Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How to allow "red alert" items in MSE


15 Apr 2013   #11

Windows 7 Ultimate x64
 
 

A known false positive is a good reason for an "allow" option, no antivirus should prevent completely the user from doing that, but it should advice not to do it though, preferably as loudly as possible.
No idea if this is the case, but it can be that a legit file gets detected as a very dangerous virus by error (and as well as possible is that the virus is really there)

I particularly hate when antiviruses just keep deleting the EICAR file as soon as I throw it at them.

My System SpecsSystem Spec
.

15 Apr 2013   #12

Windows 7 Pro. 64/SP-1
 
 

I understand you thoughts Alejandro85. I just thinking that if that many anti virus programs claims it to be a virus why would one think it's a false positive.
Considering it is from 2000. Anything that old I would think a false positive would of been take care of in 13 years.
Me personally will not assist someone to install a virus.
Any one installing virus for testing purposes would have the knowledge needed they wouldn't be asking us how to install it.
My System SpecsSystem Spec
15 Apr 2013   #13
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Good article by a Kaspersky Lab Expert on Induc.
Induc, the innovative file infector - Securelist
My System SpecsSystem Spec
.


15 Apr 2013   #14

Windows 7 Pro. 64/SP-1
 
 

Thank you Jacee for the information.
Would you knowingly allow this infection on your computer?
My System SpecsSystem Spec
15 Apr 2013   #15

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

Quote   Quote: Originally Posted by Jacee View Post
Good article by a Kaspersky Lab Expert on Induc.
Induc, the innovative file infector - Securelist
Thanks Jacee, am on phane atm so will read the info in the morning when at a pc
My System SpecsSystem Spec
15 Apr 2013   #16
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
Thank you Jacee for the information.
Would you knowingly allow this infection on your computer?
Probably not, even tho' I know I don't have any versions of Delphi installed.
My System SpecsSystem Spec
16 Apr 2013   #17

Windows 7 Ultimate x64
 
 

The tool I'm using was created from scratch by a forum regular and modder in the GTA community. It's been around for awhile and pretty commonly used. It changes the weather data in GTA IV basically, but it's included in a larger package that allows you to edit the image files containing game data.

I think I asked him about this last year or something, and he said it was common for A/V to detect cracks (which I don't use) and game hack tools as malicious.

I'll have to look through this thread more carefully perhaps, I'm not really quite sure of the terminology being used however. I guess I should ask then, is it possible for someone to create a non-malicious program that would nonetheless show up as this infection?

More info: The infected file is file format ASI. These files are loaded using an "ASI" loader, which is a DLL file placed in a given game directory, that will load each ASI mod when the given game is launched.
Quote:
"ASI is a file extension for an assembly language file used with Borland Assembler. ASI stands for ASsembler Include. ASI files are created using the Turbo C or Borland C++ programming languages, which are very close to machine code (also referred to as assembly code). ASI files can be opened and edited by Borland Assembler."
My System SpecsSystem Spec
17 Apr 2013   #18

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

As Borland are the original developers of the Delphi Development package the ASI file extension fits.

As your "Modder" states, it is not unknown for an AV to tag a tool, used to alter "system Files", as bad.

However, this is normally reported to the user as a Potential problem, (PUP's or Potentially Unwanted Program). In this case however, MSE and other AV packages all flag this file as a known threat "Induc", whereas if it was a more general warning the threat level would usually be lower, and the reports show their own PUP advisory warning.

IMO, at some time the developer of your tool has been infected by the virus concerned, and thus this is not a false positive.

I would strongly advise you not to let this through your defense, as you cannot be sure If or what any payload may be.If you have contact with your modder I would suggest you make them aware of the full details, (given in the links here), of this potential infection and that they should scan and repair their system before more systems become infected.

The potential for future issues here is serious - the infected code is spread out amongst the gamers using this mod, and someone other than the original virus developer uses the Induc. hooks, present in these systems, to introduce a payload
My System SpecsSystem Spec
Reply

 How to allow "red alert" items in MSE




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:10 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33