AstroSkipper Posted August 14, 2022 Author Share Posted August 14, 2022 (edited) 31 minutes ago, Dave-H said: No ideas to offer I'm afraid, this is not something that I have any knowledge about, but FWIW none of the versions of your programs I've used triggered any warnings for me. I'm using Malwarebytes premium, which has real-time scanning. Thanks for your observation! It's all a bit strange. You said Malwarebytes premium didn't trigger any warnings for you, but the Malwarebytes online scanner on VirusTotal does! Check, for example, the file StartProxy.exe, and you'll see what I mean! Edited August 14, 2022 by AstroSkipper Update of content 1 Link to comment Share on other sites More sharing options...
AstroSkipper Posted August 14, 2022 Author Share Posted August 14, 2022 (edited) 1 hour ago, AstroSkipper said: 4 hours ago, AstroSkipper said: Just a short feedback! I tried different compilers, but with moderate success. Some of my compiled program files are repeatedly classified as malware by various AV scanners, although they are absolutely clean, of course. I tried several variations of my programs' source codes. I am a little perplexed at the moment. Presumably, these false positives are caused by the misuse of these compilers by script kiddies or other hobby hackers. Actually, I would like to reduce these false positives from the established AV scanners. Any advice or tip is welcome! Cheers, AstroSkipper Expand I forgot to mention that I referred to compilers which convert batch files to executables. I believe that the real problem lies in code snippets that are often used by script kiddies or hobby hackers. If this code appears in clean programs, then some AV scanners generate these false positives. Any further ideas? And, after some tests using different compilers, it also seems to depend on the compiler itself. Converted files by a frequently used compiler trigger more false positives than those by a less used one. That was kind of to be expected and makes sense! Edited August 14, 2022 by AstroSkipper addition 1 Link to comment Share on other sites More sharing options...
Dave-H Posted August 14, 2022 Share Posted August 14, 2022 As a test, I extracted your files to a temporary folder, and scanned the folder with Malwarebytes. As you can see, it was suspicious about closelanset.exe. Quite why it would be suspicious of that I'm not sure, but I guess it considers opening Windows Control Panel applets to be suspicious behaviour, which is perhaps fair enough! Why it didn't also flag openlanset.exe is a mystery though if that's the case! Stranger still, if I scan the folder containing the actually working versions of the files, it finds absolutely nothing wrong at all, even when I then scan just the closelanset.exe file! 1 Link to comment Share on other sites More sharing options...
AstroSkipper Posted August 14, 2022 Author Share Posted August 14, 2022 (edited) 4 hours ago, Dave-H said: As a test, I extracted your files to a temporary folder, and scanned the folder with Malwarebytes. As you can see, it was suspicious about closelanset.exe. Quite why it would be suspicious of that I'm not sure, but I guess it considers opening Windows Control Panel applets to be suspicious behaviour, which is perhaps fair enough! Why it didn't also flag openlanset.exe is a mystery though if that's the case! Stranger still, if I scan the folder containing the actually working versions of the files, it finds absolutely nothing wrong at all, even when I then scanned just the closelanset.exe file! Thanks again for your tests and observations! Now you may understand what I mean. It's very strange and gets stranger if I modify code or use another compiler. A little change of a code snippet, and my Avast doesn't trigger a warning, and so on. I hate that! Please, try to scan StartProxy.exe, Confgure PopMenu.exe and SetupMin2Tray.exe on VirusTotal! What do you think about the results? Edited August 14, 2022 by AstroSkipper correction 1 Link to comment Share on other sites More sharing options...
Dave-H Posted August 14, 2022 Share Posted August 14, 2022 This is what I'm seeing. I assume you meant configure popmenu.exe, not configure proxy.exe, which doesn't seem to exist. Link to comment Share on other sites More sharing options...
AstroSkipper Posted August 14, 2022 Author Share Posted August 14, 2022 (edited) 41 minutes ago, Dave-H said: This is what I'm seeing. I assume you meant configure popmenu.exe, not configure proxy.exe, which doesn't seem to exist. Sorry, you're righr! Confgure PopMenu.exe, of course! Too much proxy in my head! I already know these results, and that wasn't the problem, either. I am interested in your opinion about these results. Edited August 14, 2022 by AstroSkipper Update of content 1 Link to comment Share on other sites More sharing options...
Dave-H Posted August 14, 2022 Share Posted August 14, 2022 I wish I knew, I've never used VirusTotal before, but I guess they somehow run the file past many different scanners which they might be scanned by if they're downloaded and executed. There are obviously only a minority of scanners there which show a negative result, and I wonder just how many files are deemed to be completely clean! It could be a fundamental problem with batch files being called by the executables, I would guess that batch files are perhaps considered to be intrinsically vulnerable, but I'm only guessing here. What you can do about it, well I'm afraid I have no idea, this is outside my knowledge I'm afraid, Link to comment Share on other sites More sharing options...
AstroSkipper Posted August 14, 2022 Author Share Posted August 14, 2022 1 minute ago, Dave-H said: I wish I knew, I've never used VirusTotal before, but I guess they somehow run the file past many different scanners which they might be scanned by if they're downloaded and executed. There are obviously only a minority of scanners there which show a negative result, and I wonder just how many files are deemed to be completely clean! It could be a fundamental problem with batch files being called by the executables, I would guess that batch files are perhaps considered to be intrinsically vulnerable, but I'm only guessing here. What you can do about it, well I'm afraid I have no idea, this is outside my knowledge I'm afraid, Ok, thanks for your opinion! I'll try to reduce these false positives as much as I can. Important for me are only established, well-known AV scanners, the big players in this business. 2 Link to comment Share on other sites More sharing options...
Dave-H Posted August 14, 2022 Share Posted August 14, 2022 As I said earlier, the thing which some scanners might think is suspicious behaviour is the opening and closing of the IE Proxy Settings function. If you left that out temporarily, if that's possible, it would be interesting to see if you got a different result. Link to comment Share on other sites More sharing options...
AstroSkipper Posted August 14, 2022 Author Share Posted August 14, 2022 3 minutes ago, Dave-H said: As I said earlier, the thing which some scanners might think is suspicious behaviour is the opening and closing of the IE Proxy Settings function. If you left that out temporarily, if that's possible, it would be interesting to see if you got a different result. A few code changes, and the results are different! Unfortunately, opening and closing of the IE Proxy Settings easily is a wanted function. If I left it out, these two programs would be senseless. 1 Link to comment Share on other sites More sharing options...
Dave-H Posted August 14, 2022 Share Posted August 14, 2022 Certainly OpenLANSet.exe and CloseLANSet.exe aren't much liked by the scanners! Link to comment Share on other sites More sharing options...
AstroSkipper Posted August 14, 2022 Author Share Posted August 14, 2022 (edited) 9 minutes ago, Dave-H said: Certainly OpenLANSet.exe and CloseLANSet.exe aren't much liked by the scanners! Using a different compiler I could reduce the false positives of OpenLANSet.exe from 19 to 15. No false positives from Avast and Malwarebytes anymore! Edited August 14, 2022 by AstroSkipper addition 1 Link to comment Share on other sites More sharing options...
mina7601 Posted August 14, 2022 Share Posted August 14, 2022 (edited) 43 minutes ago, AstroSkipper said: Using a different compiler I could reduce the false positives of OpenLANSet.exe from 19 to 15. No false positives from Avast and Malwarebytes anymore! Interesting. So, there's still hope. I thought it was a dead end. Edited August 14, 2022 by mina7601 Link to comment Share on other sites More sharing options...
AstroSkipper Posted August 15, 2022 Author Share Posted August 15, 2022 11 hours ago, Dave-H said: It could be a fundamental problem with batch files being called by the executables, I would guess that batch files are perhaps considered to be intrinsically vulnerable, but I'm only guessing here. I totally agree! All files self-compiled from batch sources are considered to be intrinsically vulnerable by AV scanners. 11 hours ago, Dave-H said: Certainly OpenLANSet.exe and CloseLANSet.exe aren't much liked by the scanners! Of course! But these files aren't more or less liked by AV scanners than my other ones. 10 hours ago, mina7601 said: Interesting. So, there's still hope. I thought it was a dead end. Hope dies last! 1 Link to comment Share on other sites More sharing options...
George King Posted August 15, 2022 Share Posted August 15, 2022 @AstroSkipper Do you still use CMDOW in your script? That's flagged as virus from it's beginning. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now