aware that the editor in that package is not the newest ones and has some problems with console builds. You can download the most recent from my web site or wait until tomorrow when the archive is replaced. The new installation will be available from Ghirai (the address in my signature) as usual.

Vortex,
Because I do not like positives or false positives because it drives potential users away, I have decided to do the major release instead of the patch. I have added all the new tools and examples but have not implemented the updated build method for the definition files as your notes to me were unclear as to whether I need to modify setup.exe or not. The installation will be valid, either way, anyway.

-- Paul

Vortex · August 14, 2008, 09:26:35 PM

Paul,

It's the heuristics module of the AV software causing this issue. It's possible to avoid those false positives by applying other programming methods.

Vortex · August 15, 2008, 05:47:42 PM

With thanks to RuiLoureiro who tested the new Extractor version, the case is over. No any false positive.

News:

virus in GeneSys.ZIP