False positives in au3 extensions
Posted by: panzer
Date: December 09, 2010 05:52PM

SuperAntispyware flagged Tinyplus.exe as a some kind of threat. Is this a false positive?

I will try to check it again later in the afternoon and will come back with some more details although I am positive it is a false positive.




Edited 4 time(s). Last edit at 12/11/2010 08:00PM by disrupted.


Re: tinyURL plus
Posted by: panzer
Date: December 10, 2010 01:55AM

Trojan.Agent/Gen-SVC[Fake]
I:\KM 1.6\TOOLS\LINKSEXTRACTOR\LINKSEXTRACTOR.EXE
I:\KM 1.6\TOOLS\TINYPLUS.EXE
I:\KM 1.6\TOOLS\KEITH\KEITH.EXE

Application.Agent/Gen-TempZ
I:\KM 1.6\TOOLS\TEXTURLEXTRACTOR.EXE

Re: tinyURL plus
Posted by: disrupted
Date: December 11, 2010 05:11AM

yes, all false positives, check the disclaimer:
http://kmext.sourceforge.net/disclaimer.htm

the problem is in heuristic scans which is common now with most antiviruses. those scans don't really scan any upx binaries so they don't know what they really do and the antiv devs decided if we can't scan it then it's a virus. this is a very dumb way of handling scans as it caused serious damages to system files which they couldn't properly determine-like the mcafee svchost scandal

many programs suffer from this problem
http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/
http://www.nirsoft.net/false_positive_report.html

if it still makes you uneasy, just delete the compiled binaries and compile the source using the autoit compiler and make sure to cpmpile without any compression, otherwise the antivirus will still flag your manually compiled binary.
the catch is, uncompiled binaries are more than double the size of upx

Re: tinyURL plus
Posted by: panzer
Date: December 11, 2010 02:39PM

Thanx, Disrupted. I thought they were false positives, but I just had to ask.



Edited 2 time(s). Last edit at 12/11/2010 04:29PM by panzer.

K-Meleon forum is powered by Phorum.