Vaz 2010 v2.10 trojan?
-
- KVRist
- Topic Starter
- 289 posts since 25 Aug, 2002 from Leeds
Hi,
My BT NetProtect Plus (McAfee) seems to think the latest Vaz 2010 installer contains a trojan called 'Artemis!824F3E929C66'? Is anybody else having issues?
My BT NetProtect Plus (McAfee) seems to think the latest Vaz 2010 installer contains a trojan called 'Artemis!824F3E929C66'? Is anybody else having issues?
-
ThoughtExperiment ThoughtExperiment https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=7790
- KVRian
- 743 posts since 26 Jun, 2003 from UK
Same here, with the latest full version of VAZ2010 exe file (detected in my case by BitDefender). Going back to the beta version(v210b4) for now, which seemed to be OK and for which, luckily, I hadn't yet got around to deleting the installer.
Any news/views on this, MadGav? Could it be a false positive if three different AV checkers picked up on it?
Any news/views on this, MadGav? Could it be a false positive if three different AV checkers picked up on it?
-
- KVRian
- 513 posts since 9 Nov, 2000
I'm investigating this, the McAfee match I believe is "heuristic" which I take to mean that the exe smells bad. Now it's got no more than a few lines of code which isn't Delphi base libraries... worst case I'll have to abandon the stub + dll approach.
Martin
Martin
-
- KVRian
- 513 posts since 9 Nov, 2000
A little more investigation... I've discovered that Delphi produces unique exe files every time you compile. The released 2.10 Vaz2010.exe file sets off a load of A/V as reported, a straight rebuild which differs in a few bytes (which I believe are a repeated timestamp) triggers much much less. I think this demonstrates that the exe released is *not* malware. But *head* *desk*, still a question of *how* to avoid this kind of problem
Martin
Martin
- KVRAF
- 23102 posts since 7 Jan, 2009 from Croatia
Every good AV will let you add an exception for anything that it reports...
-
ThoughtExperiment ThoughtExperiment https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=7790
- KVRian
- 743 posts since 26 Jun, 2003 from UK
So it looks like a false alarm, thanks for looking into this - don't give yourself too much of a headache
-
- KVRer
- 4 posts since 30 Mar, 2012
The trojan problem seems to be solved and replaced with rare software problem "We are blocking your sofware cause it is rare." Both Norton 360 and avast! had this problem. (makes me real mad -- Lazy SOB's).I couldn't find a way for norton 360 to let it pass. Avast! let me let it pass.
-
- KVRian
- 513 posts since 9 Nov, 2000
FYI VAZ 2010 v2.1.3a scanned clear with BitDefender yesterday. I've had some false positive reports accepted by Symantec and Avira over the last few days, going to throw one at BitDefender now.mikusan wrote:Same here, with the latest full version of VAZ2010 exe file (detected in my case by BitDefender). Going back to the beta version(v210b4) for now, which seemed to be OK and for which, luckily, I hadn't yet got around to deleting the installer.
Any news/views on this, MadGav? Could it be a false positive if three different AV checkers picked up on it?
Martin