Author Topic: Latest batch of unsound AV scanners.  (Read 302 times)

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 10572
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Latest batch of unsound AV scanners.
« on: January 06, 2023, 08:25:03 PM »
The version of masm64.zip that has been used by many people is now being flagged by the trash end of AVnscanners.

Fortinet            Jan 6, 2023 W32/PossibleThreat
BitDefender Antivirus Jan 6, 2023 Gen:Variant.Razy.683884
F-Secure Anti-Virus Jan 6, 2023 Heuristic.HEUR/AGEN.1253024
MicroWorld eScan    Jan 6, 2023 Gen:Variant.Razy.683884
G DATA              Jan 6, 2023 Trojan.Bredolab.V

Using both the default Win10 AV scanner and Kaspersky's KVRT.EXE, masm64.zip does not trigger and false positives.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy:

jj2007

  • Member
  • *****
  • Posts: 13871
  • Assembly is fun ;-)
    • MasmBasic
Re: Latest batch of unsound AV scanners.
« Reply #1 on: January 06, 2023, 09:07:53 PM »
Jotti for RichMasm.exe: 2/15 scanners reported malware (Ikarus and Sophos)
Same for a crunched and zipped version: only one, Ikarus reports "Trojan.Zenpak"

Same file on VirusTotal: 6/65 ("unsafe", "malicious", "detected", "trojan") :tongue:

See Erol's post at Is virustotal.com legimate ?

I've given up searching for a logic. Will they report me as clean if I replace all pushad instructions with 6 pushes? I don't care. We are assembler programmers, our users (=fellow members) are 99% assembler programmers, too, and we are used to crappy AV software.

The only problem are the newbies, so they need a para at the download page explaining what a heuristic scanner is, and how to exclude the \Masm32 folder when using the most popular crappy AV software. People are scared of viruses, and rightly so. Even here in the forum I prefer building from the source, except for people I have known for over 10 years - trust is a precious resource :tongue:

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 10572
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Latest batch of unsound AV scanners.
« Reply #2 on: January 07, 2023, 09:55:11 AM »
Latest trick on my Win10 is that the file "masm64.zip" is automatically deleted if it is not in the location designated in the security settings.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :skrewy: