PBOSL - giving false alarm with Kaspersky AntiVirus

For everything that's not in any way related to PureBasic. General chat etc...
Post Reply
okasvi
Enthusiast
Enthusiast
Posts: 150
Joined: Wed Apr 27, 2005 9:41 pm
Location: Finland

PBOSL - giving false alarm with Kaspersky AntiVirus

Post by okasvi »

subject says it all...
Stest.exe is detected as "Backdoor.Win32.LiteBot.f"

edit: oh forgot to say that it is the windows examples zip that does contain Stest.exe



most likely it is this piece of code making it:

Code: Select all

Procedure.s GetExeName()
  sApp.s=Space(256)
  GetModuleFileName_(GetModuleHandle_(0), @sApp, 256)
  ProcedureReturn sApp
EndProcedure
i know(and ive seen sources) IRL the person who coded litebot and he used

Code: Select all

  sApp.s=Space(256)
  GetModuleFileName_(GetModuleHandle_(0), @sApp, 256)
in it so that might be it :?
Top
ricardo
Addict
Addict
Posts: 2438
Joined: Fri Apr 25, 2003 7:06 pm
Location: Argentina

Post by ricardo »

Antivirus are absolutely crap.

They (at least NAV) search for 2 or 3 strings in an executable to clasified it as some specific virus.

I guess that AV works more making people feel scared, that really giving security.

In this case: send them an e mail telling them to change their string search (and send tthem some inofensive app that get catched as a virus).
ARGENTINA WORLD CHAMPION
Top
ricardo
Addict
Addict
Posts: 2438
Joined: Fri Apr 25, 2003 7:06 pm
Location: Argentina

Post by ricardo »

What is litebot?
ARGENTINA WORLD CHAMPION
Top
okasvi
Enthusiast
Enthusiast
Posts: 150
Joined: Wed Apr 27, 2005 9:41 pm
Location: Finland

Post by okasvi »

ricardo wrote:What is litebot?
ripped bot of my changuard-ircbot :oops:
Top
Post Reply

Return to “Off Topic”