AVira AntiVir Problem

[Motu]

I Know it is not a bug in PB - but may be there is a way to fix it:

Code: Select all

OpenWindow(0,0,0,500,310,"AntiVir",#PB_Window_ScreenCentered|#PB_Window_SystemMenu)
UseJPEGImageDecoder()
CatchImage(0,?BackImage,?BackImageEND-?BackImage)

DataSection
BackImage: IncludeBinary "YourImage.jpg": BackImageEND:
EndDataSection

Try this code (you need a yourimage.jpg) with Antivir guarding your system an you get a virus message:
TR/Crypt.XPACK.Gen - works on both Vista and XP.

[c4s]

I don't get this message...

Maybe your image is corrupt or so?

[Thunder93]

You are right in your topic title, ... this is an AntiVir problem.

If you haven't already.., you'll need to report the fp to AntiVir.


... I just discovered recently that PureBasic x86 pbcompiler when used manually and set with /DEBUGGER parameter, with one more factor involved causes Avast! to alert with Win32:KdCrypt [Cryp] on the compiled files.

Nothing PureBasic devs should do... Nothing wrong with their program, it's the antivirus that needs to be corrected.



Regards,
Thunder93

[djes]

Maybe it's really a virus. Send us your exe and your picture and we will compare resultant files.

[Trond]

TR/Crypt.XPACK.Gen on PB compiled files is not a virus. They should have fixed this a week ago, but if you have updated your virus definitions and it's still detected, send the file to Avira.

[Kaeru Gaman]

the JPG is a packed format.
so, including the binary data on an image in JPG, means including some packed data.
this packed data is detected by an heuristic algorithm.

some VS now spread a warning, some do nothing because it's only jpg,
and some trigger happy ferenghi scanners insist it's a virus to show off.

furc avira!

[superadnim]

I get the same message, in fact I've been having it randomly over the past weeks and I never include any binaries whatsoever but I do indeed have the heuristics all the way up to "high".

I also managed to pop up a false warning by carefully choosing a few api calls (all with empty params). It seems as if the heuristics just match the situations but not exactly what's going on in the application itself.

[blueznl]

I'm running (a registered version of) Avira as well, yet with heuristics set to medium level. The number of false alarms has been minimal, and none with PureBasic.

I've had two or three alarms (most notably a 'trojan w32.xxxx.dropper' but the files it triggered on did not cause anything in online virus checkers or another machine where I run a different virusscanner on. Running those apps and checking for spyware (with SuperAntiSpyware, SpyBot, and ZoneAlarm) did not reveal anything so I have to assume they are false alerts as well.

Thus far, I've either been clean for the last 10 years or so (including drive by downloads) in spite of 'risky' Internet and download behaviour Either that, or none of the scanners I used over time has been working

Typically I run with a real time virus scanner (Avira), a firewall (ZoneAlarm or Comodo), anti spyware (ZoneAlarm, SuperAntiSpyware, SpyBot), on a fully patched and updated machine with many unneccessary services killed.

That approach either works, or I've been the biggest slave of spam networks ever

[PB]

Avira has updated their database with my submission the other day, so a
future update should stop it. Here's their reply:

The file 'False.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.1.1.197.

Note: "False.exe" was a file compiled from this harmless code:

Code: Select all

f=LoadImage(0,f$)

If f
  ivw=ImageWidth(0) : ivh=ImageHeight(0)
  If OpenWindow(0,0,0,ivw,ivh,GetFilePart(f$),#PB_Window_ScreenCentered|#PB_Window_SystemMenu)
    StickyWindow(0,#True) : ImageGadget(0,0,0,ivw,ivh,f)
    Repeat : Until WaitWindowEvent()=#PB_Event_CloseWindow
  EndIf
EndIf

[ar-s]

Avira has updated their database with my submission the other day, so a
future update should stop it. Here's their reply:

The file 'False.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.1.1.197.

Note: "False.exe" was a file compiled from this harmless code:

Code: Select all

f=LoadImage(0,f$)

If f
  ivw=ImageWidth(0) : ivh=ImageHeight(0)
  If OpenWindow(0,0,0,ivw,ivh,GetFilePart(f$),#PB_Window_ScreenCentered|#PB_Window_SystemMenu)
    StickyWindow(0,#True) : ImageGadget(0,0,0,ivw,ivh,f)
    Repeat : Until WaitWindowEvent()=#PB_Event_CloseWindow
  EndIf
EndIf

Same to one of my release...
Avira correct it but they are a bit to crappy with heuristic detection...