Sep 21, 2017, 11:44 am

News:

Ufasoft Coin 0.110 new features: SOCKS5, TOR,
bootstrap.dat DB format


avast antivirus warning: sc is win32:trojan-gen infected

Started by Tom, Jun 13, 2005, 10:21 pm

previous topic - next topic
Go Down

Tom

Jun 13, 2005, 10:21 pm Last Edit: Jan 01, 1970, 01:00 am by Guest
avast antivirus warning:
avast antivirus say sc installer ufasoft_sockschain_3.11.148.exe is <> infected.

Same for older version instaler!
nod32 says its ok ...

ufasoft

#1
Jun 14, 2005, 03:46 am Last Edit: Jan 01, 1970, 01:00 am by Guest
> avast antivirus warning:
> avast antivirus say sc installer ufasoft_sockschain_3.11.148.exe is
> <> infected.
>
> Same for older version instaler!
> nod32 says its ok ...

antivirus will say this about any UPX-compressed EXE


Tom

#2
Jun 14, 2005, 06:01 pm Last Edit: Jan 01, 1970, 01:00 am by Guest
Thanks for your quick answer.

I believe UPx is one of the best exe compressor, but if it gives so many complaints within some antivirus software programmers (I got many more in the past), why are you still using it?
All who appreciate the services given by SC will not care at all if the installer size is ten times or more heavier.
If the packaged size involves also the running software efficiency (memory load, etc), i think it doesnt care much anyway if it is not really a noticeable improvement, as most sc users will for sure be using enough powerful pc systems to handle it.

Beside this, how can I get a 1copy sc license for free? Do you have an beta testers or any other free software options? Translations? Affiliate plans?

Do you have any linux, *bsd versions?
Is source code available?
Is skin support soon available?
Are you Russian or USA programmers?

Thanks again for all.

ufasoft

#3
Jun 15, 2005, 12:41 am Last Edit: Jan 01, 1970, 01:00 am by Guest
> I believe UPx is one of the best exe compressor, but if it gives so many
> complaints within some antivirus software programmers (I got many more in
> the past), why are you still using it?
> All who appreciate the services given by SC will not care at all if the
> installer size is ten times or more heavier.
> If the packaged size involves also the running software efficiency (memory
> load, etc), i think it doesnt care much anyway if it is not really a
> noticeable improvement, as most sc users will for sure be using enough
> powerful pc systems to handle it.
>
We want to keep size of any our software package < 1MB. Because many bugs
can be found during minimizing and refactoring of code.


> Beside this, how can I get a 1copy sc license for free? Do you have an
> beta testers or any other free software options? Translations? Affiliate
> plans?

Yes, we give free registration for founding critical bug or translation of
help and UI to some language, which not supported yet.

> Do you have any linux, *bsd versions?
No *NIX version, but I know open source project "proxy chain" at Source
Forge

> Is source code available?
> Is skin support soon available?
No

> Are you Russian or USA programmers?

We are in Russia



Tom

#4
Jun 16, 2005, 08:25 pm Last Edit: Jan 01, 1970, 01:00 am by Guest
OK! avast antivirus warning fixed by yesterday avast database update.

Avast team has quicly and efficiently reply me and fixed this bug.

Hey, Ufasoft! Would you be so kind to reward my litle contribution with a 1 copy 1 year sc license?

Tom.


HATKINS wrote (to avast antivirus support team):

> Sirs,
>
> Your Avast pro antivirus warns, erroneously , as infected all sockschain
> software installers (newest and older ones) (win32_trojan-gen (UPX!) ).
>
> Please check this bug, just in case, downloading this software from
> http://www.sockschain.com/files/ufasoft_sockschain_3.11.148.exe

Avast reply:
this false alarm was fixed in one of the latest virus database update, I
think yesterday.

---------------
> This is a bug of your software, and has caused me the loss of all my 4
> years historical versions of sockschain (old versions) installers (not any
> more available), that was precious to me for low end pc machines that
> cannot support the latest versions.
>
> I contacted Ufasoft Co , Sockschain developpers, and they told me that
> they use the UPX packager/compressor to obtain a <1M installer files.
>
> As everybody developer knows, UPX is one of the best
> compressor/packager in the market, and freeware.

Avast reply:
You are generaly correct. Those (Trojan-gen) false alarms are due
incorrect automatic processing of installers or internaly packed files.
The processing robot chooses the detection signature from the installer
or unpacking code rather then the packed code (trojan horse). False
alarm spring up and have to be repaired by manual intervence. We are
working on improvement of the robot and bulding the database of
instalers and packers code and previous false alarms for testing the
robot results and finding as much as false alarms in test enviroment and fixing them before virus database release.

-----------------

> It is a silly option from any antivirus programmer to mark as virus/trojan any
> software that uses UPX, a long time ago well established developper
> tool.
>
> I believe that some virus designers might use it, but banning a
> standard developer tool is not the way to fight against them, thought
> I understand it is am easy way for you to do it. By the way, you can mark as
> virus all *.exe.

Avast reply:
The false alarm wasn't triggered by the UPX itself. It was rather
triggered by the UPXed code of the installer. Avast never intentionally
detected any packer or protector as virus (we consider to detect
anything packed (encrypted) by Morphine as "suspicious", but we don't do
it yet). Most definitely, Avast didn't detect all files packed with UPX
as infected after the 0524-0 virus database update (this is the version
where the false detection of the ufasoft files was introduced).

-----------------

ufasoft

#5
Jun 18, 2010, 09:36 am Last Edit: Jan 01, 1970, 01:00 am by Guest
New version of SocksChain uses LSP to intercept Internt traffic from applications

The same technique used by many trojans. So it is normal that Antiviruses detect it as trojan.
We can suggest only ignore such messages if they tells about our SocketSpy.dll

To clear registry from SocksChain you can run in command line:
netsh winsock reset

alex88

#6
Jun 18, 2010, 02:35 pm Last Edit: Jan 01, 1970, 01:00 am by Guest
i swear that is the last time when i use avast antivirus. i'm installing kaspersky from now on. you should do the same.

ufasoft

#7
Jun 18, 2010, 06:08 pm Last Edit: Jan 01, 1970, 01:00 am by Guest
I think Kaspersky will warn about trojan too.
Any IPC activity is dangerous from Antivirus's point of view

capajo

#8
Jul 27, 2010, 05:49 am Last Edit: Jan 01, 1970, 01:00 am by Guest
You should try another antivirus software if you don't like avast, though it;s in the list of top rated antivirus programs it may not fit to your system. You should definitely try another software from the top ten list.

Amberjean

#9
Jul 01, 2011, 08:48 am Last Edit: Jan 01, 1970, 01:00 am by Guest
Beside this, how can I get a 1copy sc license for free? Do you have an beta testers or any other free software options? Translations? Affiliate plans?

Go Up