A known false positive is a good reason for an "allow" option, no antivirus should prevent completely the user from doing that, but it should advice not to do it though, preferably as loudly as possible.
No idea if this is the case, but it can be that a legit file gets detected as a very dangerous virus by error (and as well as possible is that the virus is really there)
I particularly hate when antiviruses just keep deleting the EICAR file as soon as I throw it at them.
I understand you thoughts Alejandro85. I just thinking that if that many anti virus programs claims it to be a virus why would one think it's a false positive.
Considering it is from 2000. Anything that old I would think a false positive would of been take care of in 13 years.
Me personally will not assist someone to install a virus.
Any one installing virus for testing purposes would have the knowledge needed they wouldn't be asking us how to install it.
Good article by a Kaspersky Lab Expert on Induc.
Induc, the innovative file infector - Securelist
Thank you Jacee for the information.
Would you knowingly allow this infection on your computer?
The tool I'm using was created from scratch by a forum regular and modder in the GTA community. It's been around for awhile and pretty commonly used. It changes the weather data in GTA IV basically, but it's included in a larger package that allows you to edit the image files containing game data.
I think I asked him about this last year or something, and he said it was common for A/V to detect cracks (which I don't use) and game hack tools as malicious.
I'll have to look through this thread more carefully perhaps, I'm not really quite sure of the terminology being used however. I guess I should ask then, is it possible for someone to create a non-malicious program that would nonetheless show up as this infection?
More info: The infected file is file format ASI. These files are loaded using an "ASI" loader, which is a DLL file placed in a given game directory, that will load each ASI mod when the given game is launched.
"ASI is a file extension for an assembly language file used with Borland Assembler. ASI stands for ASsembler Include. ASI files are created using the Turbo C or Borland C++ programming languages, which are very close to machine code (also referred to as assembly code). ASI files can be opened and edited by Borland Assembler."
Last edited by MarkC0; 17 Apr 2013 at 02:02.
As Borland are the original developers of the Delphi Development package the ASI file extension fits.
As your "Modder" states, it is not unknown for an AV to tag a tool, used to alter "system Files", as bad.
However, this is normally reported to the user as a Potential problem, (PUP's or Potentially Unwanted Program). In this case however, MSE and other AV packages all flag this file as a known threat "Induc", whereas if it was a more general warning the threat level would usually be lower, and the reports show their own PUP advisory warning.
IMO, at some time the developer of your tool has been infected by the virus concerned, and thus this is not a false positive.
I would strongly advise you not to let this through your defense, as you cannot be sure If or what any payload may be.If you have contact with your modder I would suggest you make them aware of the full details, (given in the links here), of this potential infection and that they should scan and repair their system before more systems become infected.
The potential for future issues here is serious - the infected code is spread out amongst the gamers using this mod, and someone other than the original virus developer uses the Induc. hooks, present in these systems, to introduce a payload
Quote