Announcement

Collapse
No announcement yet.

Site Owners/Softwar Writer check this out.

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Site Owners/Softwar Writer check this out.

    Hi Site owners/Software Writer(s) and Site Admins,

    I have used IrfanView for a long time, and recently had to recently reformat due to a massive infection. Well, now that I am up and running again I check everything with many tools. The tool I use online is VirusTotal.com.

    Why mention this? Well today before installing IrfanView, I ran a test now VirusTotal uses 32 anti-malware engines, and 30 of them all of the well known ones like AVG, AVAST, Microsoft, and many others PASSED with no issues. False finds can and do happen for many reasons.

    I am NOT saying that IrfanView is infected, just that you might like to know about these finds, as to update the Ant-Malware venders to possible false finds. Also, to avoid any future people claiming to have found something and not allow you the chance to verify it for yourself.

    eSafe 7.0.15.0 07.03.2007 suspicious Trojan/Worm
    Webwasher-Gateway 6.0.1 07.04.2007 Worm.Win32.ModifiedUPX.gen!84 (suspicious)

    AGAIN, I am not saying these are actual malware, as this can be false finds. Out of 32 checks only 2 found possible issues. These issues can be related to rather simple reasons.

    I thank you for making such a great program and hope that this information helps you.

    Kite Geek,

    The Expert Noob... @ Well, everything.
    Last edited by Kite Geek; 05.07.2007, 04:02 PM. Reason: Forgot site Admins :P
    Kite, the Expert NOOB... @ Well, everything.
    Tags: None
    #2
    Thanks for the info. False positives do happen, and knowing that some of these scanning engines tag IrfanView might save someone a very nervous moment. Have you notified those responsible? They always like to know when things don't work quite right.

    I'm not familiar with Virus Total. I mostly use Spyware Terminator with ClamAV (Added: Ah, I bookmarked that, could be handy some time )

    LOL @ "The Expert Noob"
    Last edited by matera; 05.07.2007, 04:54 AM.
    Its: Belongs to "It"
    It's: Shortened form of "It is"
    ---------------------
    Lose: Fail to keep
    Loose: Not tight

    ---------------------
    Plurals do not require apostrophes

    Comment

      #3
      Thanks for the kind reply matera. Yes, and this was one of the biggest reasons to post in the forum and not only privately.

      I hope that this message will reach the right people. And, more importantly the end user. I just want to prevent something I saw on another site, where a person posted a big DANGEROUS SOFTWARE post and never once metnioned what tools had been used, and what the results had been found. That was really annoying, and lame.

      So, I did a fresh download, tested and posted the results. Much like I did here. Don't mess with software I like. :P

      But, what happened next was really cool, the site admins came on and who knows maybe that software's writer spoke up. But, they mentioned what caused the false alarms, and let the mal-ware venders know what was going on. Unfortunately, a anti-malware company does not take end user input as important as the actual software creator.

      Sadly, it is true... I am an EXPERT NOOB...
      Kite, the Expert NOOB... @ Well, everything.

      Comment

        #4
        So the virus tools are probably tagging IrfanView because it has been compressed with UPX. That fact is not enough to raise "suspicion", imho. Antiviruses think that the more notifications they show, the better they appear to the user. I don't trust no ativirus and use this site if I have a really suspicious file, of a type forbidden to mention here. The site is often unavailable during daytime because of heavy load.

        Comment

          #5
          Wow, I use that site also. But, yes UPX will cause some antivirus programs to panic.

          Way to go in not trusting just one program.
          Kite, the Expert NOOB... @ Well, everything.

          Comment

            #6
            Yep. UPX is just a compression method, but it has been the favorite tool to compile trojan horses for a longtime.

            But I come across a lot of software sites, where they had to ensure that their product is actually clean, despite all kind of rumours by people who like to make false alarms.

            But if you've got a massive infection, Irfan View shouldn't be one of the first not to be trusted.
            I wouldn't trust my own safety policy up to then in the first place.
            0.6180339887
            Rest In Peace, Sam!

            Comment

              #7
              virus signature

              Originally posted by j7n View Post
              So the virus tools are probably tagging IrfanView because it has been compressed with UPX.
              Not the UPX or the compression/decompresion code used is the problem in those cases but compressed data and the heuristic method of antiviruses who will find an "posible virus infection". If the antivirus use too few data for determine the virus signature it will have more chances to warn user for lots of clean files. But as you said: never trust only one virus scan.

              You might want to check this out too. Free antiviruses / antispyware (direct links for download):
              Bit Defender 10 (free edition)
              Comodo AntiVirus v2.0.17.58 beta
              Comodo BOClean Anti-Malware v4.25
              SpyBot Search&Destroy 1.5
              PC Tools AntiVirus™ v3.6 (latest)
              PC Tools ThreatFire Free Edition (latest)
              Imi este indiferent ce cred ceilalti despre mine, caci oricum fiecare crede ce-i convine lui si nu ceea ce e real,
              doar ca mi-ar fi placut sa ma vada asa cum sint de fapt, nu asa cum poate le-ar placea lor sa creada. Ei au ales deja...

              ··÷¦÷·· ·· · · · ·· ··÷¦÷·· ·· · · · ·· ··÷¦÷·· ·· · · · ·· ··÷¦÷·· ·· · · · ·· ··÷¦÷··
              ·· · ·M· · ·I· · ·D· · ·I· · ·· ·· ·M· · ·A· · ·N· · ·I· · ·A· · ·C· · ·S· · ··
              ··÷¦÷·· ·· · · · ·· ··÷¦÷·· ·· · · · ·· ··÷¦÷·· ·· · · · ·· ··÷¦÷·· ·· · · · ·· ··÷¦÷··

              Comment

              Previous template Next
              Working...
              X