Go Back   Northcode Support > SWF Studio V3
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
Old 2009-07-01, 03:00 AM   #1
kardt
Registered User
 
Join Date: Jun 2009
Posts: 16
Antivirus software vs SWF Studio 3.7

Hi guys,

I discovered that every executable made by SWF Studio 3.7 has problems with two A/V products - DrWeb and Sunbelt. (http://www.virustotal.com)

DrWeb 5.0.0.12182 2009.07.01 BACKDOOR.Trojan
Sunbelt 3.2.1858.2 2009.07.01 Trojan-Dropper.Win32.VB.Botmap!cobra (v)

If your software should be provided to any user, compatability issues take place.
Concerning DrWeb, I've submitted file with description (http://vms.drweb.com/sendvirus/), so they should update their bases and we just need to wait their turn around.

However Sunbelt does not provide easy service to upload a false detected file if you're not a client. Only forum available. And I don't even know what's the name of their a/v product. May be someone in northcode interested in solving this problem?

Thank you!
kardt is offline   Reply With Quote
Old 2009-07-01, 04:06 AM   #2
mr-g
Registered User
 
Join Date: Jun 2003
Posts: 21
additional warnings

Hi mates

I've had a similar false warning from messagelabs.com when sending a zipped exe to a client for testing

and they have been notified that they have sent a potential virus.
The message title was RE:
The message date was Tue, 30 Jun 2009 10:02:17 +0100
The virus or unauthorised code identified in the email is
>>> Possible MalWare 'W32/HackedPacker-MoleBox-v2.x-0611-8cf4' found in '5931323_7X_AZ-D_PA6__HWI=5Fsrv5.exe'. Heuristics score: 690
>>> Possible MalWare 'W32/Generic' found in '5931323_19X_AK_PA7__HWI=3d5Fsrv5.exe'. Heuristics score: 488

a friend of mine has reported that comodo is reporting a similar threat.. more info to follow
mr-g is offline   Reply With Quote
Old 2010-06-18, 04:55 AM   #3
preludator
Registered User
 
Join Date: Feb 2004
Location: Stuttgart
Posts: 18
Problems with Comodo & SWF Studio 3.8

Hi,

with all my Standalone Exe´s created with SWF Studio 3.8 I still get a Comodo Virus Warning:

Heur.Pck.MoleBox@-1

I know that this is a false positive, but has it already been reported to Comodo? Seems like a very old thread so I guess not.

The problem is, that many Win7 users have comodo installed since it is the only free security suite available. ( At least that I know of )

What can be done to fix this issue?

Greetings,
Sascha
preludator is offline   Reply With Quote
Old 2010-06-18, 09:24 AM   #4
northcode
Tim
 
northcode's Avatar
 
Join Date: May 2001
Location: Ottawa
Posts: 12,052
We're going to start contacting all the antivirus software makers we can find and supplying them with samples of our EXE files for their tests. We've been hoping that they'll do their jobs and improve their heuristic scanners but I honestly don't believe they have any incentive to do this. They look good when the find viruses, regardless of whether they're actually viruses or not. We'lll definitely use batch scanners like virustotal.com to find out who we need to start talking to, but if you know of any other AV software that isn't "SWF Studio friendly" we'd love to hear from you.
northcode is offline   Reply With Quote
Old 2010-06-29, 02:36 AM   #5
sforce
Registered User
 
Join Date: Dec 2009
Posts: 8
Hi!

I ran into the same problems yesterday with Antivir. It blocks all 3.8 built EXEs.

Scaringly virustotal.com says that 11 out of 41 scanners report my EXEs to be trojans. This is not good :-(

I've attached the report pdf...
Attached Files
File Type: pdf VirusTotal - Kostenloser on..2.pdf (129.3 KB, 93 views)
sforce is offline   Reply With Quote
Old 2010-06-29, 09:33 PM   #6
northcode
Tim
 
northcode's Avatar
 
Join Date: May 2001
Location: Ottawa
Posts: 12,052
They all report it as a "generic" trojan, which means they think it's a virus because it uses the same packing technique as some viruses they've seen, but they don't really know. That's why it gets a "score". They're guessing it's a virus, just to be safe. As I mentioned before, we go through this every time a new version is released, until the A/V software vendors update their databases. We're taking steps to avoid this in the future by contacting them directly before we release a new version. I'm not sure how successful we'll be in getting them to listen, but we're going to try.
northcode is offline   Reply With Quote
Old 2010-07-01, 09:48 AM   #7
sforce
Registered User
 
Join Date: Dec 2009
Posts: 8
Quote:
Originally Posted by northcode View Post
I'm not sure how successful we'll be in getting them to listen, but we're going to try.
I guess you'll not be very successful with this, because these efforts will cost them some money ;-)

And by the way I can totally understand that this is not your fault after reading some topics about this... so I am looking forward for their database updates!
sforce is offline   Reply With Quote
Old 2010-07-01, 01:04 PM   #8
northcode
Tim
 
northcode's Avatar
 
Join Date: May 2001
Location: Ottawa
Posts: 12,052
Quote:
I guess you'll not be very successful with this, because these efforts will cost them some money ;-)
You're right about that, it's cheap to do things the easy way. They also don't have a lot of motivation to report fewer warnings, their users feel safer if they generate more warnings about viruses, even if they aren't real. It's like security at the airport. It's a big show, but it really doesn't make you any safer.
northcode is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes