Jump to content

ProxHTTPSProxy and HTTPSProxy in Windows XP for future use


AstroSkipper

Recommended Posts

31 minutes ago, Dave-H said:

No ideas to offer I'm afraid, this is not something that I have any knowledge about, but FWIW none of the versions of your programs I've used triggered any warnings for me.
I'm using Malwarebytes premium, which has real-time scanning.
:)

Thanks for your observation! It's all a bit strange. You said Malwarebytes premium didn't trigger any warnings for you, but the Malwarebytes online scanner on VirusTotal does! :dubbio: Check, for example, the file StartProxy.exe, and you'll see what I mean! :whistle:

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites


1 hour ago, AstroSkipper said:
4 hours ago, AstroSkipper said:

Just a short feedback! I tried different compilers, but with moderate success. Some of my compiled program files are repeatedly classified as malware by various AV scanners, although they are absolutely clean, of course. I tried several variations of my programs' source codes. I am a little perplexed at the moment. question.gif Presumably, these false positives are caused by the misuse of these compilers by script kiddies or other hobby hackers. :dubbio:Actually, I would like to reduce these false positives from the established AV scanners. Any advice or tip is welcome! :yes:

Cheers, AstroSkipper virus01.gif

Expand  

I forgot to mention that I referred to compilers which convert batch files to executables. jaioublie.gif I believe that the real problem lies in code snippets that are often used by script kiddies or hobby hackers. If this code appears in clean programs, then some AV scanners generate these false positives. :dubbio:Any further ideas? idee.gif

And, after some tests using different compilers, it also seems to depend on the compiler itself. Converted files by a frequently used compiler trigger more false positives than those by a less used one. idee.gifThat was kind of to be expected and makes sense! :yes:

Edited by AstroSkipper
addition
Link to comment
Share on other sites

As a test, I extracted your files to a temporary folder, and scanned the folder with Malwarebytes.
As you can see, it was suspicious about closelanset.exe.

Clipboard-1.thumb.png.d000bc2d73961f9bc9d47f0c2a253310.png

Quite why it would be suspicious of that I'm not sure, but I guess it considers opening Windows Control Panel applets to be suspicious behaviour, which is perhaps fair enough!
Why it didn't also flag openlanset.exe is a mystery though if that's the case!

Stranger still, if I scan the folder containing the actually working versions of the files, it finds absolutely nothing wrong at all, even when I then scan just the closelanset.exe file!
:dubbio:

Link to comment
Share on other sites

4 hours ago, Dave-H said:

As a test, I extracted your files to a temporary folder, and scanned the folder with Malwarebytes.
As you can see, it was suspicious about closelanset.exe.

Clipboard-1.thumb.png.d000bc2d73961f9bc9d47f0c2a253310.png

Quite why it would be suspicious of that I'm not sure, but I guess it considers opening Windows Control Panel applets to be suspicious behaviour, which is perhaps fair enough!
Why it didn't also flag openlanset.exe is a mystery though if that's the case!

Stranger still, if I scan the folder containing the actually working versions of the files, it finds absolutely nothing wrong at all, even when I then scanned just the closelanset.exe file!
:dubbio:

Thanks again for your tests and observations! Now you may understand what I mean. It's very strange and gets stranger if I modify code or use another compiler. A little change of a code snippet, and my Avast doesn't trigger a warning, and so on. I hate that! :realmad: Please, try to scan StartProxy.exe, Confgure PopMenu.exe and SetupMin2Tray.exe on VirusTotal! What do you think about the results? :dubbio:

Edited by AstroSkipper
correction
Link to comment
Share on other sites

41 minutes ago, Dave-H said:

This is what I'm seeing.
I assume you meant configure popmenu.exe, not configure proxy.exe, which doesn't seem to exist.

StartProxy.thumb.png.c3805c4676488de3483dd863e8c829d0.png

ConfigurePopmenu.thumb.png.4875f45c433df2d7fb2f7778e12920d5.png

SetupMin2Tray.thumb.png.d5e2237eda0651ae43b56f04994fdf95.png

:)

Sorry, you're righr! Confgure PopMenu.exe, of course! Too much proxy in my head! :crazy: I already know these results, and that wasn't the problem, either. :whistle: I am interested in your opinion about these results. :dubbio:

Edited by AstroSkipper
Update of content
Link to comment
Share on other sites

I wish I knew, I've never used VirusTotal before, but I guess they somehow run the file past many different scanners which they might be scanned by if they're downloaded and executed.
There are obviously only a minority of scanners there which show a negative result, and I wonder just how many files are deemed to be completely clean!
It could be a fundamental problem with batch files being called by the executables, I would guess that batch files are perhaps considered to be intrinsically vulnerable, but I'm only guessing here.
What you can do about it, well I'm afraid I have no idea, this is outside my knowledge I'm afraid,
:(
 

Link to comment
Share on other sites

1 minute ago, Dave-H said:

I wish I knew, I've never used VirusTotal before, but I guess they somehow run the file past many different scanners which they might be scanned by if they're downloaded and executed.
There are obviously only a minority of scanners there which show a negative result, and I wonder just how many files are deemed to be completely clean!
It could be a fundamental problem with batch files being called by the executables, I would guess that batch files are perhaps considered to be intrinsically vulnerable, but I'm only guessing here.
What you can do about it, well I'm afraid I have no idea, this is outside my knowledge I'm afraid,
:(
 

Ok, thanks for your opinion! I'll try to reduce these false positives as much as I can. Important for me are only established, well-known AV scanners, the big players in this business. :yes:

Link to comment
Share on other sites

As I said earlier, the thing which some scanners might think is suspicious behaviour is the opening and closing of the IE Proxy Settings function.
If you left that out temporarily, if that's possible, it would be interesting to see if you got a different result.
:dubbio:

Link to comment
Share on other sites

3 minutes ago, Dave-H said:

As I said earlier, the thing which some scanners might think is suspicious behaviour is the opening and closing of the IE Proxy Settings function.
If you left that out temporarily, if that's possible, it would be interesting to see if you got a different result.
:dubbio:

A few code changes, and the results are different! Unfortunately, opening and closing of the IE Proxy Settings easily is a wanted function. If I left it out, these two programs would be senseless. :)

Link to comment
Share on other sites

9 minutes ago, Dave-H said:

Certainly OpenLANSet.exe and CloseLANSet.exe aren't much liked by the scanners!
:)

Using a different compiler I could reduce the false positives of OpenLANSet.exe from 19 to 15. No false positives from Avast and Malwarebytes anymore!  :)

Edited by AstroSkipper
addition
Link to comment
Share on other sites

43 minutes ago, AstroSkipper said:

Using a different compiler I could reduce the false positives of OpenLANSet.exe from 19 to 15. No false positives from Avast and Malwarebytes anymore!  :)

Interesting. So, there's still hope. I thought it was a dead end.

Edited by mina7601
Link to comment
Share on other sites

11 hours ago, Dave-H said:

It could be a fundamental problem with batch files being called by the executables, I would guess that batch files are perhaps considered to be intrinsically vulnerable, but I'm only guessing here.

I totally agree! All files self-compiled from batch sources are considered to be intrinsically vulnerable by AV scanners. :yes:

11 hours ago, Dave-H said:

Certainly OpenLANSet.exe and CloseLANSet.exe aren't much liked by the scanners!
:)

Of course! But these files aren't more or less liked by AV scanners than my other ones. :no:

10 hours ago, mina7601 said:

Interesting. So, there's still hope. I thought it was a dead end.

Hope dies last! :rolleyes:
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...