No announcement yet.

Virus detection in just compiled sample EXE

  • Filter
  • Time
  • Show
Clear All
new posts

  • Virus detection in just compiled sample EXE

    This is only a hint!
    I'm not at all engaged in internet programming and want simply inform you that "Avira Pemium Security Suite" detects after it's latest update a virus named "TR/BHO.Gen" as a trojan in EClient.exe. The source code is located in PBWin90\Samples\Internet\Tcp\EClient.bas. The EXE binary code produced by PBWin9 contains a significant sequence.
    Norbert Doerre

  • #2
    Does Avira still recognize a virus if you turn off heuristic scanning ?

    Kind regards


    • #3
      Testing different configurations/compiler versions

      yes, it also detects a virus w/o heuristic scanning. Just after the compiled file is written as EXE the virus sequence is found. I tested it on my other machine, too.

      I also tested the EXE files compiled with PBWin6. Here all three EXEs contain a virus sequence.

      The EXE files compiled by PBWin9, however, only produce a virus with EClient.bas.
      Norbert Doerre


      • #4
        Norbert, I get the same result here. My Avira 9.0 gives a virus warning on EClient.exe, even with heuristic scanning and 'AHeAD' both turned off ....

        Kind regards


        • #5
          Annoying false positive:

          Out of 40 AV scanners, 2 trigger a virus warning: AntiVir & McAfee-GW-Edition.

          -- The universe tends toward maximum irony. Don't push it.

          File Extension Seeker - Metasearch engine for file extensions / file types
          Online TrID file identifier | TrIDLib - Identify thousands of file formats


          • #6
            I get false positives with one of my apps from NOD32. No idea what triggers it, but it's definitely not a virus as the program is compiled and uploaded directly to the computer that reports it.

            It's a bit of a pain actually as occasionally it still flashes up the warning even though I excluded the apps' folder in NOD32's control panel.
   | Slam DBMS | PrpT Control | Other Downloads | Contact Me


            • #7
              Send compiled file to AV publisher.

              "False Positives" occur all the time with many different compliler products. This happens at least once per week with Inno Setup (you can check the newsgroup archives there if you want).

              The good AV vendors issue updates promptly.
              Michael Mattias
              Tal Systems (retired)
              Port Washington WI USA
              [email protected]