Good morning
"Non voglio prendere nessuno per i fondell"
Here are the source codes.
I do not understand why it does not work
Greetings
P.S. I do not understand why the previous post is blocked
DO NOT RUN THIS FILE IF YOU DOWNLOAD IT. 15 out of 18 tests on Jotti say it contains a virus.
The exe you posted earlier has viruses. There is no doubt about that.
So either you are playing a foul game here (but don't underestimate the Carabinieri!), or you have a virus that attaches itself to the executables that you produce.
I believe that it is the second case, but you will have to explain some things to the forum members who downloaded your stuff. Those who opened your exe may have lost data, or, if it is ransomeware, will receive a nice request one of these days.
I attach an archive with the exe as rebuilt on my PC, and the original exe renamed to *.exv (guess what the "v" stands for?).
Most likely the author's computer is infected and the new compiled project works fine :biggrin: Considering how many tools on the desktop, its not surprising.
Check your computer for viruses, these utilities work without installation
Dr.Web CureIt! http://download.geo.drweb.com/pub/drweb/cureit/cureit.exe
Kaspersky Virus Removal Tool http://devbuilds.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe
MALWAREBYTES ADWCLEANER https://download.toolslib.net/download/file/1/1345?s=d8iizDQC32J4nJsdy8P6gfdMlyAAIgs5
Wow, that was pretty nasty. But where does this code come from, the op made this prog?
Can a virus get attached like when built?
:icon13:
This is the second posted example.
Jotti test. Dangerous executable, multiple virus positives.
Lavasoft Ad-Aware 25 Dec 2017 Win32.Virtob.Gen.12 Avast! Antivirus 28 Dec 2017 Win32:Vitro AVG 28 Dec 2017 Win32/Virut BitDefender Antivirus 28 Dec 2017 Win32.Virtob.Gen.12 ClamAV 28 Dec 2017 Found nothing Dr. Web 28 Dec 2017 Win32.Virut.56 MicroWorld eScan 28 Dec 2017 Found nothing ESET 28 Dec 2017 Win32/Virut.NBP Fortinet 27 Dec 2017 W32/Virut.CE F-PROT Antivirus 28 Dec 2017 W32/Virut.AI!Generic F-Secure Anti-Virus 28 Dec 2017 Win32.Virtob.Gen.12 G DATA 28 Dec 2017 Win32.Virtob.Gen.12 Ikarus 28 Dec 2017 Virus.Win32.Virut K7 AV 28 Dec 2017 Found nothing Kaspersky Anti-Virus 28 Dec 2017 Virus.Win32.Virut.ce Sophos 28 Dec 2017 W32/Scribble-B Trend Micro Antivirus 27 Dec 2017 PE_VIRUX.J VBA32 28 Dec 2017 Virus.Virut.02
> P.S. I do not understand why the previous post is blocked
This is why.
Pay attention to the first post http://masm32.com/board/index.php?topic=6767.msg72396#msg72396 (http://masm32.com/board/index.php?topic=6767.msg72396#msg72396) , that file is also infected :(
The files in the ProgressTimer171215.zip once extracted all appear clean when checked with jotti and virustotal - just the initial ProgressTimer171215.zip file triggers. Not sure why or what is infected. The file alternate data stream for the zip or something extra in the zip file? I deleted the zip just in case and ran a virus scan as well just to be sure.
I'm not looked to this program, but by my experience I could say, that for world clock is need to use timezones database (that time to time changing), as example exist TZL (TimeZone Library), that itself looks like hash-code - and so on ...
jj2007
I looked at my PC and I did not find anything.
Next time I send only the sources.
I apologize if I have caused damage to anyone.
Or tell me not to post anything.
Excuse me again, guys
There is no good that does not come from bad. Because of this I have discovered that Kaspersky has a free antivirus and it seems that it is going well and does not consume many resources. :t
Quote from: PushPop on December 29, 2017, 03:41:05 AMNext time I send only the sources.
..
Excuse me again, guys
S**t happens. But check your PC thoroughly, there is definitely a virus or trojan that infiltrates your executables. It might even be your assembler or linker - try if you get the same results with a freshly downloaded UAsm and polink, for example.
To understand it better, open the two exes I posted above in Olly (http://www.ollydbg.de/version2.html) and step through them with F7 (not with F8, not with F9!). You will soon see the difference:
a) good exe:
Address Hex dump Command Comments
<ModuleEnt Ú$ 6A 00 push 0 ; ÚWindowName = NULL
0040102B ³. 68 00404000 push offset 00404000 ; ³ClassName = "MainWinClock1"
00401030 ³. E8 E30F0000 call <jmp.&user32.FindWindowA> ; ÀUSER32.FindWindowA
00401035 ³. 85C0 test eax, eax
00401037 ³. 74 1E jz short 00401057
00401039 ³. 68 E8030000 push 3E8 ; ÚArg6 = 3E8
0040103E ³. 6A 00 push 0 ; ³Arg5 = 0
00401040 ³. 6A 30 push 30 ; ³Arg4 = 30
00401042 ³. 6A 00 push 0 ; ³Arg3 = 0
00401044 ³. 68 B0414000 push offset 004041B0 ; ³Arg2 = ASCII "Programm Running"
00401049 ³. 6A 00 push 0 ; ³Arg1 = 0
0040104B ³. E8 CE0F0000 call <jmp.&user32.MessageBoxTimeoutA ; Àuser32.MessageBoxTimeoutA
00401050 ³. 6A 00 push 0 ; ÚExitCode = 0
00401052 ³. E8 A5100000 call <jmp.&kernel32.ExitProcess> ; ÀKERNEL32.ExitProcess
00401057 ³> 6A 00 push 0 ; ÚModuleName = NULL
00401059 ³. E8 A4100000 call <jmp.&kernel32.GetModuleHandleA ; ÀKERNEL32.GetModuleHandleA
0040105E ³. A3 E44B4000 mov [404BE4], eax
00401063 ³. E8 A0100000 call <jmp.&kernel32.GetCommandLineA> ; [KERNEL32.GetCommandLineA
b) your exe:
Address Hex dump Command Comments
<ModuleEnt Ú$ 83C4 E0 add esp, -20
0040BEAE ³. E8 B1000000 call 0040BF64
0040BEB3 ³. 0FC16C24 24 xadd [esp+24], ebp
...
0040BF64 Ú$ À60 pushad
0040BF65 ³. FF7424 44 push dword ptr [esp+44]
0040BF69 ³. BD 7651FFFF mov ebp, FFFF5176
0040BF6E À. FF6424 24 jmp near [esp+24]
0040BF72 . 6C 30 72 32 00 ascii "l0r2",0 ; ASCII "l0r2"
0040BF77 . E9 FDFEFFFF jmp 0040BE79
...
0040BEB3 ³. 0FC16C24 24 xadd [esp+24], ebp
0040BEB8 ³. 8B1C24 mov ebx, [esp]
0040BEBB ³. 66:81E3 0083 and bx, 8300
0040BEC0 À. E9 D6B3FFFF jmp 0040729B
0040BEC5 Ú> 8F46 14 pop dword ptr [esi+14]
0040BEC8 ³. 2146 1C and [esi+1C], eax
0040BECB ³. 8D8D BF000000 lea ecx, [ebp+0BF]
0040BED1 À. EB 6D jmp short 0040BF40
See the difference? Besides, your exe has 36864 bytes, the one built on my PC with the same source has only 17408. Guess what the extra code does...