Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

THIS PROGRAM HAS A VIRUS!

am fm
2009-03-01
2013-04-29
  • am fm
    am fm
    2009-03-01

    What is happening?. I have downloading the .zip file and I send it for scaning to

    http://www.virustotal.com

    Then result is VIRUS FOUND Virus Name: Trojan Win32.Banker

    eSafe 7.0.17.0 2009.02.26 Win32.Banker

    YOU NEED TO EXPLAIN THIS... I'm angry.

     
    • am fm
      am fm
      2009-03-03

      Please. Confirm about virus found.

      Answer this trhead.

       
    • Erik Hjelmvik
      Erik Hjelmvik
      2009-03-05

      Let’s be seriouse here; there is of course no virus in NetworkMiner. If you are suspicious then please go ahead and download the source code and read it through!

      I tried uploading the NetworkMiner-0.87.zip to virustotal.com and for sure, eSafe version 7.0.17.0 triggered on a signature for the Win32.Banker Trojan. None of the other 38 antivirus products (including big players like F-Secure, Kaspersky, McAfee, Symantec and TrendMicro) detected any virus in the zip file.

      I also uploaded each individual file from inside the zip archive to virustotal, and no single file triggered any virus signature in any of the antivirus scanners.

      The fact that a false positive was triggered in eSafe says a lot about today’s signature based anti virus solutions; they suck! They might still be somewhat useful in several cases, but I really think we need a better alternative than simple signatures in future malware detection software.

       
      • am fm
        am fm
        2009-03-07

        I'm very serious. I'm very worried about this, because the kind of virus is one of the worst.

        I agree with you that all other antivirus doesn't detect anything, but eSafe detects it.

        So I'm comming to this forum to know why it appears this virus.

        I asked too in other places.

        If you upload the .zip file or the .exe file, the virus is detected.

        Altough you provide source code, many people doesn't understand it. And worst of all, they will no be sure if the .exe file you provide, are exactly the same file obtained after the compile process of the source code, since the .exe appears as suspiccious file with a very know virus...

        If it's a FALSE POSITIVE, as you say, and like I hope, you should contact eSafe team or the virustotal team to solve the bug. It will be the best thing for all people arround.

        Thank you for your answer.

         
        • Erik Hjelmvik
          Erik Hjelmvik
          2009-03-07

          Sorry, I missed the fact that the NetworkMiner.exe matches the signature in eSafe for Win32.Banker. It would, however, not be correct to say that eSafe detects a virus in NetworkMiner. What is happening is that some part of the code in NetworkMiner.exe happens to match one of eSafe’s signatures for Win32.Banker, but this match is a false positive.

          I contacted Aladdin (the company behind eSafe) a couple of days ago, right after I confirmed that NetworkMiner triggered a false positive. I wrote a post on their forum here:
          http://www.aladdin.com/forum/show.asp?id=9136&fid=1&tid=0&subject=False%20positive,%20needs%20fix
          But I also sent an e-mail to: virus@aladdin.com

          I have not yet received any answer from them regarding this matter though. I’m not sure what priority this type of issue this type of issue has for them.

          Regarding the problem of knowing if the distributed .exe is built from the provided source code: Since NetworkMiner is built with .NET all code in the .exe is in the Intermediate Language (IL) format, which easily can be converted back to source code by using tools such as .NET Reflector (http://www.red-gate.com/products/reflector/). This allows anyone (who understand C# or Visual Basic code) to make a code review of the NetworkMiner.exe.

           
          • am fm
            am fm
            2009-03-08

            Thank you, Erik. I don't use C#, but I can read an write some programs in C using Dev Cpp compiler and Borland C. But it seems to be a problem in eSafe.

            I was really worried, because I have executed NetworMiner in my PC before scanning it in virustotal.

             
    • am fm
      am fm
      2009-03-07

      If you go to eSafe web page, you can see that other programers are victims too of false positive, but they claim to eSafe and/or virustotal to solve the bug.

      Sorry for my english.