It is currently Fri Aug 14, 2020 9:31 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 154 posts ]  Go to page Previous  1 ... 6, 7, 8, 9, 10, 11  Next
Author Message
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Thu Jul 23, 2020 9:38 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Jun 22, 2003 7:43 pm
Posts: 569
Location: Germany, Saarbrücken
Fantaisie can really do nothing about it. If I were you, I would sue the virus scanner manufacturers for damages. Virus scanners with their heuristics are just like the plague. All you can do is to make clear that your programs do not contain viruses. Everytime a program that was not recognized as a virus, can be recognized as a virus the very next day because bullshit A.I.

_________________
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Thu Jul 23, 2020 11:14 pm 
Offline
Addict
Addict
User avatar

Joined: Tue Nov 09, 2010 10:15 pm
Posts: 1673
Do you not know how instant it is to white list on the bitdefender database? They clear your within moments after submission, so you just tell your clients to update their av. Maybe the other is similar.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Fri Jul 24, 2020 1:02 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sat Jun 24, 2006 3:29 am
Posts: 248
Location: Edinburgh, Scotland.
Virus checkers... I think I last actively used one in about 1991 on the Amiga, VirusX IIRC :D Since I'm on WIndows I do leave MSSE on, but it's about at useful as a chocolate teapot. I think virus checkers are pretty pointless in a way, and pander to peoples unfounded fears. A properly configured computer and a modicum of common sense is all that is needed in reality :) That said, I don't really randomly surf the net and am probably not a "typical" computer user, and I totally get why institutions feel the need for such security measures. I just wanted to have a dig at virus checkers. :)

Incidentally my main program is a graphics editor... no web stuff... a few WinAPI calls... gets about 10 hits on virus total. *shrug*

_________________
Proud supporter of PB! * Musician * C64/6502 Freak


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Fri Jul 24, 2020 8:15 am 
Offline
User
User

Joined: Tue Mar 03, 2009 3:40 pm
Posts: 55
Location: france
Hello,

For submit to many antivirus company, this link is useful : https://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm

It is important to do this often.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sat Jul 25, 2020 11:56 pm 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 79
Location: Adelaide, South Australia
Just tried this. Most emails resulted in a delivery failure. I used 7Zip and Thunderbird as instructed. It does not seem to work very well for me.

The false positive problem is currently chronic. I have submitted to Microsoft and McAfee (who wanted more info) and Kaspersky and Bit-Defender. Awaiting results.

I do not believe Fred and Team can do anything about this. The people who are responsible for this mess will just recompile. The anti-virus companies will not change. The only solution is to submit programs to them for whitelisting, and to ask customers to exclude folders. I have discovered the 64-bit recompiled versions of my PureBasic programs do not suffer from the false positive problem like the 32-bit variety. I estimate 80% of my users have already upgraded to 64-bit Win systems but the 20% is a large worrying figure.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Jul 26, 2020 4:53 am 
Offline
Addict
Addict

Joined: Thu Apr 18, 2019 8:17 am
Posts: 955
DeanH wrote:
I have discovered the 64-bit recompiled versions of my PureBasic programs do not suffer from the false positive problem like the 32-bit variety.

I get the same false-positives from both 64-bit compiled apps as 32-bit, so unless you specifically need 64-bit then I'd stay with 32-bit to keep those extra 20% of users.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Thu Jul 30, 2020 6:15 am 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 79
Location: Adelaide, South Australia
Hi Barry,

That's interesting. Today I again submitted both 32 and 64-bit versions - both use identical source code - to Virus Total. 32-bit now has 15 false positives out of 63, but the 64-bit only one. Quite different from yours. I am currently supplying both "bit flavours" and advising schools to exclude if possible. The 32-bit programs have been cleared by McAfee, Microsoft and Kaspersky. Waiting for Sophos and Bit-Defender. An actual person at Kaspersky at least wrote back!


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Thu Jul 30, 2020 9:16 am 
Offline
Addict
Addict

Joined: Sat Feb 08, 2014 3:26 pm
Posts: 923
Same for me, I submit may last version (yes, upload exe, not use url) of my acme desk
x64: 2/72
x86: 4/72
x64+x86 inside setup: 2/68
Code:
v3.17.1.0 x64
ACME_Desk_x64.exe
01872bab7f65435119cf9a3d51c0357938f3a143c7d9588cb5f4f69b5dfb0206
2/72
- SecureAge APEX

v3.17.1.0 x86
ACME_Desk_x86.exe
313010038507037fcd48062b4057da3cd62cdd84c7bd8465fc2ea8b6535a4317
4/72
- SecureAge APEX
- Bkav
- Cylance
- VBA32

v3.17.1.0 x64 + x86 packaged Inno Setup 6.0.5u
ACME_Desk_Setup_x86x64_3.17.1.exe
fe0c4ec8a3a53fd5093601a65f83599358908e06338fef5187e27aa8d89cbbd9
2/68
- SecureAge APEX
- Cybereason
I don't pay attention to it anymore. Download whoever you want. :wink:
Funny thing: I have a lot less alerts than before when the only change in this version is the addition of two Chr(34) on the program launch parameters. :lol:
Advantage: I now know which antivirus software NOT to recommend. :mrgreen:

_________________
(English is not my native language, I use an online translator.)


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sat Aug 01, 2020 1:05 am 
Offline
User
User

Joined: Wed May 07, 2008 4:57 am
Posts: 79
Location: Adelaide, South Australia
Marcus I am curious about the Chr(34). Do these surround the path in the icon's properties or are they somewhere else? Where do they go?

Celtic88 provided some code that removes PB signatures. It seems to help.
https://www.purebasic.fr/english/viewtopic.php?f=13&t=72466

Even a week after Microsoft, Kaspersky and McAfee have reported my exe's are clean, they are still being quarantined.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sat Aug 01, 2020 7:06 am 
Offline
Addict
Addict

Joined: Sat Feb 08, 2014 3:26 pm
Posts: 923
Quote:
Marcus I am curious about the Chr(34). Do these surround the path in the icon's properties or are they somewhere else? Where do they go?
Hi DeanH,

It's in the program itself. I found that dragging and dropping a file on a program icon in desk didn't work if the file to be launched contained spaces.
Quickly corrected with a #DQUOTE$.
Code:
Before
            RunProgram(\Exe, EventDropFiles(), \StartDir)
After         
            RunProgram(\Exe, #DQUOTE$ + EventDropFiles() + #DQUOTE$, \StartDir)
That's the only change.
(Compiled with the same version of PB)

It is therefore possible that the analysis algorithms in VT have been modified ? in fact, the analysis in VT is much slower than it was a few months ago.

:wink:

_________________
(English is not my native language, I use an online translator.)


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 02, 2020 1:10 am 
Offline
User
User

Joined: Fri Jun 05, 2020 12:47 am
Posts: 74
I have just checked my program, and SecureAge APEX says it is Malicious. Strange, my program does not access internet in any way, and it is a really simple window program...


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 02, 2020 9:48 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Sep 11, 2016 2:17 pm
Posts: 719
AMpos wrote:
I have just checked my program, and SecureAge APEX says it is Malicious. Strange, my program does not access internet in any way, and it is a really simple window program...


Well, AVs are a scam even more so today than 10 years ago.
(AVs have completely lost touch with the vx scene a long time ago.)

Anway AVs are the problem not PureBasic!

Also i have yet to see a false AV detection that took me more than 10 minutes to fix (using old vx tricks from the 90s).
And lets be real anything a hobby coder like myself can fool within minutes is probably not worth it.


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 02, 2020 10:46 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Apr 05, 2020 11:28 am
Posts: 138
Location: Pandora
Delete the stuff from your computer and rest is easy.
Don't check for malware in your software, which doesn't contain any anyway.
If you are using Windows 10 you are already very well protected by the OS.
It should always be the task of the OS to protect the user anyway, not the task of installing additional software.
If you get cracks, cracked software or keymakers you don't need to complain anyway.
Then he just pays with Malware which he gets a price.
You do not visit suspicious websites, you do not follow various links in eMails.
Attachments in suspicious emails are not opened.
Never enter user data via links that are sent with an email, but only on the original website of the provider.

Try this, then you can see where a lot of crap comes from
https://haveibeenpwned.com/

Look with your search engine or on Youtube to : Install Sandbox Windows 10
This is a hidden but usefull Windows 10 feature

Use ever the lastes OS Versions and Updates !
Use not outdated OS versions !

The biggest epidemic is e-mails, and it is absolutely necessary to make technical changes.

Everything requires a clear mind as far as possible.

Ah yes, and malware authors should not be pampered here LOL

_________________
地球上の平和


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 02, 2020 11:36 am 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Sep 11, 2016 2:17 pm
Posts: 719
Saki wrote:
...
If you are using Windows 10 you are already very well protected by the OS.
...


Windows 10 is not any better than Windows XP - infact its even worse given the CVE records.
Also Updates are not always for the better some of them make things worse or even introduce new holes.

Windows XP is old and most of its flaws are very well known so its a system that can be protected with high confidence!
Windows 10 on the other hand is a more complex and not well known, unstable and evolving system!


Top
 Profile  
Reply with quote  
 Post subject: Re: Oh crap... PB ransomware
PostPosted: Sun Aug 02, 2020 12:04 pm 
Offline
Addict
Addict

Joined: Thu Apr 18, 2019 8:17 am
Posts: 955
Mijikai wrote:
Also i have yet to see a false AV detection that took me more than 10 minutes to fix (using old vx tricks from the 90s).

Are you able to share more info about this? Maybe by PM? My app still gets over 10 AV false-positives and I'd love to fix this.

Mijikai wrote:
Windows XP is old and most of its flaws are very well known so its a system that can be protected with high confidence!
Windows 10 on the other hand is a more complex and not well known, unstable and evolving system!

That's a very good point!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 154 posts ]  Go to page Previous  1 ... 6, 7, 8, 9, 10, 11  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye