VS 2015 PC files vs downloaded files-VBForums
Results 1 to 5 of 5

Thread: PC files vs downloaded files

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    May 2009
    Posts
    375

    PC files vs downloaded files

    Question a bit strange, I understand...

    VB.NET compiled .exe file. Obfuscated by free Eazfuscator v3.3. Setup file made by InnoSetup.

    Both the .exe obfuscated file and the installer made by InnoSerup are OK if scanned by Avira (no virus, no malware).

    Installer uploaded on a web site of mine.

    Installer dowloaded from the website... avira finds a HEUR/APC(Cloud) virus.

    Now the questions:

    1. Why the same antivirus does not find virus on the original installeR and finds a virus in the SAME identical installer downloaded from the web?
    2. How to bypass the problem??

    NOTE: I am the author of the app... I am SURE that there are NOT viruses. And in fact Avira does not find viruses in the original files.
    Last edited by phil2000; May 27th, 2017 at 12:39 PM.

  2. #2
    Fanatic Member PlausiblyDamp's Avatar
    Join Date
    Dec 2016
    Location
    Newport, UK
    Posts
    519

    Re: PC files vs downloaded files

    Have you tried comparing the two installers, the one you uploaded against the one you then download, at the byte level to make sure they are indeed exactly the same and nothing has altered the version you uploaded.

    You could do this from a command prompt with the FC utility - just do FC /b <original filename> <downloaded filename> and see if it finds any differences.

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    May 2009
    Posts
    375

    Re: PC files vs downloaded files

    Quote Originally Posted by PlausiblyDamp View Post
    Have you tried comparing the two installers, the one you uploaded against the one you then download, at the byte level to make sure they are indeed exactly the same and nothing has altered the version you uploaded.

    You could do this from a command prompt with the FC utility - just do FC /b <original filename> <downloaded filename> and see if it finds any differences.
    Code:
    C:\Users\eg>fc /b C:\Users\eg\Downloads\MyFile_1.2.0.2_Setup.exe 
    C:\Users\eg\Downloads\tmp\MyFile_1.2.0.2_Setup.original.exe
    Confronto in corso dei file C:\USERS\EG\DOWNLOADS\MyFile_1.2.0.2_Setup.exe e
     C:\USERS\EG\DOWNLOADS\TMP\MYFILE_1.2.0.2_SETUP.ORIGINAL.EXE
    FC: nessuna differenza riscontrata
    ====> FC: no differences found
    Please note: if I download the installer and I scan it immediately: NO VIRUS FOUND. When I RUN it: HEUR/APC(Cloud) virus found.

    Obviously if I run the original file it's all right.
    Last edited by phil2000; May 27th, 2017 at 02:49 PM.

  4. #4
    Fanatic Member PlausiblyDamp's Avatar
    Join Date
    Dec 2016
    Location
    Newport, UK
    Posts
    519

    Re: PC files vs downloaded files

    That really does seem odd, I can't think of anything sensible that would cause such behaviour.

    The only thing I can think of is to go to explorer, right click on the downloaded file, go to properties and see if the file has the option to "unblock" it. Perhaps your antivirus is seeing a downloaded file differently and changing the heuristics it uses.

    Other than that I have absolutely no idea at all.

  5. #5
    Fanatic Member
    Join Date
    Dec 2014
    Location
    VB6 dinosaur land
    Posts
    728

    Re: PC files vs downloaded files

    AV programs often treat downloaded files with more suspicion since that is the largest source of threats.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width

Survey posted by VBForums.