dcsimg
Results 1 to 9 of 9
  1. #1

    Thread Starter
    New Member
    Join Date
    Jan 2018
    Posts
    5

    Resolved [RESOLVED] VB6.exe Virus when using SQL-Connection in my Application

    Hi,

    please Help me with this problem. I have programmed an application with access to a remote sql database. As soon as I insert the connection code into the programcode like this snippet:
    Set Con = New Connection
    With Con
    .CursorLocation = adUseClient
    .CommandTimeout = 120
    .ConnectionTimeout = 120
    .Open "PROVIDER=SQLNCLI11;DataTypeCompatibility=80;server=" & Server & "; ___
    database=" & DB & ";Integrated Security=SSPI;"
    End With
    and create the exe file, this file is quarantined as a virus. Everything is ok without this code.
    My Antivirus Program is Bitdefender Internet-Security 2017.

    Does anyone have an idea what I can do to prevent the program from being recognized as a virus?
    Thank you for your Help!

  2. #2
    Lively Member
    Join Date
    Feb 2014
    Location
    Dayton, Ohio
    Posts
    101

    Re: VB6.exe Virus when using SQL-Connection in my Application

    Just curious, what happens if you upload it to virustotal.com?

  3. #3
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    17,337

    Re: VB6.exe Virus when using SQL-Connection in my Application

    Welcome to the forums

    This topic has come up more and more over the past couple years. Dilettante has several posts related to this, but one thing seems to help: Adding a manifest to your compiled executable.

    For example, I use Avast and Avast has never cried about any exe I created via VB, until just recently. I declared a resource enumeration API public in a module and Avast simply quarantined the exe. Out of curiosity and via posts by Dilettante, I decided to just add a manifest and Avast no longer messed with that exe. In my signature below is a link for a "manifest creator". You don't have to use that tool to create one, but the link also provides another manual option. Let us know if adding manifest worked.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  4. #4

    Thread Starter
    New Member
    Join Date
    Jan 2018
    Posts
    5

    Re: VB6.exe Virus when using SQL-Connection in my Application

    Hello CrazyDude,
    Thanks for your tip, I did not know the site before. 8 scanners detect this code as a virus (Arcabit, Emisoft, F-Secure, MAX, Ad-Aware, Bitdefender, Escan, GDATA). I have no idea why this is so crazy! Now I have outsourced the connection and the return result of the recordset to a separate function. I call these then in the necessary place. Now everything is ok, the program is not detected by any scanner as a virus.

  5. #5
    PowerPoster
    Join Date
    Feb 2006
    Posts
    18,920

    Re: VB6.exe Virus when using SQL-Connection in my Application

    Adding a manifest seems to take care of it much of the time. When that doesn't work try a manifest with a <trustInfo/> node in it. This is less trouble than code signing, but sometimes that step is necessary and should be used with a <trustInfo/> manifest.

    Even that doesn't work in every case though. VB6 PE files always begin with a high negative score out of the gate because far too many script kiddies are using it as a delivery mechanism for canned malware payloads they download from elsewhere.

  6. #6

    Thread Starter
    New Member
    Join Date
    Jan 2018
    Posts
    5

    Smile Re: VB6.exe Virus when using SQL-Connection in my Application

    Hi,
    I also tried to use a manifest in the file recognized as virus. Unfortunately, this does not work. I've tried it both with an x.exe.manifest in the program directory, as well as with an embedded resource (via ResourceHacker). In both experiments, the program is still recognized as a virus (Gen: Variant.Jaike.3265). But thanks for the tips, there is always something to learn. Maybe I can use it another time.

    many thanks for your help!

  7. #7
    Lively Member
    Join Date
    Feb 2014
    Location
    Dayton, Ohio
    Posts
    101

    Re: VB6.exe Virus when using SQL-Connection in my Application

    You're welcome. I always run my EXE's through that site for testing. Unfortunately some A/V apps think a lot of VB6 apps are malware for some reason. Apparently some malware has been written in it and they all have their own way of detecting viruses. There is something else you can do, but it's a good deal more drastic, and that's to buy an EXE certificate. Many A/V apps will allow an app to pass that has one because the cert tells them you've been through a thorough vetting & verification process. It ain't cheap, anywhere from $70-85 a year, but because my software is commercial and my livelihood depends on it, I had to buy it. It's really helped a LOT to prevent A/V software thinking my software is malware, but it's a bit of a pain to have to deal with. If you're not doing commercial work, it probably wouldn't be worth it. The other benefit is that it tells the user that your EXE hasn't been modified. It's like a stamp of approval for your EXEs, DLLs and OCXs. Even though I have that cert, I still get one or two crappy A/V apps thinking we're malware.

    I bought my cert here: http://www.ksoftware.net


    Quote Originally Posted by computerwuffi View Post
    Hello CrazyDude,
    Thanks for your tip, I did not know the site before. 8 scanners detect this code as a virus (Arcabit, Emisoft, F-Secure, MAX, Ad-Aware, Bitdefender, Escan, GDATA). I have no idea why this is so crazy! Now I have outsourced the connection and the return result of the recordset to a separate function. I call these then in the necessary place. Now everything is ok, the program is not detected by any scanner as a virus.

  8. #8
    PowerPoster
    Join Date
    Feb 2006
    Posts
    18,920

    Re: VB6.exe Virus when using SQL-Connection in my Application

    Quote Originally Posted by CrazyDude View Post
    There is something else you can do, but it's a good deal more drastic, and that's to buy an EXE certificate. Many A/V apps will allow an app to pass that has one because the cert tells them you've been through a thorough vetting & verification process.
    All it means is that you have bought (and kept paid up) a manufactured ID that can be tracked to a credit card or PayPal account. Everything else can be faked.

    Even if you keep it paid up malware researchers, Microsoft, etc. can file a revocation complaint rendering it useless if you try to hide malware behind it.

  9. #9
    Lively Member
    Join Date
    Feb 2014
    Location
    Dayton, Ohio
    Posts
    101

    Re: VB6.exe Virus when using SQL-Connection in my Application

    Yeah man, IDK. All I know is I had problems with A/V software years ago telling my customers my app was a possible virus. Did some Googlin and it was said I'd have less trouble if I had that certificate. I had to send in all kinds of verification material to Comodo, like copies of various bills, my social security number, copy of my drivers license, Dunns & Bradstreet #, asked me stuff on the phone, etc. It took days. Hard to fake so many different pieces of info. They performed various checks to make sure I was who I was rather than just tracking me to a credit card or PayPal account. Way more vetting than if I was signing up for a credit card or even a car loan. I went through absolute hell (almost gave up) getting it the first time, but it really has helped making my software sound legit in the eyes of anti-malware apps. It's been like 8+ years and there's no way I'd stop using one in my situation. For me it's a necessary evil, unfortunately.

    For sure, you definitely don't wanna hide malware behind it. I sure wouldn't, since my software is what I live on. Just think, making a living on what they call a "dead" language. Go figure!

    PS- Definitely the trustInfo and manifest helps, since I don't think malware bothers using manifests. Probably something A/V apps look for too, in addition to the trusted cert.
    Last edited by CrazyDude; Jan 12th, 2018 at 08:53 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width