Miscellaneous site announcements
Moderator: gnozal
-
- User
- Posts: 29
- Joined: Wed Nov 25, 2009 9:37 am
My site : freenet account ; virus on some pages ?
I have an alert of my virus program (GDATA) on following pages:
http://freenet-homepage.de/gnozal/PureBUILD.zip
http://freenet-homepage.de/gnozal/PureValid_440.zip
If I would know how to load up pictures or so, I could send you the messages of GDATA...
Klaus
-----------------------------------------
PB 4.31, PB 4.40 b7, XP, Vista, Windows 7
http://freenet-homepage.de/gnozal/PureBUILD.zip
http://freenet-homepage.de/gnozal/PureValid_440.zip
If I would know how to load up pictures or so, I could send you the messages of GDATA...
Klaus
-----------------------------------------
PB 4.31, PB 4.40 b7, XP, Vista, Windows 7
PureBasic 4.72 LTS - Windows / MacOS / Linux / strong coffee / stronger coffee / Coffee intravenously...
-
- PureBasic Expert
- Posts: 4229
- Joined: Sat Apr 26, 2003 8:27 am
- Location: Strasbourg / France
- Contact:
Re: Virus on some freenet pages?
False positives with packed executables ... a classic.Klaus_1963 wrote:I have an alert of my virus program (GDATA) on following pages:
http://freenet-homepage.de/gnozal/PureBUILD.zip
http://freenet-homepage.de/gnozal/PureValid_440.zip
When you have an alert, please check with several other anti-virus softwares, or with Virustotal before posting, especially when it's some generic / heuristic alert.
Thanks.
Scan results :
http://www.virustotal.com/analisis/8a13 ... 1259142995
http://www.virustotal.com/analisis/b30b ... 1259143125
Note about the user-libraries : the installers are self-extracting zip archives, so you can open them with any archiver and extract the files without starting the installer itself.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
Re: Virus on some freenet pages?
I'm sorry and I hate to bother you with this question again, because your programs are so useful to the whole group
and much appreciated by us all. But how can a person be sure in these cases that it's a false positive?
I used the virustotal web page on both of these files, with the zip, and unzipped. I even unarchived the
file into it's directories, and all three show multiple virus hits on the exe file.
I sincerely thank you for your help and understanding.
and much appreciated by us all. But how can a person be sure in these cases that it's a false positive?
I used the virustotal web page on both of these files, with the zip, and unzipped. I even unarchived the
file into it's directories, and all three show multiple virus hits on the exe file.
I sincerely thank you for your help and understanding.
-
- PureBasic Expert
- Posts: 4229
- Joined: Sat Apr 26, 2003 8:27 am
- Location: Strasbourg / France
- Contact:
Re: Virus on some freenet pages?
What you can do : send the file(s) to your AV provider for analysis and the false alarm may disappear in next virus definition files.yrreti wrote:I'm sorry and I hate to bother you with this question again, because your programs are so useful to the whole group and much appreciated by us all. But how can a person be sure in these cases that it's a false positive?
Or change / setup your AV.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
- DoubleDutch
- Addict
- Posts: 3219
- Joined: Thu Aug 07, 2003 7:01 pm
- Location: United Kingdom
- Contact:
Re: Virus on some freenet pages?
AVG and Microsoft Security Essentials both detect PureValid as a virus on default settings.
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
https://reportcomplete.com <- School end of term reports system
-
- PureBasic Expert
- Posts: 4229
- Joined: Sat Apr 26, 2003 8:27 am
- Location: Strasbourg / France
- Contact:
Re: Virus on some freenet pages?
Only PureVALID, not the other libraries ?DoubleDutch wrote:AVG and Microsoft Security Essentials both detect PureValid as a virus on default settings.
The library installers are self-extracting ZIP archives ; so the alarm may come from the SFX stub or from files in the archive.
If it's only one library, it may be the archive content ; if it's all of them, it's rather the SFX stub.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
- DoubleDutch
- Addict
- Posts: 3219
- Joined: Thu Aug 07, 2003 7:01 pm
- Location: United Kingdom
- Contact:
Re: Virus on some freenet pages?
Only PureValid for me (on MS security essentials) - just tried both again for you.
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
https://reportcomplete.com <- School end of term reports system
-
- PureBasic Expert
- Posts: 4229
- Joined: Sat Apr 26, 2003 8:27 am
- Location: Strasbourg / France
- Contact:
Re: Virus on some freenet pages?
So maybe its the (compressed) PureValid.exe file in the archive (it's the same since 2004 ...!) ?DoubleDutch wrote:Only PureValid for me (on MS security essentials) - just tried both again for you.
I just tested this file on virustotal : it triggers a lot of generic/heuristic alarms ...
I will recompile this file (if I find the source).
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
- DoubleDutch
- Addict
- Posts: 3219
- Joined: Thu Aug 07, 2003 7:01 pm
- Location: United Kingdom
- Contact:
Re: Virus on some freenet pages?
PM me when you do and I'll check it for you.
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
https://reportcomplete.com <- School end of term reports system
-
- PureBasic Expert
- Posts: 4229
- Joined: Sat Apr 26, 2003 8:27 am
- Location: Strasbourg / France
- Contact:
Re: Virus on some freenet pages?
I have recompiled PureValid.exe and PureBuild.exe.
They should trigger less false (generic / heuristic) alarms (just tested on VirusTotal).
They should trigger less false (generic / heuristic) alarms (just tested on VirusTotal).
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
- DoubleDutch
- Addict
- Posts: 3219
- Joined: Thu Aug 07, 2003 7:01 pm
- Location: United Kingdom
- Contact:
Re: Virus on some freenet pages?
Someone must have reported your PureValid link as a link to a virus, as now the link shows up in MS security essentials!
Maybe you should rename the link?
(other links on the page are ok)
Maybe you should rename the link?
(other links on the page are ok)
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
https://reportcomplete.com <- School end of term reports system
-
- PureBasic Expert
- Posts: 4229
- Joined: Sat Apr 26, 2003 8:27 am
- Location: Strasbourg / France
- Contact:
Re: Virus on some freenet pages?
The (newly compiled) PureValid_440.zip tested on VirusTotal is negative with Microsoft V1.5502, so I don't know what's wrong with MS security essentials...DoubleDutch wrote:Someone must have reported your PureValid link as a link to a virus, as now the link shows up in MS security essentials!
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
- DoubleDutch
- Addict
- Posts: 3219
- Joined: Thu Aug 07, 2003 7:01 pm
- Location: United Kingdom
- Contact:
Re: Virus on some freenet pages?
The file now doesn't flag as a virus - but the link (since yesterday!!!) does.
I think changing the link slightly would do it.
I think changing the link slightly would do it.
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
https://reportcomplete.com <- School end of term reports system
-
- PureBasic Expert
- Posts: 4229
- Joined: Sat Apr 26, 2003 8:27 am
- Location: Strasbourg / France
- Contact:
Re: Virus on some freenet pages?
In this case my update tool wouldn't work anymore.DoubleDutch wrote:I think changing the link slightly would do it.
I guess the link issue will be fixed in a next MS update.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).
-
- PureBasic Expert
- Posts: 4229
- Joined: Sat Apr 26, 2003 8:27 am
- Location: Strasbourg / France
- Contact:
Miscellaneous site announcements
My web site got temporarily blocked for "Signs of Malware".
To be sure, I scanned my site backup with ClamWin (updated 23 feb 2011) and MS Malicious Software Removal Tool 3.16 : nothing. I also scanned with VirusTotal : nothing either.
I have contacted the uCoz technical support : they received a complaint from abuseATclean-mxDOTde about PureUPX.zip.
I have repacked the file so that it should not trigger a false alarm anymore...
uCoz has deblocked the site.
It is online again.
To be sure, I scanned my site backup with ClamWin (updated 23 feb 2011) and MS Malicious Software Removal Tool 3.16 : nothing. I also scanned with VirusTotal : nothing either.
I have contacted the uCoz technical support : they received a complaint from abuseATclean-mxDOTde about PureUPX.zip.
I have repacked the file so that it should not trigger a false alarm anymore...
uCoz has deblocked the site.
It is online again.
For free libraries and tools, visit my web site (also home of jaPBe V3 and PureFORM).