Mal/Behav-016
BlitzMax Forums/MaxGUI Module/Mal/Behav-016
| ||
My friend who is using Sophos anti-virus tried to download a zip containing an exe I made using MaxGUI but the anti-virus blocked it saying it was "virus/spyware Mal/Behav-016" I found some more info about this from http://www.sophos.com/security/analyses/viruses-and-spyware/malbehav016.html I was just wondering if anybody else had a problem similar to this and what I can do to stop my program being flagged up as the spawn of Satan. |
| ||
What anti virus protection do you have? You have considered the possibility your machine itself may be infected and the cause? Trend Micro groups 016 with the following: WORM_AGOBOT.HJ Aliases: W32/Polybot.gen!irc (McAfee), W32.Gaobot.gen!poly (Symantec), BDS/AGOBOT.241664 (Avira), Mal/Behav-016 (Sophos), This memory-resident worm exploits certain vulnerabilities to propagate across networks. Like the earlier AGOBOT variants, it takes advantage of the following Windows vulnerabilities: ... |
| ||
and what I can do to stop my program being flagged up as the spawn of Satan. Find out what anti-virus program he's using, and submit a bugreport to its creators reporting a false positive. |
| ||
I have Avast anti-virus. Here is the file if anybody wants to try it. I literally just compiled the exe, put it in zip and put online for him/her to download.. http://uploading.com/files/dc5ca34m/Resource_Allocator.zip/ |
| ||
This has happened to me plenty. If you used BLide, turn the exe compression off. That's what caused it for me. |
| ||
My exe was using BLide exe compression. I will try it with it disabled and see what happens. |
| ||
Blide's exe compression is using UPX, and UPX can definitely trigger some false positives since quite a few virusses out there also use it to reduce their filesize... UPX replaces the actual exe header with its own loader / decompression stub which then runs the actual compressed exe -- but from a virus scanners point of view, it really does look very similar to a bunch of real virusses. |