PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

PBOSL - giving false alarm with Kaspersky AntiVirus

https://www.purebasic.fr/english/viewtopic.php?t=17152

Page 1 of 1

PBOSL - giving false alarm with Kaspersky AntiVirus

Posted: Mon Oct 10, 2005 1:56 am
by okasvi
subject says it all...
Stest.exe is detected as "Backdoor.Win32.LiteBot.f"

edit: oh forgot to say that it is the windows examples zip that does contain Stest.exe



most likely it is this piece of code making it:

Code: Select all

Procedure.s GetExeName()
  sApp.s=Space(256)
  GetModuleFileName_(GetModuleHandle_(0), @sApp, 256)
  ProcedureReturn sApp
EndProcedure
i know(and ive seen sources) IRL the person who coded litebot and he used

Code: Select all

  sApp.s=Space(256)
  GetModuleFileName_(GetModuleHandle_(0), @sApp, 256)
in it so that might be it :?

Posted: Mon Oct 10, 2005 4:51 am
by ricardo
Antivirus are absolutely crap.

They (at least NAV) search for 2 or 3 strings in an executable to clasified it as some specific virus.

I guess that AV works more making people feel scared, that really giving security.

In this case: send them an e mail telling them to change their string search (and send tthem some inofensive app that get catched as a virus).

Posted: Mon Oct 10, 2005 4:53 am
by ricardo
What is litebot?

Posted: Mon Oct 10, 2005 5:43 am
by okasvi
ricardo wrote:What is litebot?
ripped bot of my changuard-ircbot :oops:
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited