Oh crap... PB ransomware

For everything that's not in any way related to PureBasic. General chat etc...
User avatar
NicTheQuick
Addict
Addict
Posts: 1224
Joined: Sun Jun 22, 2003 7:43 pm
Location: Germany, Saarbrücken
Contact:

Re: Oh crap... PB ransomware

Post by NicTheQuick »

Fantaisie can really do nothing about it. If I were you, I would sue the virus scanner manufacturers for damages. Virus scanners with their heuristics are just like the plague. All you can do is to make clear that your programs do not contain viruses. Everytime a program that was not recognized as a virus, can be recognized as a virus the very next day because bullshit A.I.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
User avatar
Tenaja
Addict
Addict
Posts: 1948
Joined: Tue Nov 09, 2010 10:15 pm

Re: Oh crap... PB ransomware

Post by Tenaja »

Do you not know how instant it is to white list on the bitdefender database? They clear your within moments after submission, so you just tell your clients to update their av. Maybe the other is similar.
User avatar
oreopa
Enthusiast
Enthusiast
Posts: 281
Joined: Sat Jun 24, 2006 3:29 am
Location: Edinburgh, Scotland.

Re: Oh crap... PB ransomware

Post by oreopa »

Virus checkers... I think I last actively used one in about 1991 on the Amiga, VirusX IIRC :D Since I'm on WIndows I do leave MSSE on, but it's about at useful as a chocolate teapot. I think virus checkers are pretty pointless in a way, and pander to peoples unfounded fears. A properly configured computer and a modicum of common sense is all that is needed in reality :) That said, I don't really randomly surf the net and am probably not a "typical" computer user, and I totally get why institutions feel the need for such security measures. I just wanted to have a dig at virus checkers. :)

Incidentally my main program is a graphics editor... no web stuff... a few WinAPI calls... gets about 10 hits on virus total. *shrug*
Proud supporter of PB! * Musician * C64/6502 Freak
drgolf
User
User
Posts: 90
Joined: Tue Mar 03, 2009 3:40 pm
Location: france

Re: Oh crap... PB ransomware

Post by drgolf »

Hello,

For submit to many antivirus company, this link is useful : https://www.techsupportalert.com/conten ... endors.htm

It is important to do this often.
User avatar
DeanH
Enthusiast
Enthusiast
Posts: 223
Joined: Wed May 07, 2008 4:57 am
Location: Adelaide, South Australia
Contact:

Re: Oh crap... PB ransomware

Post by DeanH »

Just tried this. Most emails resulted in a delivery failure. I used 7Zip and Thunderbird as instructed. It does not seem to work very well for me.

The false positive problem is currently chronic. I have submitted to Microsoft and McAfee (who wanted more info) and Kaspersky and Bit-Defender. Awaiting results.

I do not believe Fred and Team can do anything about this. The people who are responsible for this mess will just recompile. The anti-virus companies will not change. The only solution is to submit programs to them for whitelisting, and to ask customers to exclude folders. I have discovered the 64-bit recompiled versions of my PureBasic programs do not suffer from the false positive problem like the 32-bit variety. I estimate 80% of my users have already upgraded to 64-bit Win systems but the 20% is a large worrying figure.
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Oh crap... PB ransomware

Post by BarryG »

DeanH wrote:I have discovered the 64-bit recompiled versions of my PureBasic programs do not suffer from the false positive problem like the 32-bit variety.
I get the same false-positives from both 64-bit compiled apps as 32-bit, so unless you specifically need 64-bit then I'd stay with 32-bit to keep those extra 20% of users.
User avatar
DeanH
Enthusiast
Enthusiast
Posts: 223
Joined: Wed May 07, 2008 4:57 am
Location: Adelaide, South Australia
Contact:

Re: Oh crap... PB ransomware

Post by DeanH »

Hi Barry,

That's interesting. Today I again submitted both 32 and 64-bit versions - both use identical source code - to Virus Total. 32-bit now has 15 false positives out of 63, but the 64-bit only one. Quite different from yours. I am currently supplying both "bit flavours" and advising schools to exclude if possible. The 32-bit programs have been cleared by McAfee, Microsoft and Kaspersky. Waiting for Sophos and Bit-Defender. An actual person at Kaspersky at least wrote back!
Marc56us
Addict
Addict
Posts: 1477
Joined: Sat Feb 08, 2014 3:26 pm

Re: Oh crap... PB ransomware

Post by Marc56us »

Same for me, I submit may last version (yes, upload exe, not use url) of my acme desk
x64: 2/72
x86: 4/72
x64+x86 inside setup: 2/68

Code: Select all

v3.17.1.0 x64
ACME_Desk_x64.exe
01872bab7f65435119cf9a3d51c0357938f3a143c7d9588cb5f4f69b5dfb0206
2/72
- SecureAge APEX

v3.17.1.0 x86
ACME_Desk_x86.exe
313010038507037fcd48062b4057da3cd62cdd84c7bd8465fc2ea8b6535a4317
4/72
- SecureAge APEX
- Bkav
- Cylance
- VBA32

v3.17.1.0 x64 + x86 packaged Inno Setup 6.0.5u
ACME_Desk_Setup_x86x64_3.17.1.exe
fe0c4ec8a3a53fd5093601a65f83599358908e06338fef5187e27aa8d89cbbd9
2/68
- SecureAge APEX
- Cybereason
I don't pay attention to it anymore. Download whoever you want. :wink:
Funny thing: I have a lot less alerts than before when the only change in this version is the addition of two Chr(34) on the program launch parameters. :lol:
Advantage: I now know which antivirus software NOT to recommend. :mrgreen:
User avatar
DeanH
Enthusiast
Enthusiast
Posts: 223
Joined: Wed May 07, 2008 4:57 am
Location: Adelaide, South Australia
Contact:

Re: Oh crap... PB ransomware

Post by DeanH »

Marcus I am curious about the Chr(34). Do these surround the path in the icon's properties or are they somewhere else? Where do they go?

Celtic88 provided some code that removes PB signatures. It seems to help.
viewtopic.php?f=13&t=72466

Even a week after Microsoft, Kaspersky and McAfee have reported my exe's are clean, they are still being quarantined.
Marc56us
Addict
Addict
Posts: 1477
Joined: Sat Feb 08, 2014 3:26 pm

Re: Oh crap... PB ransomware

Post by Marc56us »

Marcus I am curious about the Chr(34). Do these surround the path in the icon's properties or are they somewhere else? Where do they go?
Hi DeanH,

It's in the program itself. I found that dragging and dropping a file on a program icon in desk didn't work if the file to be launched contained spaces.
Quickly corrected with a #DQUOTE$.

Code: Select all

Before
            RunProgram(\Exe, EventDropFiles(), \StartDir)
After			
            RunProgram(\Exe, #DQUOTE$ + EventDropFiles() + #DQUOTE$, \StartDir)
That's the only change.
(Compiled with the same version of PB)

It is therefore possible that the analysis algorithms in VT have been modified ? in fact, the analysis in VT is much slower than it was a few months ago.

:wink:
AMpos
Enthusiast
Enthusiast
Posts: 128
Joined: Fri Jun 05, 2020 12:47 am

Re: Oh crap... PB ransomware

Post by AMpos »

I have just checked my program, and SecureAge APEX says it is Malicious. Strange, my program does not access internet in any way, and it is a really simple window program...
User avatar
Mijikai
Addict
Addict
Posts: 1360
Joined: Sun Sep 11, 2016 2:17 pm

Re: Oh crap... PB ransomware

Post by Mijikai »

AMpos wrote:I have just checked my program, and SecureAge APEX says it is Malicious. Strange, my program does not access internet in any way, and it is a really simple window program...
Well, AVs are a scam even more so today than 10 years ago.
(AVs have completely lost touch with the vx scene a long time ago.)

Anway AVs are the problem not PureBasic!

Also i have yet to see a false AV detection that took me more than 10 minutes to fix (using old vx tricks from the 90s).
And lets be real anything a hobby coder like myself can fool within minutes is probably not worth it.
User avatar
Saki
Addict
Addict
Posts: 830
Joined: Sun Apr 05, 2020 11:28 am
Location: Pandora

Re: Oh crap... PB ransomware

Post by Saki »

Delete the stuff from your computer and rest is easy.
Don't check for malware in your software, which doesn't contain any anyway.
If you are using Windows 10 you are already very well protected by the OS.
It should always be the task of the OS to protect the user anyway, not the task of installing additional software.
If you get cracks, cracked software or keymakers you don't need to complain anyway.
Then he just pays with Malware which he gets a price.
You do not visit suspicious websites, you do not follow various links in eMails.
Attachments in suspicious emails are not opened.
Never enter user data via links that are sent with an email, but only on the original website of the provider.

Try this, then you can see where a lot of crap comes from
https://haveibeenpwned.com/

Look with your search engine or on Youtube to : Install Sandbox Windows 10
This is a hidden but usefull Windows 10 feature

Use ever the lastes OS Versions and Updates !
Use not outdated OS versions !

The biggest epidemic is e-mails, and it is absolutely necessary to make technical changes.

Everything requires a clear mind as far as possible.

Ah yes, and malware authors should not be pampered here LOL
地球上の平和
User avatar
Mijikai
Addict
Addict
Posts: 1360
Joined: Sun Sep 11, 2016 2:17 pm

Re: Oh crap... PB ransomware

Post by Mijikai »

Saki wrote:...
If you are using Windows 10 you are already very well protected by the OS.
...
Windows 10 is not any better than Windows XP - infact its even worse given the CVE records.
Also Updates are not always for the better some of them make things worse or even introduce new holes.

Windows XP is old and most of its flaws are very well known so its a system that can be protected with high confidence!
Windows 10 on the other hand is a more complex and not well known, unstable and evolving system!
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Oh crap... PB ransomware

Post by BarryG »

Mijikai wrote:Also i have yet to see a false AV detection that took me more than 10 minutes to fix (using old vx tricks from the 90s).
Are you able to share more info about this? Maybe by PM? My app still gets over 10 AV false-positives and I'd love to fix this.
Mijikai wrote:Windows XP is old and most of its flaws are very well known so its a system that can be protected with high confidence!
Windows 10 on the other hand is a more complex and not well known, unstable and evolving system!
That's a very good point!
Post Reply