Avast and UseSQLiteDatabase() = false positive

Sparkie · Post by **Sparkie** » Tue Aug 25, 2009 1:47 am

Using PB 4.31, UseSQLiteDatabase() is causing a false positive with Avast on my home PC (Vista) but not on my work PC (XP). Anybody else?

Code: Select all


UseSQLiteDatabase()

If OpenWindow(0, 0, 0, 400, 400, "Main", #PB_Window_SystemMenu)
  Repeat
    Event = WaitWindowEvent()
  Until Event = #PB_Event_CloseWindow
EndIf

Kaeru Gaman · Post by **Kaeru Gaman** » Tue Aug 25, 2009 9:25 am

just this snippet running from within the IDE?
no positive here. (XP)

SFSxOI · Post by **SFSxOI** » Tue Aug 25, 2009 5:49 pm

With just that running in the IDE, no indications here on Windows 7 Ultimate with Avast, no indications here on the Vista Ultimate machine with Avast.

ABBKlaus · Post by **ABBKlaus** » Tue Aug 25, 2009 8:06 pm

did you tried uploading the resulting exe´s to http://www.virustotal.com ?

i compiled and uploaded the snippet, but all i get is one (1) false positive :

Code: Select all

a-squared 4.5.0.24 2009.08.25 - 
AhnLab-V3 5.0.0.2 2009.08.25 - 
AntiVir 7.9.1.3 2009.08.25 - 
Antiy-AVL 2.0.3.7 2009.08.24 - 
Authentium 5.1.2.4 2009.08.25 - 
Avast 4.8.1335.0 2009.08.25 - 
AVG 8.5.0.406 2009.08.25 - 
BitDefender 7.2 2009.08.25 - 
CAT-QuickHeal 10.00 2009.08.25 - 
ClamAV 0.94.1 2009.08.25 - 
Comodo 2090 2009.08.25 - 
DrWeb 5.0.0.12182 2009.08.25 - 
eSafe 7.0.17.0 2009.08.25 - 
eTrust-Vet 31.6.6699 2009.08.25 - 
F-Prot 4.4.4.56 2009.08.24 - 
F-Secure 8.0.14470.0 2009.08.25 - 
Fortinet 3.120.0.0 2009.08.25 - 
GData 19 2009.08.25 - 
Ikarus T3.1.1.68.0 2009.08.25 - 
Jiangmin 11.0.800 2009.08.25 - 
K7AntiVirus 7.10.827 2009.08.25 - 
Kaspersky 7.0.0.125 2009.08.25 - 
McAfee 5720 2009.08.25 - 
McAfee+Artemis 5720 2009.08.25 - 
McAfee-GW-Edition 6.8.5 2009.08.25 - 
Microsoft 1.4903 2009.08.25 - 
NOD32 4367 2009.08.25 - 
Norman  2009.08.25 - 
nProtect 2009.1.8.0 2009.08.25 - 
Panda 10.0.2.2 2009.08.25 - 
PCTools 4.4.2.0 2009.08.25 - 
Prevx 3.0 2009.08.25 - 
Rising 21.44.11.00 2009.08.25 Packer.Win32.LoveLHM.a [Suspicious] 
Sophos 4.44.0 2009.08.25 - 
Sunbelt 3.2.1858.2 2009.08.25 - 
Symantec 1.4.4.12 2009.08.25 - 
TheHacker 6.3.4.3.387 2009.08.25 - 
TrendMicro 8.950.0.1094 2009.08.25 - 
VBA32 3.12.10.10 2009.08.25 - 
ViRobot 2009.8.25.1901 2009.08.25 - 
VirusBuster 4.6.5.0 2009.08.25 -

Sparkie · Post by **Sparkie** » Wed Aug 26, 2009 1:33 am

Thanks guys. Seems to be fixed with today's Avast update as no more false positives are being reported. Not sure why it was picking on me only.

I guess August 2009 just isn't my month.

Rescator · Post by **Rescator** » Sun Sep 06, 2009 10:58 pm

Might have been a hash collision with the one in the virus signature for that virus?

Post by **idle** » Sun Sep 06, 2009 11:34 pm

that's a great service

I just uploaded one of my own programs and got

Rising 21.44.11.00 2009.08.25 Packer.Win32.LoveLHM.a [Suspicious]

would look like Rising has some problems with its Mojo

KJ67 · Post by **KJ67** » Sun Sep 06, 2009 11:38 pm

With PB4.40b2 Vista x86

File test.exe received on 2009.09.06 22:33:46 (UTC)
Antivirus Version Last Update Result
Avast 4.8.1351.0 2009.09.05 Win32:SkiMorph
GData 19 2009.09.07 Win32:SkiMorph
McAfee+Artemis 5733 2009.09.06 Suspect-29!1A8B2D34229D
Rising 21.45.14.00 2009.09.01 Packer.Win32.LoveLHM.a [Suspicious]

Hmm... I think I will stick with NOD32!