Avira still picking up fals positives

Started by ajm0528, August 22, 2008, 09:13:08 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions

ecube

#15
July 19, 2009, 04:26:16 AM
load dlls dynamically and then call the functions. Vortex has a _invoke macro on here somwhere that lets you use the address like you would with invoke(doesn't work with cdecl calls only stdcall). This should make av's crappy heur stop whining. If you use GoASM it can invoke the dynamic function call directly which is neat.

ThexDarksider

#16
September 25, 2009, 11:20:51 PM
Seems they've improved it, no false positives here. I've compiled a few viruses on VirtualBox and it found them, but didn't flag non-viral code. :bg

hutch--

#17
September 26, 2009, 01:19:53 AM
 :tdown

Darksider,

We shoot anyone who messes around with viruses here. Tread carefully or you will get arseh*led out the door faster than Haley's comet.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

ThexDarksider

#18
September 26, 2009, 07:19:11 PM
Quote from: hutch-- on September 26, 2009, 01:19:53 AM
:tdown

Darksider,

We shoot anyone who messes around with viruses here. Tread carefully or you will get arseh*led out the door faster than Haley's comet.

Affirmative.

spikegee

#19
July 25, 2010, 09:49:40 PM
I am new to MASM32, and the current update (as of 25 July 2010) of Avira Antivir detects finst.exe, a temporary executable created during installation,
as containing the Trojan horse TR/Gendal.3938680.

I think this is due to signature rather than heuristics, as I have set the heuristic feature to its lowest level.

It feels not very safe to install the MASM32 SDK with those AV warnings,
though I admit it seems unlikely that a widely used development software as this one would be bundled with viruses.

For now I installed it on a sandboxed environment,
does anyone have some hints towards the safety of this install?

Gunner

#20
July 25, 2010, 09:59:18 PM
If you gotten the MASM package from Hutchs' site, then there are NO virii in any of the files no matter what any AV says... its just the way the asm progs are written...
~Rob (Gunner)
- IE Zone Editor
- Gunners File Type Editor
http://www.gunnerinc.com

hutch--

#21
July 26, 2010, 04:17:37 PM
Spike,

Do yourself a favour and shoot it, its not one of the high quality AV products. This stuff is build in an isolated environment and has been tested on millions of computers. The fault is in the crappy AV scanner you are using. Their problem is they don't properly understand the Microsoft Portable Executable specifications and try and inflict a subset based on their limited heuristc detection skills.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php
Print
Go Up Pages 1 2
User actions