PB 5.51 x86; Windows 7; Wrong trojan detected;

Windows specific forum
HanPBF
Enthusiast
Enthusiast
Posts: 563
Joined: Fri Feb 19, 2010 3:42 am

PB 5.51 x86; Windows 7; Wrong trojan detected;

Post by HanPBF »

Hello,
I have a problem since 2017 when I compile and run example code:

Code: Select all

EnableExplicit

If OpenWindow(0,0,0,500,250,"Window",#PB_Window_SystemMenu|#PB_Window_ScreenCentered)
  ListIconGadget(1,10,10,480,230,"",100,#LVS_NOCOLUMNHEADER)
  
Repeat : Until WaitWindowEvent() = #PB_Event_CloseWindow
EndIf

Even starting PureBasic as portable there seems to be a file generated in C:\Users\USER\AppData\Local\Temp\.
O.k., is users folder; so maybe o.k.

First error is: "POLINK: fatal error: The system can not find file".

Antivirus complains then about "C:\Users\USER\AppData\Local\Temp\~092E60D.TMP"; which is cleared by anti virus protection.
When I do all the same with PureBasic 5.51 x64 nothing happens.
Behaviour is both for portable start and start of installed PureBasic.exe.

What file is "PB_EditorOutput.pb" after compiling?
This is created still in "C:\Users\USER\AppData\Local\Temp\".
Can this be re-set to another folder?


So, how can I fix this antivirus problem?
More a problem of McAfee antivirus?
And why only x86?


Any hints greatly apreciated!


Thanks a lot!
User avatar
Keya
Addict
Addict
Posts: 1891
Joined: Thu Jun 04, 2015 7:10 am

Re: PB 5.51 x86; Windows 7; Wrong trojan detected;

Post by Keya »

If your antivirus is detecting a simple Purebasic executable then that means there's also a fair chance other users with said antivirus will detect other PB devs legit executables, so please take a few minutes to at least email the AV company and send a copy of your executable in a password protected .zip in a second, separate email. Uploading it to virustotal.com probably can't hurt either
HanPBF
Enthusiast
Enthusiast
Posts: 563
Joined: Fri Feb 19, 2010 3:42 am

Re: PB 5.51 x86; Windows 7; Wrong trojan detected;

Post by HanPBF »

Hello Keya,

thanks for the infos.

Will try to do so.

Antivirus is McAfee.

Deteced is: "GenericRXAO-JC!____________" -> "generic" seems to show the wrong detection here.

Interesting: I have a bigger project with >50000 lines of code which compiles.

This line commented eliminates the error:

Code: Select all

ListIconGadget(1,10,10,480,230,"",100,#LVS_NOCOLUMNHEADER)
So something about Win32-API?

Anyway, hopefully can work on with the project; maybe have to switch to x64.

Thanks!
User avatar
Keya
Addict
Addict
Posts: 1891
Joined: Thu Jun 04, 2015 7:10 am

Re: PB 5.51 x86; Windows 7; Wrong trojan detected;

Post by Keya »

so simply commenting-out that line stops the antivirus detection?
HanPBF
Enthusiast
Enthusiast
Posts: 563
Joined: Fri Feb 19, 2010 3:42 am

Re: PB 5.51 x86; Windows 7; Wrong trojan detected;

Post by HanPBF »

Yes, indeed.

Some examples from RSBasic.de work and some trigger antivirus detection with POLINK-error.
User avatar
Keya
Addict
Addict
Posts: 1891
Joined: Thu Jun 04, 2015 7:10 am

Re: PB 5.51 x86; Windows 7; Wrong trojan detected;

Post by Keya »

well in that case...
HanPBF wrote:So something about Win32-API?
No, it sounds more like "something about John McAfee hiring kids fresh out of high school to add AV signatures judging by what they think looks good under a hex editor" :(
I guess seeing as they now get a bazillion malware samples a day it's turning into something of a fast food industry, some 'analysts' on minimum wage!?
HanPBF
Enthusiast
Enthusiast
Posts: 563
Joined: Fri Feb 19, 2010 3:42 am

Re: PB 5.51 x86; Windows 7; Wrong trojan detected;

Post by HanPBF »

Yes, shall be a McAfee problem.

When I put some example from RSBasic in one file -> detection.

When I put same source in my pbp-project -> no detection.

Detection does only occur out of a project / without not-many-lines-before example code.

Do .Net/JAVA have the same issues with antivirus programs even being one layer above native exe?
Hopefully, or that would be a reason to not do low level programming (down to Win32 API) anymore...
User avatar
Keya
Addict
Addict
Posts: 1891
Joined: Thu Jun 04, 2015 7:10 am

Re: PB 5.51 x86; Windows 7; Wrong trojan detected;

Post by Keya »

for the most part theyre just sequences of bytes, and because theres so many malware the size of each detection must logically therefore be of very few bytes, so i dont see HLL being any more immune in that respect with its bytecodes as opposed to native x86/64 but thats just my guess
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: PB 5.51 x86; Windows 7; Wrong trojan detected;

Post by Lunasole »

HanPBF wrote:

Code: Select all

Antivirus complains then about [/quote]

Delete it and never use again. It's anyway completely useless and can't offer you any real protection in 2017, all you need is nicely made and strictly configured firewall... and some level of paranoia ^^
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Post Reply