It is currently Sun Apr 22, 2018 7:39 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: My site : freenet account ; virus on some pages ?
PostPosted: Wed Nov 25, 2009 9:50 am 
Offline
User
User

Joined: Wed Nov 25, 2009 9:37 am
Posts: 25
I have an alert of my virus program (GDATA) on following pages:

http://freenet-homepage.de/gnozal/PureBUILD.zip
http://freenet-homepage.de/gnozal/PureValid_440.zip

If I would know how to load up pictures or so, I could send you the messages of GDATA...

Klaus

-----------------------------------------
PB 4.31, PB 4.40 b7, XP, Vista, Windows 7

_________________
42


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Wed Nov 25, 2009 11:02 am 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat Apr 26, 2003 8:27 am
Posts: 4229
Location: Strasbourg / France
Klaus_1963 wrote:
False positives with packed executables ... a classic.

When you have an alert, please check with several other anti-virus softwares, or with Virustotal before posting, especially when it's some generic / heuristic alert.
Thanks.

Scan results :
http://www.virustotal.com/analisis/8a13 ... 1259142995
http://www.virustotal.com/analisis/b30b ... 1259143125

Note about the user-libraries : the installers are self-extracting zip archives, so you can open them with any archiver and extract the files without starting the installer itself.

_________________
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Thu Feb 18, 2010 2:24 pm 
Offline
Enthusiast
Enthusiast

Joined: Tue Oct 31, 2006 4:34 am
Posts: 527
I'm sorry and I hate to bother you with this question again, because your programs are so useful to the whole group
and much appreciated by us all. But how can a person be sure in these cases that it's a false positive?
I used the virustotal web page on both of these files, with the zip, and unzipped. I even unarchived the
file into it's directories, and all three show multiple virus hits on the exe file.
I sincerely thank you for your help and understanding.


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Thu Feb 18, 2010 2:37 pm 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat Apr 26, 2003 8:27 am
Posts: 4229
Location: Strasbourg / France
yrreti wrote:
I'm sorry and I hate to bother you with this question again, because your programs are so useful to the whole group and much appreciated by us all. But how can a person be sure in these cases that it's a false positive?

What you can do : send the file(s) to your AV provider for analysis and the false alarm may disappear in next virus definition files.
Or change / setup your AV.

_________________
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Mon Mar 01, 2010 4:44 pm 
Offline
Addict
Addict
User avatar

Joined: Thu Aug 07, 2003 7:01 pm
Posts: 3080
Location: United Kingdom
AVG and Microsoft Security Essentials both detect PureValid as a virus on default settings.

_________________
http://www.SinisterSoft.com <- My Business website
http://www.ReportComplete.com and http://www.ReportPlus.co.uk <- School end of term reports system


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Mon Mar 01, 2010 5:13 pm 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat Apr 26, 2003 8:27 am
Posts: 4229
Location: Strasbourg / France
DoubleDutch wrote:
AVG and Microsoft Security Essentials both detect PureValid as a virus on default settings.
Only PureVALID, not the other libraries ?

The library installers are self-extracting ZIP archives ; so the alarm may come from the SFX stub or from files in the archive.
If it's only one library, it may be the archive content ; if it's all of them, it's rather the SFX stub.

_________________
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Mon Mar 01, 2010 5:17 pm 
Offline
Addict
Addict
User avatar

Joined: Thu Aug 07, 2003 7:01 pm
Posts: 3080
Location: United Kingdom
Only PureValid for me (on MS security essentials) - just tried both again for you. :)

_________________
http://www.SinisterSoft.com <- My Business website
http://www.ReportComplete.com and http://www.ReportPlus.co.uk <- School end of term reports system


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Mon Mar 01, 2010 5:19 pm 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat Apr 26, 2003 8:27 am
Posts: 4229
Location: Strasbourg / France
DoubleDutch wrote:
Only PureValid for me (on MS security essentials) - just tried both again for you. :)
So maybe its the (compressed) PureValid.exe file in the archive (it's the same since 2004 ...!) ?
I just tested this file on virustotal : it triggers a lot of generic/heuristic alarms ...
I will recompile this file (if I find the source).

_________________
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Mon Mar 01, 2010 10:20 pm 
Offline
Addict
Addict
User avatar

Joined: Thu Aug 07, 2003 7:01 pm
Posts: 3080
Location: United Kingdom
PM me when you do and I'll check it for you.

_________________
http://www.SinisterSoft.com <- My Business website
http://www.ReportComplete.com and http://www.ReportPlus.co.uk <- School end of term reports system


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Tue Mar 02, 2010 8:45 am 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat Apr 26, 2003 8:27 am
Posts: 4229
Location: Strasbourg / France
I have recompiled PureValid.exe and PureBuild.exe.
They should trigger less false (generic / heuristic) alarms (just tested on VirusTotal).

_________________
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Tue Mar 02, 2010 9:42 am 
Offline
Addict
Addict
User avatar

Joined: Thu Aug 07, 2003 7:01 pm
Posts: 3080
Location: United Kingdom
Someone must have reported your PureValid link as a link to a virus, as now the link shows up in MS security essentials! :(

Maybe you should rename the link?

(other links on the page are ok)

_________________
http://www.SinisterSoft.com <- My Business website
http://www.ReportComplete.com and http://www.ReportPlus.co.uk <- School end of term reports system


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Tue Mar 02, 2010 10:42 am 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat Apr 26, 2003 8:27 am
Posts: 4229
Location: Strasbourg / France
DoubleDutch wrote:
Someone must have reported your PureValid link as a link to a virus, as now the link shows up in MS security essentials! :(

The (newly compiled) PureValid_440.zip tested on VirusTotal is negative with Microsoft V1.5502, so I don't know what's wrong with MS security essentials...

_________________
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Tue Mar 02, 2010 11:24 am 
Offline
Addict
Addict
User avatar

Joined: Thu Aug 07, 2003 7:01 pm
Posts: 3080
Location: United Kingdom
The file now doesn't flag as a virus - but the link (since yesterday!!!) does. :(

I think changing the link slightly would do it.

_________________
http://www.SinisterSoft.com <- My Business website
http://www.ReportComplete.com and http://www.ReportPlus.co.uk <- School end of term reports system


Top
 Profile  
Reply with quote  
 Post subject: Re: Virus on some freenet pages?
PostPosted: Tue Mar 02, 2010 11:43 am 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat Apr 26, 2003 8:27 am
Posts: 4229
Location: Strasbourg / France
DoubleDutch wrote:
I think changing the link slightly would do it.

In this case my update tool wouldn't work anymore.
I guess the link issue will be fixed in a next MS update.

_________________
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).


Top
 Profile  
Reply with quote  
 Post subject: Miscellaneous site announcements
PostPosted: Wed Feb 23, 2011 2:26 pm 
Offline
PureBasic Expert
PureBasic Expert
User avatar

Joined: Sat Apr 26, 2003 8:27 am
Posts: 4229
Location: Strasbourg / France
My web site got temporarily blocked for "Signs of Malware".

To be sure, I scanned my site backup with ClamWin (updated 23 feb 2011) and MS Malicious Software Removal Tool 3.16 : nothing. I also scanned with VirusTotal : nothing either.

I have contacted the uCoz technical support : they received a complaint from abuseATclean-mxDOTde about PureUPX.zip.
I have repacked the file so that it should not trigger a false alarm anymore...
uCoz has deblocked the site.

It is online again.

_________________
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye