PureBasic Forums - English

An experimental build of PureGDK is being flagged as a "hijacker trojan infection" by one of my customers. Would anyone with an anti-virus mind checking to see if your software flags this executable as a false positive?

http://puregdk.com/files/upload/gdk_experimental.zip

You don't have to run it but if you feel so inclined I also need people to test it on other operating systems:

http://www.purebasic.fr/english/viewtop ... 22#p300722

Thanks.

I just updated Avira Antivir (the app I use on my PC) and got this result:



I then submitted the file to http://virusscan.jotti.org and got this result:



So yeah, something's ugly somewhere, and more than one antivirus app is flagging it.

from nod -> gdk_experimental.exe - probably a variant of Win32/Injector.V trojan

cheers

Thanks for the link, PB. The executable was flagged by 6 of the 21 anti-virus scanners from that website. I have submitted inquiries to:

Avira AntiVir, Softwin BitDefender, Dr.Web, Frist F-Prot Antivirus, G DATA, and ESET NOD32.

If anyone has a false positive on any other software product please let me know.

I've also confirmed it with McAfee Total Protection 2009. Is there anyone with the most recent version of Norton who can test it?

I had similar issues with the compiler IF debugger was selected...

If I ran programs compiled with debugger ON I got the same flag from AVIRA...

Avast felt nada and continues happy and peaceful!

I've had a false positive from Avast before. They fixed it in less than 24 hours:

http://www.purebasic.fr/english/viewtop ... 64#p275564

Norton says it's clean. I'll be calling McAfee in the morning.

Quick run thru the lab here, 10 different AV packages, not even a delay on scanning and no warnings, pretty sure its a false positive. Don't trust the web page based scanners on the 'net when you suspect a false positive, only about a 15% accuracy rate for them on false positive situations and only around a 60% accuracy for actual detection for the most common if they are really obvious. Is your customer using XP or Vista?

"hijacker trojan infection" is all the warning said? Has your customer updated his/her AV product to the latest version and definitions? Report it to the AV software producer so it can be included in their next updates.

connect http://www.virustotal.com/ for checking your programs with most avaliable AV engines/catalogues.

rsts wrote:from nod -> gdk_experimental.exe - probably a variant of Win32/Injector.V trojan

cheers

Same results here with NOD32.

Could be nice if someone share a list of emails of webpages for each AV to claim when they mark as false positive some app.
Its very common, maybe someone are building malware with PB, but its common that some PB apps are flagged by AV.
So, having a list of where to ask AV companies to fix a false positive could be fine

ricardo wrote:Could be nice if someone share a list of emails of webpages for each AV to claim when they mark as false positive some app.

Done!

http://www.purebasic.fr/english/viewtop ... 12&t=39249

Mistrel wrote:

ricardo wrote:Could be nice if someone share a list of emails of webpages for each AV to claim when they mark as false positive some app.

Done!

http://www.purebasic.fr/english/viewtop ... 12&t=39249

Great!!

Confirmation of the false positive so far by Dr.Web and Kaspersky. Kaspersky has already updated it in their service. Still waiting to hear back from everyone else.

Yep, a false positive. I gave this to the guys in the lab for a little more indepth analysis. They are always testing anti-virus products and tracing and disecting various viruses/trojans/worms and malware, so I threw this into their mix. They examined it as a favor to me. Its a false positive, there is no virus/trojan/ or any form of malware actually present.