Pure Basic.exe is a virus!

inc. · Post by **inc.** » Thu May 11, 2006 3:50 pm

Maybe Purebaisc.exe as been upxed and then renamed before beeing provided?
Cause sometimes if your compile gots the name XXXXX.exe and after upxing you do rename it to YYYYY.exe antivirus apps do alert.
--- well sometimes that happend on my machine

Karbon · Post by **Karbon** » Thu May 11, 2006 3:57 pm

No, the EXE is right there, it's just that execute permissions have somehow been turned off.. I'll investigate later, just thought someone might know off the top of their head!

thefool · Post by **thefool** » Thu May 11, 2006 4:04 pm

Karbon; the same things happens here.

how to deal with it: Right click avast icon, and pause the "Standard Shield" provider.

J. Baker · Post by **J. Baker** » Thu May 11, 2006 6:49 pm

And I thought I was losing my mine this morning.

Tranquil · Post by **Tranquil** » Thu May 11, 2006 10:33 pm

I did some tests and this are the results:

MadMax · Post by **MadMax** » Thu May 11, 2006 10:55 pm

This avast doesn't seem a very serious company to me. Clasifying PB exes as a virus just because someone may have written one with it. So then C an ASM compilers are viruses as well.

thefool · Post by **thefool** » Thu May 11, 2006 11:10 pm

MadMax: They didnt try to classify PB exe's as vira. The trouble is, if they get a special part of the exe wich might be some bad code, and that code actually comes from one of the pb libs (deletefile, etc who knows.. pb's way of calling api's?) how would they know that its a library part? How can they even know its written in purebasic..?

Lyon · Post by **Lyon** » Fri May 12, 2006 12:33 am

[quote]Every scanner does this now and then.. Avast, Norton, kaspersky everything.[/quote[Isn't that the truth, it can also pop up with Firewall programs, too. I remember about three-four years back when a lot of exes were setting off ZoneAlarm for no apparent reason.

Post by **Fred** » Fri May 12, 2006 1:28 am

thefool wrote:MadMax: They didnt try to classify PB exe's as vira. The trouble is, if they get a special part of the exe wich might be some bad code, and that code actually comes from one of the pb libs (deletefile, etc who knows.. pb's way of calling api's?) how would they know that its a library part? How can they even know its written in purebasic..?

I also think it's not very serious. When you write a signature based routine, you have to take care of that, there is numberous cases where the same binary code can be reused and found in many exe (for example if a program uses the jpeg lib, it will have a part of the program which will be exactly similar to all other programs which used the same versions). On the other side, i already got 2 'angry' mails telling me than the demo version has a virus...

thefool · Post by **thefool** » Fri May 12, 2006 9:21 am

@fred: You are right. Of course the mistake has some unpleasant followings, but afterall Avast cant really be blamed. And they have promised to fix it as fast as possible!

MikeB · Post by **MikeB** » Fri May 12, 2006 11:46 am

I have had a reply from Alwil (Avast) which has fixed the problem. As follows -

Good Morning

Sorry you are having problems.

The first thing we can do is to exclude the program/site from being scanned by Avast. To do this, there are a few steps.

To exclude a file / folder from avast!, please do the following:

Right-click the avast! a-ball icon
Click Program settings
Click Exclusions
Click Add
Add the file(s)
Click Ok

Second:

Double-click the small avast a-ball icon next to the clock Double -click on the standard shield icon Click on Advanced Click Add and add the location of the files here too.

This will stop avast! from including this file/folder/program whilst scanning.

Also, please try the following:

Open Control Panel > Add / Remove Programs > Select avast! > Click Change / Remove > Select Repair from the menu > Click Ok

Please note, you should be connected to the internet whilst doing this.

This should repair any faults in the avast! program and hopefully solve any problems.

I hope this helps, if not, please feel free to contact me again.

Regards,
Adam Riley
(Technical Support)

Take note of the second part where you are modifying the standard shield bit that you have to give the actual files and not the folder. I tried just adding the folder and it does not work.

Mike.

mskuma · Post by **mskuma** » Fri May 12, 2006 12:11 pm

Thanks Mike for that info - very helpful. In the second step, I wonder if you can get away with specifying "c:\program files\purebasic\*.*" (well I've tried it, so I'll see how it goes). Hopefully the virus def database will be updated in due course.

Tranquil · Post by **Tranquil** » Fri May 12, 2006 4:26 pm

Today (march 12) Avil released a new virus database and purebasic is no longer recognized as a trojan. Jeah!

Post by **Fred** » Fri May 12, 2006 4:52 pm

Thanks for the update, it has been quite a pain.

Rescator · Post by **Rescator** » Fri May 12, 2006 6:57 pm

Just for redundancy reason (and lazy peeps that do not check the announcements

http://www.purebasic.fr/english/viewtopic.php?t=21757