Question about false positives

Welcome to The Aftermath. We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.

Join our community!

If you're already a member please log in to your account to access all of our features:

Question about false positives; Trojan alerts from 6 scanners
Topic Started: Apr 16 2008, 11:55 PM (1,330 Views)
CharlieP	Apr 16 2008, 11:55 PM Post #1
Newbie Posts: 3 Group: Members Member #727 Joined: April 16, 2008	Ran the Aim Adhack installer for version 5.9 through VirusTotal.org, and got some odd results. http://www.virustotal.com/analisis/eadd111...1b10f581b4d2a13 Incase the link dies. Authentium - - is a security risk or a backdoor program eSafe - - Win32.Eraser.a F-Prot - - W32/Malware!26f7 Ikarus - - Trojan.Win32.Eraser.A Prevx1 - - Heuristic: Suspicious Self Modifying File VBA32 - - Trojan.Win32.Eraser.a MD5: 09a46425d9307e12c1824a4802e1d627 This is slightly worrisome, as I would love an ad-free aim client, but I dislike trojans. Please let it be true that these are false positives!



bscabl	Apr 18 2008, 10:09 PM Post #2
Bofh Posts: 872 Group: Admin Member #1 Joined: January 24, 2004	weve been setting off virus scanners cuz of our scripting since vbersion 1 dont like it or trust it? dont use it.. weve won plenty of "100% free" awards from shareware/freeware sites. oh, and make sure your getting it directly from us, not some other site..



CharlieP	Apr 19 2008, 04:34 AM Post #3
Newbie Posts: 3 Group: Members Member #727 Joined: April 16, 2008	I wouldn't take it too personally if I don't trust you; I have no reason to personally. It's a matter of you gaining my trust, not you deserving my trust automatically. I've used aim adhack (and will continue to do so) for over four years now. My question is merely regarding the code that creates false positives, or why it assigns it the likeness of a specific trojan / whatever in the virus scanner. I've seen examples of source code where the removal of a mere three letters, something like FDZ, got rid of the false positive of a trojan. I've always downloaded from the links provided on your site. Not that it matters, the MD5 hash is idential to all the other installers I downloaded and scanned.



bscabl	Apr 19 2008, 09:03 PM Post #4
Bofh Posts: 872 Group: Admin Member #1 Joined: January 24, 2004	CharlieP Apr 19 2008, 03:34 AM I wouldn't take it too personally if I don't trust you; I have no reason to personally. It's a matter of you gaining my trust, not you deserving my trust automatically. I've used aim adhack (and will continue to do so) for over four years now. My question is merely regarding the code that creates false positives, or why it assigns it the likeness of a specific trojan / whatever in the virus scanner. I've seen examples of source code where the removal of a mere three letters, something like FDZ, got rid of the false positive of a trojan. I've always downloaded from the links provided on your site. Not that it matters, the MD5 hash is idential to all the other installers I downloaded and scanned. i wish you could inline quote in this thing.. anyways.. i dont take it personally.. im the prick of the development team.. glad to hear it.. i dont write the installer itself, cub does, but weve been pinging virrii scanners cuz of our scripting on the old version for years.. we dont develop for 5.9 anymore... so if there are in fact 3 letters.. unless cub is pretty bored.. theyre prolly gonna stay in there.. im glad that your getting it from us, and/or others arent modifying it..



CharlieP	Apr 19 2008, 11:46 PM Post #5
Newbie Posts: 3 Group: Members Member #727 Joined: April 16, 2008	Is the new aim 6.0 compatible with 5.9 for file transfers / direct connect?



sdowg43	Apr 20 2008, 11:37 AM Post #6
Beta Tester & Moderator Posts: 115 Group: Moderator Member #535 Joined: January 14, 2007	CharlieP Apr 19 2008, 10:46 PM Is the new aim 6.0 compatible with 5.9 for file transfers / direct connect? I believe so, and it is not 6.0 anymore, its 6.8.



cubanraul	May 21 2008, 04:01 AM Post #7
Mod-ish Posts: 321 Group: Moderator Member #6 Joined: February 11, 2004	Well here is a terribly late reply but better late than never ;) The false positives were an on and off thing for a while and I can say now ALL the scanners on virus total no longer report anything on a recompiled build. Nothing was changed in ad hack to fix this (besides using a newer version of inno setup) but it may just have been a scan result from before the false positives were fixed in the scanners themselves. Hopefully this time they stay removed (as you may have noticed they were already corrected in most mainstream scanners). Here is the result with the recompiled build: http://www.virustotal.com/analisis/68bab9c...ce59afae02524b8 EDIT: the recompiled version has been sent to bscabl and should be on the site in a few days.



bscabl	May 21 2008, 09:17 AM Post #8
Bofh Posts: 872 Group: Admin Member #1 Joined: January 24, 2004	its up



1 user reading this topic (1 Guest and 0 Anonymous)


« Previous Topic · Warnings · Next Topic »