Announcement

Collapse
No announcement yet.

Virus detection in just compiled sample EXE

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Virus detection in just compiled sample EXE

    This is only a hint!
    I'm not at all engaged in internet programming and want simply inform you that "Avira Pemium Security Suite" detects after it's latest update a virus named "TR/BHO.Gen" as a trojan in EClient.exe. The source code is located in PBWin90\Samples\Internet\Tcp\EClient.bas. The EXE binary code produced by PBWin9 contains a significant sequence.
    Norbert Doerre

  • #2
    Does Avira still recognize a virus if you turn off heuristic scanning ?

    Kind regards
    Eddy

    Comment


    • #3
      Testing different configurations/compiler versions

      Eddy,
      yes, it also detects a virus w/o heuristic scanning. Just after the compiled file is written as EXE the virus sequence is found. I tested it on my other machine, too.

      I also tested the EXE files compiled with PBWin6. Here all three EXEs contain a virus sequence.

      The EXE files compiled by PBWin9, however, only produce a virus with EClient.bas.
      Norbert Doerre

      Comment


      • #4
        Norbert, I get the same result here. My Avira 9.0 gives a virus warning on EClient.exe, even with heuristic scanning and 'AHeAD' both turned off ....

        Kind regards
        Eddy

        Comment


        • #5
          Annoying false positive:

          http://www.virustotal.com/analisis/3...08fef8bcdc9bc5

          Out of 40 AV scanners, 2 trigger a virus warning: AntiVir & McAfee-GW-Edition.

          Bye!
          -- The universe tends toward maximum irony. Don't push it.

          File Extension Seeker - Metasearch engine for file extensions / file types
          Online TrID file identifier | TrIDLib - Identify thousands of file formats

          Comment


          • #6
            I get false positives with one of my apps from NOD32. No idea what triggers it, but it's definitely not a virus as the program is compiled and uploaded directly to the computer that reports it.

            It's a bit of a pain actually as occasionally it still flashes up the warning even though I excluded the apps' folder in NOD32's control panel.
            kgpsoftware.com | Slam DBMS | PrpT Control | Other Downloads | Contact Me

            Comment


            • #7
              Send compiled file to AV publisher.

              "False Positives" occur all the time with many different compliler products. This happens at least once per week with Inno Setup (you can check the newsgroup archives there if you want).

              The good AV vendors issue updates promptly.
              Michael Mattias
              Tal Systems (retired)
              Port Washington WI USA
              [email protected]
              http://www.talsystems.com

              Comment

              Working...
              X