Author Topic: trojan in masm32v11  (Read 7761 times)

jayanthd

  • Guest
trojan in masm32v11
« on: January 08, 2013, 04:31:24 AM »
Hello!

I found out that the following 2 files in masm32 installation is infected with trojans. (Scanned with AVG Internet Security)

polib.exe                        Trojan horse Startpage.SLK
dlgmake.exe                  Trojan Horse BackDoor.Generic16.KKX

I sent the files to AVG for analysis and they confirmed the infections.

Will new files be provided?

dedndave

  • Member
  • *****
  • Posts: 8734
  • Still using Abacus 2.0
    • DednDave
Re: trojan in masm32v11
« Reply #1 on: January 08, 2013, 04:41:36 AM »
they are false
let AVG provide a new AV program   :P

http://masm32.com/board/index.php?board=23.0

qWord

  • Member
  • *****
  • Posts: 1454
  • The base type of a type is the type itself
    • SmplMath macros
Re: trojan in masm32v11
« Reply #2 on: January 08, 2013, 04:42:57 AM »
That are definitively false positives as long as you get the package from the links Hutch supplies - either change the AV or move these file (or MASM32 installation) to the exceptions/ignore-list (or however AVG call that).
MREAL macros - when you need floating point arithmetic while assembling!

jayanthd

  • Guest
Re: trojan in masm32v11
« Reply #3 on: January 08, 2013, 04:53:16 AM »
I asked the AVG people to analyze the files for trojan in it. They confirmed that there is trojan in the files.

jayanthd

  • Guest
Re: trojan in masm32v11
« Reply #4 on: January 08, 2013, 04:55:59 AM »
Do I really need those 2 files I mentioned for writing and assembling my masm projects or can I work without those 2 infected files. I downloaded the masm32v11 from MASM32 website.

dedndave

  • Member
  • *****
  • Posts: 8734
  • Still using Abacus 2.0
    • DednDave
Re: trojan in masm32v11
« Reply #5 on: January 08, 2013, 05:04:06 AM »
i can assure you that those files are safe
PoLib is the library manager from Pelle's C compiler package

http://www.smorgasbordet.com/pellesc/

Pelle could care less what your start page is - lol

DlgMake was written by Hutch
i doubt there's any trojan in there   :P

however, you don't need either of these files to build programs

Vortex

  • Member
  • *****
  • Posts: 1704
Re: trojan in masm32v11
« Reply #6 on: January 08, 2013, 05:05:33 AM »
Hi jayanthd,

Seriously, you have to make some efforts to understand the situation. The Forum members are telling you that the Masm32 package does not contain malware. What you have to do :

a) Be sure that you are using a safe computer with no virus
b) If your computer cannot provide a safe environment, install the Masm32 package on another computer ( "clean machine" ) and use another AV product.

dedndave

  • Member
  • *****
  • Posts: 8734
  • Still using Abacus 2.0
    • DednDave
Re: trojan in masm32v11
« Reply #7 on: January 08, 2013, 05:08:25 AM »
Erol has a point
it is possible that these files may have been infected, post-installation

for DlgMake, i have a size of 31,244 bytes
for PoLib, i have a size of 79,872 bytes

i just executed both, and i am still here  :eusa_dance:

jj2007

  • Member
  • *****
  • Posts: 7558
  • Assembler is fun ;-)
    • MasmBasic
Re: trojan in masm32v11
« Reply #8 on: January 08, 2013, 05:48:03 AM »
Certain AV companies have crappy heuristic scanners which shout foul when they don't understand the code. They are called "false positives", and they are a reason to move the AV directly into the recycle bin where they belong.

If you don't trust us, upload the "evil" files to virusscan.jotti.org/ and see what serious AV products have to say about them. Click here to see the scan for dlgmake.exe - and, holy cow, six crappy AV products found out that dlgmake.exe is packed. PACKED! Can you imagine? Call the police, immediately 8)

Vortex

  • Member
  • *****
  • Posts: 1704
Re: trojan in masm32v11
« Reply #9 on: January 08, 2013, 06:10:14 AM »
Hi jayanthd,

Jochen is 100% right. Jotti's engine is a good example. Some AV companies cannot interpret correctly the internals of Windows executables.

Gunther

  • Member
  • *****
  • Posts: 3515
  • Forgive your enemies, but never forget their names
Re: trojan in masm32v11
« Reply #10 on: January 08, 2013, 06:17:08 AM »
Hi  jayanthd,

you can trust Vortex and Jochen. Your files are not infected, if you've downloaded the package from a serious source.

Gunther
Get your facts first, and then you can distort them.

jayanthd

  • Guest
Re: trojan in masm32v11
« Reply #11 on: January 08, 2013, 03:28:36 PM »
OK. Thankyou people. The file sizes are the same as mentioned by dedndave. I again asked the AVG people to confirm and they said it is a false positive and they have updated the antivirus.

jj2007

  • Member
  • *****
  • Posts: 7558
  • Assembler is fun ;-)
    • MasmBasic
Re: trojan in masm32v11
« Reply #12 on: January 08, 2013, 05:27:47 PM »
Great :t
So now we are waiting for more serious problems - code that crashes mysteriously etc etc  :biggrin:

japheth

  • Guest
Re: trojan in masm32v11
« Reply #13 on: January 08, 2013, 06:36:10 PM »
So now we are waiting for more serious problems

False positives ARE a serious problem - more serious than crashes, which usually can be fixed easily.

On my site, I had to password-protect a file because on virustotal.com 60% of the scanners flagged it as malware. The problem is: encryption and password protection are not just cumbersome, but not even a solution at all if your binaries are to be redistributable.



jj2007

  • Member
  • *****
  • Posts: 7558
  • Assembler is fun ;-)
    • MasmBasic
Re: trojan in masm32v11
« Reply #14 on: January 08, 2013, 08:24:38 PM »
So now we are waiting for more serious problems

False positives ARE a serious problem - more serious than crashes, which usually can be fixed easily.

It's not a serious problem for the OP, but otherwise I fully agree. It damages the business of small software developers (those without a legal department), because it's very easy to destroy a reputation but difficult to force these AV s**tware developers to apologise in public.