PureBasic Forums - English

One for all, the updatetool is NOT a trojan, i emailed the AV companies without any success yet.

TR/Crypt.XPACK.Gen trojan warnings from Avira Antivir when debugging code
in the IDE even though I disabled the heuristic...
Those security companies start annoying me!

Who needs AntiVirus software anyway? Although I use the free edition of Avira AntiVir now I was without "protection" for years and nothing happend. You don't need AntiVirus software if you are not a complete moron. Like opening .EXE attachments in emails or browsing illegal sites with internet explorer. AntiVirus software causes more trouble than truly helping the user. And these companies make billions of dollars when selling subscriptions for virus definition updates. Fear seems to be a very good selling point. :roll:

AV are something horrible.

The problem is that customers use it and this kind of false positives hurts sales.

Best thing we can do is send the file to the AV companies everytime someone in the forum receive a fasle positive so they can correct their database, because sadly they can hurt us with they prompts.

Fluid Byte wrote:Who needs AntiVirus software anyway? Although I use the free edition of Avira AntiVir now I was without "protection" for years and nothing happend. You don't need AntiVirus software if you are not a complete moron.

I had a virus infect my PC recently without my knowledge, and I use AntiVir and Firefox! No warnings whatsoever, but that's because I don't do a daily system scan with AntiVir. I will in future! Anyway, it was the "Delphi.Gen" trojan, and the following page confirms that it installs without user consent:

http://www.paretologic.com/resources/de ... N%20Trojan

Basically it replaced explorer.exe with its own version. I didn't even know I had it until my PureBasic app, which uses ShellExecute to open a folder for me, didn't do it anymore. I thought it was a Beta 6 bug at first. But then I noticed in the Task Manager that instead of "explorer.exe" it was "Explorer.exe" -- the initial capital letter was the giveaway. Did a scan with AntiVir and it was found and removed from my System32 and Temp folders.

Then I found out that my YouTube user account had been hacked and the password changed. So whoever was using this virus has done some damage to me. My YouTube page now has a porn video uploaded, as though I did it, when I didn't! Not fun.

Moral of the story: a good anti-virus app with daily system scans ARE essential!

I dont use any antivirus or any protection. Im just using DeepFreeze and it does all the job.

No headaches.

UserOfPure wrote:

Fluid Byte wrote:Who needs AntiVirus software anyway? Although I use the free edition of Avira AntiVir now I was without "protection" for years and nothing happend. You don't need AntiVirus software if you are not a complete moron.

I had a virus infect my PC recently without my knowledge, and I use AntiVir and Firefox! No warnings whatsoever, but that's because I don't do a daily system scan with AntiVir. I will in future! Anyway, it was the "Delphi.Gen" trojan, and the following page confirms that it installs without user consent:

http://www.paretologic.com/resources/de ... N%20Trojan

Basically it replaced explorer.exe with its own version. I didn't even know I had it until my PureBasic app, which uses ShellExecute to open a folder for me, didn't do it anymore. I thought it was a Beta 6 bug at first. But then I noticed in the Task Manager that instead of "explorer.exe" it was "Explorer.exe" -- the initial capital letter was the giveaway. Did a scan with AntiVir and it was found and removed from my System32 and Temp folders.

Then I found out that my YouTube user account had been hacked and the password changed. So whoever was using this virus has done some damage to me. My YouTube page now has a porn video uploaded, as though I did it, when I didn't! Not fun.

Moral of the story: a good anti-virus app with daily system scans ARE essential!

Your story show me even more that AV dont do anything usefull.

If you was running a fake explorer and the AV dont detect it... whats the purpose of have it running all day in systray?

In fact, any coder that want to code something and want to cheat AV can do it. So AV really cant stop them.
And in the other hand, in the middle, AV just prompts with many false positives.

As an conclusion: AV are better to detect false positives that to identify real potential malware o virus (just detect the abandoned ones that has no manteniance from they coders).

ricardo wrote:If you was running a fake explorer and the AV dont detect it... whats the purpose of have it running all day in systray?

I know. It makes me wonder if it's worth it, too.

Regarding Deep Freeze, I've been trying that and it's very good, but it won't let you specify which folders can be thawed. For example, if I freeze my C drive, then it also freezes "C:\Documents and Settings..." which means things like PureBasic prefs, Firefox bookmarks, etc, all get frozen too. I know you can relocate the "C:\Documents and Settings..." folder to another thawed drive, but that's too much hassle. Also, to revert the settings you need to do a full reboot, which is slow.

So I downloaded "Clean Slate" today (http://www.fortresgrand.com/products/cls/cls.htm) which works just like Deep Freeze, but you can specify any folders to remain untouched (even on frozen drives) and you can revert changes with either a reboot or logoff. Logoff is so much quicker! You can also enable/disable it on the fly if you need to tweak a system setting or install an app, unlike Deep Freeze where you need to reboot thawed, do the change, then reboot frozen. Also, you can prevent unknown executables from running too for an extra layer of security (which would've stopped Explorer.exe from being replaced). I may remove my anti-virus app if "Clean Slate" proves worthwhile. I'm using the trial version at the moment, which is a 30-day trial, but my PC clock was accidentally set a year ahead when I installed it and the trial says it expires in May 2009, so we'll see.

I have some personal nigthmare story with Norton.

My wife purchase it 2 or 3 years ago, never runs fine in her PC and trying to get support is more difficult that has a date in the White House.

BUT, they keep charging every year the annual suscription and there is no way to stop them to doing it.

A few days ago i saw they charge again (no matter i ask them to stop last year) my CC.
I know, i can ask the bank to stop them, but i think that this kind of companies (Norton) where more trusteable!

JCV wrote:Im just using DeepFreeze

JCV, what do you do to retain your %AppData% folder with Deep Freeze?

UserOfPure wrote:

JCV wrote:Im just using DeepFreeze

JCV, what do you do to retain your %AppData% folder with Deep Freeze?

I dont need to store any new data on my client client/server pc on the main partition since I keep all important/updating programs on a different hidden drive.

And I use a different pc for my programming needs and it doesnt have deepfreeze.

Looking at the picture of the UMBRELLA CORP AntiVir... I see 3 Purebasic help chms??? I would keep an eye o winzip too! AND I would download 1 or 2 rootkkit cleaners just to be safe. I suspect the funky exlorer.exe was the problem.

@Ricardo:

The problem is that customers use it and this kind of false positives hurts sales.

I disagree... I think it helps AntiVirus sales... I suspect some of those AV Companies are still creating viri daily!!!

My company called Norton AntiVirus... Moron Antivirus since it was sooooo easy to dupe and trick!

Complain to the credit card company. Document your emails to Norton. Switch to Avast!!!

Fluid Byte wrote:Who needs AntiVirus software anyway? Although I use the free edition of Avira AntiVir now I was without "protection" for years and nothing happend. You don't need AntiVirus software if you are not a complete moron.

I would usually agree but my dev machine at home got infected the other night through (i'm guessing here) an exploit in thunderbird? All i did was click on an email message to read it and BAM my AV went mental and i had a self replicating trojan in my system folder. AVG sorted it out though.

Same thing happens here...

Trojan (TR/Crypt.XPACK.Gen) detected inside update tool with Avira Antivir.

Kale wrote:All i did was click on an email message to read it

Was it an HTML email?

PS, gotta love the way that most AV tools set up a quarantine folder in Outlook and have the display option default to show the preview pane :)