Miscellaneous site announcements

All PureFORM, JaPBe, Libs and useful code maintained by gnozal

Moderator: gnozal

Klaus_1963
User
User
Posts: 29
Joined: Wed Nov 25, 2009 9:37 am

My site : freenet account ; virus on some pages ?

Post by Klaus_1963 »

I have an alert of my virus program (GDATA) on following pages:

http://freenet-homepage.de/gnozal/PureBUILD.zip
http://freenet-homepage.de/gnozal/PureValid_440.zip

If I would know how to load up pictures or so, I could send you the messages of GDATA...

Klaus

-----------------------------------------
PB 4.31, PB 4.40 b7, XP, Vista, Windows 7
PureBasic 4.72 LTS - Windows / MacOS / Linux / strong coffee / stronger coffee / Coffee intravenously...
gnozal
PureBasic Expert
PureBasic Expert
Posts: 4229
Joined: Sat Apr 26, 2003 8:27 am
Location: Strasbourg / France
Contact:

Re: Virus on some freenet pages?

Post by gnozal »

Klaus_1963 wrote:I have an alert of my virus program (GDATA) on following pages:
http://freenet-homepage.de/gnozal/PureBUILD.zip
http://freenet-homepage.de/gnozal/PureValid_440.zip
False positives with packed executables ... a classic.

When you have an alert, please check with several other anti-virus softwares, or with Virustotal before posting, especially when it's some generic / heuristic alert.
Thanks.

Scan results :
http://www.virustotal.com/analisis/8a13 ... 1259142995
http://www.virustotal.com/analisis/b30b ... 1259143125

Note about the user-libraries : the installers are self-extracting zip archives, so you can open them with any archiver and extract the files without starting the installer itself.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
yrreti
Enthusiast
Enthusiast
Posts: 546
Joined: Tue Oct 31, 2006 4:34 am

Re: Virus on some freenet pages?

Post by yrreti »

I'm sorry and I hate to bother you with this question again, because your programs are so useful to the whole group
and much appreciated by us all. But how can a person be sure in these cases that it's a false positive?
I used the virustotal web page on both of these files, with the zip, and unzipped. I even unarchived the
file into it's directories, and all three show multiple virus hits on the exe file.
I sincerely thank you for your help and understanding.
gnozal
PureBasic Expert
PureBasic Expert
Posts: 4229
Joined: Sat Apr 26, 2003 8:27 am
Location: Strasbourg / France
Contact:

Re: Virus on some freenet pages?

Post by gnozal »

yrreti wrote:I'm sorry and I hate to bother you with this question again, because your programs are so useful to the whole group and much appreciated by us all. But how can a person be sure in these cases that it's a false positive?
What you can do : send the file(s) to your AV provider for analysis and the false alarm may disappear in next virus definition files.
Or change / setup your AV.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
User avatar
DoubleDutch
Addict
Addict
Posts: 3219
Joined: Thu Aug 07, 2003 7:01 pm
Location: United Kingdom
Contact:

Re: Virus on some freenet pages?

Post by DoubleDutch »

AVG and Microsoft Security Essentials both detect PureValid as a virus on default settings.
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
gnozal
PureBasic Expert
PureBasic Expert
Posts: 4229
Joined: Sat Apr 26, 2003 8:27 am
Location: Strasbourg / France
Contact:

Re: Virus on some freenet pages?

Post by gnozal »

DoubleDutch wrote:AVG and Microsoft Security Essentials both detect PureValid as a virus on default settings.
Only PureVALID, not the other libraries ?

The library installers are self-extracting ZIP archives ; so the alarm may come from the SFX stub or from files in the archive.
If it's only one library, it may be the archive content ; if it's all of them, it's rather the SFX stub.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
User avatar
DoubleDutch
Addict
Addict
Posts: 3219
Joined: Thu Aug 07, 2003 7:01 pm
Location: United Kingdom
Contact:

Re: Virus on some freenet pages?

Post by DoubleDutch »

Only PureValid for me (on MS security essentials) - just tried both again for you. :)
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
gnozal
PureBasic Expert
PureBasic Expert
Posts: 4229
Joined: Sat Apr 26, 2003 8:27 am
Location: Strasbourg / France
Contact:

Re: Virus on some freenet pages?

Post by gnozal »

DoubleDutch wrote:Only PureValid for me (on MS security essentials) - just tried both again for you. :)
So maybe its the (compressed) PureValid.exe file in the archive (it's the same since 2004 ...!) ?
I just tested this file on virustotal : it triggers a lot of generic/heuristic alarms ...
I will recompile this file (if I find the source).
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
User avatar
DoubleDutch
Addict
Addict
Posts: 3219
Joined: Thu Aug 07, 2003 7:01 pm
Location: United Kingdom
Contact:

Re: Virus on some freenet pages?

Post by DoubleDutch »

PM me when you do and I'll check it for you.
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
gnozal
PureBasic Expert
PureBasic Expert
Posts: 4229
Joined: Sat Apr 26, 2003 8:27 am
Location: Strasbourg / France
Contact:

Re: Virus on some freenet pages?

Post by gnozal »

I have recompiled PureValid.exe and PureBuild.exe.
They should trigger less false (generic / heuristic) alarms (just tested on VirusTotal).
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
User avatar
DoubleDutch
Addict
Addict
Posts: 3219
Joined: Thu Aug 07, 2003 7:01 pm
Location: United Kingdom
Contact:

Re: Virus on some freenet pages?

Post by DoubleDutch »

Someone must have reported your PureValid link as a link to a virus, as now the link shows up in MS security essentials! :(

Maybe you should rename the link?

(other links on the page are ok)
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
gnozal
PureBasic Expert
PureBasic Expert
Posts: 4229
Joined: Sat Apr 26, 2003 8:27 am
Location: Strasbourg / France
Contact:

Re: Virus on some freenet pages?

Post by gnozal »

DoubleDutch wrote:Someone must have reported your PureValid link as a link to a virus, as now the link shows up in MS security essentials! :(
The (newly compiled) PureValid_440.zip tested on VirusTotal is negative with Microsoft V1.5502, so I don't know what's wrong with MS security essentials...
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
User avatar
DoubleDutch
Addict
Addict
Posts: 3219
Joined: Thu Aug 07, 2003 7:01 pm
Location: United Kingdom
Contact:

Re: Virus on some freenet pages?

Post by DoubleDutch »

The file now doesn't flag as a virus - but the link (since yesterday!!!) does. :(

I think changing the link slightly would do it.
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
gnozal
PureBasic Expert
PureBasic Expert
Posts: 4229
Joined: Sat Apr 26, 2003 8:27 am
Location: Strasbourg / France
Contact:

Re: Virus on some freenet pages?

Post by gnozal »

DoubleDutch wrote:I think changing the link slightly would do it.
In this case my update tool wouldn't work anymore.
I guess the link issue will be fixed in a next MS update.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
gnozal
PureBasic Expert
PureBasic Expert
Posts: 4229
Joined: Sat Apr 26, 2003 8:27 am
Location: Strasbourg / France
Contact:

Miscellaneous site announcements

Post by gnozal »

My web site got temporarily blocked for "Signs of Malware".

To be sure, I scanned my site backup with ClamWin (updated 23 feb 2011) and MS Malicious Software Removal Tool 3.16 : nothing. I also scanned with VirusTotal : nothing either.

I have contacted the uCoz technical support : they received a complaint from abuseATclean-mxDOTde about PureUPX.zip.
I have repacked the file so that it should not trigger a false alarm anymore...
uCoz has deblocked the site.

It is online again.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
Post Reply