Hi, I just wanted to let you know that I received this message the when I was scanning my computer for viruses:
jfbuild_20051009.zip: HEUR/Crypted
I downloaded the file from this site (locally).
Maren at
Re: Latest build app contains virus
DN3DF said at
Hi, I just wanted to let you know that I received this message the when I was scanning my computer for viruses:
jfbuild_20051009.zip: HEUR/Crypted
I downloaded the file from this site (locally).
build.exe, game.exe and fmod.dll were compressed with UPX, and many useless AV's like yours, which can't perform a decent heuristic analysis, will irresponsibly assume that any compressed file is infected regardless of the origin.
DN3DF at
What AV do you believe I am using?
Maren at
No idea, but it doesn't happen with NOD32.
DN3DF at
Yeah, it doesn't happen with a lot of other AV programs either. Except for Avira. The rest of my acrhives came out clean.
Because NOD32 doesn't detect it makes Avira a useless AV? Many would disagree with you.
Maren at
DN3DF said at
Yeah, it doesn't happen with a lot of other AV programs either. Except for Avira. The rest of my acrhives came out clean.
Because NOD32 doesn't detect it makes Avira a useless AV? Many would disagree with you.
No antivirus is perfect, but throwing false positives on compressed files is considered a sign of cheapness these days.
You don't have to take my word for it though, try the VB100
NOD32 = Succeeded 53 times and failed 3 in 10 years. Avira = Succeeded 15 times and failed 3 in 3 years.
DN3DF at
A direct link would of been nice. I'll go with this instead.
NOD32 has a slight edge over Avira when it comes to having no fp's. Not bad for Avira, considering they offer a free version.
So, if you don't mind. I'd rather hear from Jonathon on this matter.
Maren at
DN3DF said at
A direct link would of been nice
NOD32 Avira
JustAnotherBuildFan at
Holy cramoley! Its a FP... these things happen. ::)
Both are fine products (although I don't happen to use either). :-X I'd suggest getting over it and moving on... ;D
DN3DF at
Maren said at
NOD32 Avira
Now give me your login so I can see the results.
JABF said at
Both are fine products (although I don't happen to use either). :-X
Indeed.
JABF said at
I'd suggest getting over it and moving on... ;D
If it were only that simple. A considerate choice of words from Maren would of been suffice. Saying my AV is "useless" is quite offensive.
JustAnotherBuildFan at
Actually, I was just out for a walk and thinking about this further... The best thing to do would be to submit samples of the suspect files to your AV vendor, most if not all vendors will provide specific details on how to send them samples/submissions for their detailed analysis (which you will not personally get back from them in a letter or anything).
If it is indeed infected then you will feel rewarded for helping to ensure that the threat is identified in the wild. If it is indeed a False Positive then you may feel rewarded knowing that you have helped your vendor create a better product when they roll out a patch in the coming days that will help prevent further FP's. Whenever I suspect a file(s), I generally submit it/them to several AV vendors (even the ones that I do not use). Its a win-win situation this way and you'll have warm fuzzy feelings inside knowing that you've helped out for the greater good in your own little way. :D
I think its time for a group hug now... Come on... don't be shy now. hehehehe
Edited by JABF at
Maren at
DN3DF said at
Maren said at
NOD32 Avira
Now give me your login so I can see the results
Not going to happen.
DN3DF at
Maren said at
Not going to happen.
It's funny how you've referenced a site in an attempt to prove your claims, which requires registration to view the documents . I'll never forget that.
JABF said at
Actually, I was just out for a walk and thinking about this further... The best thing to do would be to submit samples of the suspect files to your AV vendor, most if not all vendors will provide specific details on how to send them samples/submissions for their detailed analysis (which you will not personally get back from them in a letter or anything).
If it is indeed infected then you will feel rewarded for helping to ensure that the threat is identified in the wild. If it is indeed a False Positive then you may feel rewarded knowing that you have helped your vendor create a better product when they roll out a patch in the coming days that will help prevent further FP's. Whenever I suspect a file(s), I generally submit it/them to several AV vendors (even the ones that I do not use). Its a win-win situation this way and you'll have warm fuzzy feelings inside knowing that you've helped out for the greater good in your own little way. :D
That's a good idea. Thanks for the tip!
Edited by DN3DF at
JonoF at
DN3DF said at
So, if you don't mind. I'd rather hear from Jonathon on this matter.
Well, the checksum of the ZIP in question is the same as it's always been, and there's never been a virus in that package, so it's a false positive.
Jonathon
ProAsm at
DN3DF said at
Hi, I just wanted to let you know that I received this message the when I was scanning my computer for viruses:
jfbuild_20051009.zip: HEUR/Crypted
I downloaded the file from this site (locally).
The date of the file tells it all. If that had a virus, this forum and JF's email would have been chockerblock with complaints by now :)