I develop a few applications written in VB6, and within the last 2 or 3 months many of them are now being flagged as containing viruses (eg. VBKrypt)
I always scan my exe's on virustotal.com prior to release.
It's been extremely difficult to pinpoint. Sometimes the exe's get flagged multiple times, other times just the once.
The odd thing is that sometimes simply changing the order of the declared forms/modules/classes in the vbp file and recompile cures it, but it only ever seems a temporary cure. If I perform a rescan on the exes in a few days time, then often they get re-flagged as containing virus(es)
I used to compile to P-Code. Compiling to native code seems to improve matters on the virus-count, but invariably like I said, the get flagged up a little further down the line.
It is extremely difficult to pinpoint.
For example, one app was being flagged as containing VBKrypt, and after removing forms, modules, commenting out etc, I pinpointed it to a single Err.Clear statement!!!!
Anyone else having similar issues with VB6 compiled exes?
Any help whatsoever would be greatly appreciated....
Thanks
I've seen this happen not only with VB6 applications but also with things written in C#, Pascal, and C++. Antivirus software these days are rather paranoid. The only real fix is to get a code signing key and sign everything. Try these guys.
Distributing code detected as malicious will remove the reputation from a file and
also any reputation from the associated digital certificate – even if signed with
an EV code signing certificate.
So it remains very important that you avoid writing "droppers" or using DLL Injection techniques. Just using VB6 in the first place has been a strike against you for many years now. VB6 programs are just too commonly used as delivery mechasims for "recipe" malware payloads these days. The community has more bad actors than good any more.
Personally, I consider many anti-virus software packages these days as viruses themselves. Try uninstalling the things ... it's near impossible. AVG is one of the worst, and actually has a reputation of changing search engines and other virusy things.
Microsoft has taken all of this very serious for a number of years, given that the Windows OS was more attacked than other OSs, and they've worked hard on their firewall and Defender software. I'm sure there will be varying opinions out there, but IMHO Windows Defender is absolutely as good as any other antivirus software out there (and often much better), and it's easy to turn on/off, it can be controlled by policies, and it can easily scan individual files from the context menu (which I consider a necessity). Also, I've never seen Defender interfere with normal operations (such as VB6 animating Word or Excel) whereas many other "antivirus" (if we can really call them that) packages raise all kinds of havoc for normal operations.
These days, I strongly recommend to my clients that they use nothing but Microsoft Windows Defender, and suggest that many of the others belong more in the Virus camp, rather than the Antivirus camp.
Good Luck With It,
Elroy
Last edited by Elroy; Jun 28th, 2018 at 10:33 AM.
Any software I post in these forums written by me is provided "AS IS" without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. To all, peace and happiness.
our program gets flagged too. Usually looking at the details of the exploit will give a clues, for example, if it is being flagged as "ransomware" and your program uses encryption\decryption libraries, you will know what triggered it.
Here is what we do:
* Tell the client to white list
* Submit false positives to the av vendor
* Sign your exes with an ev cert
You may need to do this every time you build as the hash for each version will be different and is seen as a "new" program to av programs.
So if I purchase an EV cert to digitally sign my exe's will this mean they will get overlooked by AV apps?
I'm just confused, as what would be stopping someone who is actually writing a virus to digitally sign their virus exe?
It concerns me how fickle these virus flags are with my apps.
The other day my app was being flagged, so I pinpointed it to a single form. I recreated the form from scratch and copied+pasted all the code, and it scanned clean. A day later I scanned it, and it flagged up again. So I copied the old form back into the project instead (the one that originally caused the flags) and it then scanned clean!
It's all so frustrating.
I'm becoming petrified to recompile and release my apps any more!
Have this issue too and gotta deal with the AV vendor one by one, asking them to fix their False Positive and white list the soft.
_____________________________________________________________________
----If this post has helped you. Please take time to Rate it.
----If you've solved your problem, then please mark it as RESOLVED from Thread Tools.
I'm just confused, as what would be stopping someone who is actually writing a virus to digitally sign their virus exe?
they are expensive and will be revoked when caught
Originally Posted by hawker
It's all so frustrating.
I'm becoming petrified to recompile and release my apps any more!
You app is doing something that looks bad. look at all the controls\api\functionality on the form. Then compare to the payload of the exploit and see if there are any similarities. For example, we somethimes get flagged because we use a cryptoAPI on the filesystem and it thinks we are ransomware.
You app is doing something that looks bad. look at all the controls\api\functionality on the form. Then compare to the payload of the exploit and see if there are any similarities. For example, we somethimes get flagged because we use a cryptoAPI on the filesystem and it thinks we are ransomware.
This is my problem, my apps get flagged for what seems to be totally random reasons.
For example, I had a runner application which runs my main program. All this did was to see if there was a newer version of the exe on the local network drive, and if the networked version was newer it did a FileCopy of it to the local drive. It then executes the local main program via the VB Shell command. This was being flagged. The exe was tiny (16k). I put a dummy form in the project, and still got flagged. I added a command button to that dummy form, and the exe was then considered clean! How can adding a command button to a dummy form get rid of a virus????!!!!
And I'm slightly confused about getting one of these EV signatures. If I do, and these virus scanners then deem my exes to be contaminated, will that mean my signature then becomes bad, so ANY exes with my signature will be considered a virus and always be flagged?
Thanks again
Last edited by hawker; Jun 29th, 2018 at 12:40 AM.
as im not a vendor, just making my programs for fun and thousands of users use my programs, i also get reports, but i dont do anything, other users usually report is as false-positive and thats it. because i have been around for almost 10 years i get a good reputation as theres nothing harmful with my programs and even if some gets virus alerts, they simply white-list it. but sure its annoying as its never ending.
because i have been around for almost 10 years i get a good reputation as theres nothing harmful with my programs. . .
Reputation system is per executable. Reputation system can be organized based on certificates and/or executable signatures (hashes) if a certificate is missing.
I doubt anyone keeps records of your personal reputation as a vender, as .exe vendors are easy to fake and bad actors would be able to exploit your reputation to hide malware. Obviously in case these bad actors steal your code-signing certificate they would be able to take advantage of your *certificate* (not vendor) reputation.
Yes, as far as I can tell the only place where "reputation" comes in formally is accomplished by things like users whitelisting a specific program within an antimalware utility.
Of course there is the other sort of "reputation" as in social reputation among users. There are some "download link aggregator" sites that also dispense informal reputation certifications, but those are little more than badges on their web site pages. It is up to users to decide whether those are of any significance. Most of those sites have given up on this now, and it was never much more than a way to decorate their own web pages.
well if u have a team with a forum/site for a decade im sure you understand how the reputation is gained.
if they get my programs elsewhere, i cant control it, but that it true for all programs anyway.
of course there will always be new users, but if you want to be sure to get something legit and not harmful you also need to do some investigation.
what im trying to say is that we can not control the antivirus programs, there will always be false-positive. but what we can control is reputation.
Yes, as far as I can tell the only place where "reputation" comes in formally is accomplished by things like users whitelisting a specific program within an antimalware utility
here is what MS says
"Downloads are automatically assigned a reputation rating based on multiple algorithms that consider
many objective criteria, such as antivirus results, download traffic, download history,
and URL reputation."
In some ways, it feels like they are extorting us by forcing us to buy ev certs but I doubt anyone on here has the millions of downloads likely needed to get a reputation organically.
Last edited by DllHell; Jun 29th, 2018 at 12:43 PM.
How can adding a command button to a dummy form get rid of a virus????!!!
You have to understand how the computer identifies your program. It creates a hash of all the bytes so any change will create a new hash and the AV vendors use this new hash to determine if it is bad or not. This is why you keep getting "clean" results when making new versions. Your "reputation" is a bunch of factors, not just what the program does: https://blogs.msdn.microsoft.com/ie/...ng-reputation/
I'm still very confused and extremely frustrated with these AV vendors complaining about my apps.
Another example 1.
====================
One app had a single VBKrypt flag, so to try to pin-point I commented out a load of code from my main bas module.
I recompiled only to find it now had 9 AV hits!
How can REMOVING code magically make lots of "viruses" appear in my code?
Another example 2
===================
Even a simple "hello world" app gets 2 flags:
Create a new standard exe project
Add a standard form and drop a command button
form1 code:
Option Explicit
Private Sub Command_Click()
MsgBox "hello world"
End Sub
I'm wondering if the recent windows 10 update to c:\windows\system32\msvbvm60.dll is having an affect here? Mine is dated 11/04/2018, size 1354Kb. (I'm using 32-Bit Win10)
i dont care about unknown antivirus softwares or if the alerts are less then 1/3 in the list i assume its false-positive.
its not just vb6 but for anything homemade executable.
I used to think that way, but what I usually find is that if there is just one hit, very often it will slowly get picked up by other vendors. Seems like there is a central list that that eventually propagates into more vendors' virus definitions.Perhaps even using VirusTotal.com to scan isn't helping..perhaps this web site distributes "bad" hashes to the vendors to consider?
Anyway, I am no further down the line with this.
I'm just wating for the day when my executables become unusable across the board....
I used to think that way, but what I usually find is that if there is just one hit, very often it will slowly get picked up by other vendors. Seems like there is a central list that that eventually propagates into more vendors' virus definitions.Perhaps even using VirusTotal.com to scan isn't helping..perhaps this web site distributes "bad" hashes to the vendors to consider?
They share lists of hashes.
Anyway, I am no further down the line with this.
I'm just wating for the day when my executables become unusable across the board....
You are trying to control or influence how they scan and classify your programs but are refusing to take advice on how you can help. The days of distributing unsigned exes are over. There is too much risk. Get an ev cert and move on with your life.
You are trying to control or influence how they scan and classify your programs but are refusing to take advice on how you can help. The days of distributing unsigned exes are over. There is too much risk. Get an ev cert and move on with your life.
Yes, I fully intend to get an EV, but my earlier question of if my signed app is deemed to have a virus still stands; would this jeopardise all my other signed exe's considering how the vendors share their information? I'm only trying to understand the reasons behind this in the first place.
Early days, but now I'm compiling a manifest into my exes, with level="asInvoker", and this seems to have improved things (for now). Early days as I've said.
Yes, I fully intend to get an EV, but my earlier question of if my signed app is deemed to have a virus still stands; would this jeopardise all my other signed exe's considering how the vendors share their information? I'm only trying to understand the reasons behind this in the first place.
Early days, but now I'm compiling a manifest into my exes, with level="asInvoker", and this seems to have improved things (for now). Early days as I've said.
Thanks
Yes, your EV can be invalidated. If it was a "get out of jail" card, malware makers would just buy one, invalidating the entire system
Unfortunately, MS does not disclose exactly how rep is counted but they do give some info: number of installs and url integrity are mentioned. So if you are hosting your exe's for download on shared hosting in a wordpress site that hasn't been updated in 3 years, you might take a look there too
Early days, but now I'm compiling a manifest into my exes, with level="asInvoker", and this seems to have improved things (for now)
This does seem to help in many cases. I also ensure I manifest for supported O/S, but unsure if that helps overall
I can understand your frustrations. In a sample project, just a few dozen lines of code, I was enumerating DLL resources and my AV quarantined it. I simply changed the API declarations from Public to Private and my AV was happy with it. Why would that even matter? Don't know.
Insomnia is just a byproduct of, "It can't be done"
Frustrated indeed, this happened to our inhouse application today morning. Norman Endpoint garantinized our app errorneously. I checked binary executable installed to userbase against clean compiled version and files were exactly same, hence does not contain virus. Tested our app in virustotal and 9 out of 66 enfgines flags our app as a virus.
It is an impossible situation. The av company wants to protect your computer. If they are not super paranoid about what is running on the computer, their product will fail. This means your unsigned vb6 program that sends email, uses winsock, accesses the file system, etc is going to get flagged.
I fully understand your frustration. Please just take it easy, common sense shall prevail:
-- This site allows Tom, Dick & Harry to submit their AV programs, without shroffing their quality first, therefore the reliability of the site itself is very much in doubt. My view is that as long as the big guys, and the reasonably-big guys, say that your program is "Clean", that should be enough.
-- Although the site has specified that the test results don't mean anything, they are just for a reference, we cannot deny the fact that harm is being done to some software vendors as a result, and for which they can do nothing.
-- I first tested a couple of my programs on VirusTotal a few months ago, prompted by a friend of mine. For the "14 mb" EXE file, I got one entry without a "Clean" stamp. At the same time, for the "4 mb" EXE file I got between 9 to 13 entries without a "Clean" stamp. These two files use identical classes and modules, why there was such a huge difference in AV testings, I don't know, nor do I care to know for reasons stated earlier.
The site offers some kind of service, but it also takes people's programs as a quinea pig. I've just now done another test on the above-said "4 mb" EXE file; it has dropped down to only 2 entries without a "Clean" stamp. As I haven't changed my classese and modules since, this means that some of the AV companies must have improved their AV products meanwhile (thanks to guinea pigs).
So, don't worry, likely your program will be "rated" differently in a few months time.
Brenker
Edited:
P.S. I said "I fully understand your frustration", because 10 yeas ago I had a even more bizarre encouter.
At that time I had a few Shareware graphic tools programs listed on download sites such as CNET. One of the programs was a full-fledged Icon Editor (befor Axlias which I consider the best in the market after its launch). Suddenly my own site was flagged as "Adware" (or something else, I forgot) site, by McAfee (I hope I recall correctly).
My site was not alone, there were many sites experiencing the same. Why was that? It turned out that apart from a few download sites I subscribed, there were many others who helped themselves linking to my site. If one of the clients of a linked site was a culprit of Adware, that site was being flagged. Now if my site was linked to that flagged site, my site became an accomplice.
That lasted for less than a year (if I remember correctly), then McAfee stopped that kind of service. This episode didn't really affect me though; Shareware was just my hobby at that time after my retirement from a profession unrelated to graphics programming.
Last edited by Brenker; Jul 19th, 2018 at 02:50 PM.
Others seem to have mentioned this, but a real EXE certificate and time definitely helps. People can argue whatever they want about EXE certs being a "scam" or whatever, but if you're making money with your app, it definitely helps. Some may argue they should be free like HTTPS/SSL certs, but EXE's are a different story. They can do real harm, way more than visiting a home page of a website. And just as dilettante said, just writing your app in VB can cause it to be flagged because there have been many viruses written in it by script kiddies. That's why a cert is necessary for commercial apps if you're making any kind of money whatsoever. They only cost about $150 a year. That's $12/mo, although paid upfront.
Every so often we'll get an email from a user saying that McAfee or some other A/V flagged a download on the site. We had to contact McAfee directly ourselves to get it fixed, along with asking the user to submit a false positive. This is the same issue Brenker just mentioned. But the longer we're around the more we're trusted. Digitally signed EXE's help, and I don't mean the self-signed type. For proof, here are direct links to two of our most recent EXE's on VirusTotal.
These days, I strongly recommend to my clients that they use nothing but Microsoft Windows Defender, and suggest that many of the others belong more in the Virus camp, rather than the Antivirus camp.
By my experience, Windows Defender is even more paranoid in comparison with others.
Also, it can allow run the app for the first time and block it after you run it second time just after several minutes )) Mystic. I personally met that behaviour several times.
SmartScreen can show red warning without option to "run app anyway on your risk".
Tech support is never answer. So this is a very big disadvantage. Almost impossible to remove false positive.
Originally Posted by hawker
And I'm slightly confused about getting one of these EV signatures. If I do, and these virus scanners then deem my exes to be contaminated, will that mean my signature then becomes bad, so ANY exes with my signature will be considered a virus and always be flagged?
Not right away, however, this will negatively affect the reputation of your certificate. The better decision will be send the sample by false positive form.
Originally Posted by hawker
I'm still very confused and extremely frustrated with these AV vendors complaining about my apps.
You can't find the reason without using special software.
Software can be flagged for many reason, including:
- coincidence with some virus signature
- specific sequence of API-calls
- behaviour
- and Win32.Generic just because of low reputation on file (low number of downloads e.t.c.)
The only one-time decision you can try to change some of compilation options, however without guarantees.
Also, several re-compilations may help.
Originally Posted by baka
i dont care about unknown antivirus softwares or if the alerts are less then 1/3 in the list i assume its false-positive.
It's better not to analyse the number of detection, but the AV vedors it belong to and the names of detections.
E.g. it's vary bad if software flagged by widespread AV vendor used in the country of most your clients.
Also, specific detections like "Adware, "Miner", "Worm" e.t.c. should be considered as much worse than "Generic", "Packed" (e.g. UPX) and must require your action, bacause if you don't care, there is a risk after a while your sofware will remain with such detection even after re-compilation.
---
Also, consider that VT results is not final that you can count on:
- databases can be updated and your software can be flagged after a while.
- proactive protection of AV on customer side can block your software even on the middle.
- if at least 1 AV vendor flagged your software on VT, you can be sure some of AV will steel that detection.
If you are maintaining some important software, to get good reputation on it you have to submit for false positive (look the link in my signature) every version.
If your software has really no dirty tricks / bundles / using network in malware-like manner / adware e.t.c. you can count that after a while (maybe 6 months) parts of your software (signatures; don't confuse with a digital signature) will be whitelisted by automated system. The same applied for digital signature too. BTW, you can manually submit your digital signature to be whitelisted if AV provide such service (you need to search form or ask tech support). Note, that some AV support give answer until 30 days or even later (or never , like Microsoft).
---
As, CrazyDude mentioned it's better to sign your software. But you shoudn't count your sofware will be clean just right after signing. It depends on many reasons.
Personally, it's too expensive for me to bye certificate (or even EV type of cert. to be sure SmartScreen will feel good).
That's why I'm using self-signed cert. You can't have "verified" status for your exe with such cert. Also, vice versa, some AV vendors can consider such exe more suspicious. But after a while you will have more positive moments, because such cert. also collects a reputation and even can be added by AV vendor as whitelisted (it's a proven info). Also, in any controversial moments you can prove this executable belongs to you and not modified (by file virus, some **** portable-adware-repackers, network interceptions e.t.c.)
As, CrazyDude mentioned it's better to sign your software. But you shoudn't count your sofware will be clean just right after signing. It depends on many reasons.
This is true, although I'm seeing more and more A/V apps use the trust info in EXE certs to practically whitelist EXEs. I've signed some EXE's of mine that have some pretty questionable code in there required for commercial apps, such as self-deleting files, etc. and there is never an alert with them in Kaspersky. It seems the cert overrides any suspect code for efficiency sake and to reduce false positives. Because who in their right mind would go through the trouble of buying a cert with all the verification if they're creating a virus, right?
Of course not all anti-virus apps do this, but over the years I've noticed an increase in trusting "trusted" certs in A/V apps.
This has suddenly started happening to me over the past couple of months from my company's security solution (see rant below lol). Unfortunately as I tend to develop from home and only use the bundled Windows Defender which doesn't trigger false positives I don't know if it will happen until I take things to work.
In my case (or rather, the particular software we use) it seems that any use of a PictureBox or ImageBox (or setting the image property on a form) will trigger a virus warning on the compiled version of the app. Which is a problem for us as most apps we have print and we have need to have our logo on everything printed). Compiling to P-Code rather than native code (the exact opposite of someone else's experience) sometimes, but not always, cures the problem. I also found that if you build the application from scratch in one session and compile it without saving it first then it also usually doesn't trigger a warning. This is doable for small apps (if a pain as a 2 second task to compile becomes a long session of remaking it and re testing it in the IDE, all to be repeated if the slightest change is made in the future) but this is not viable for larger apps.
On AV software generally, ever since a passable firewall was added in XP SP2, and later Microsoft Security Essentials antivirus software was made available for free in Windows, I've been firmly of the view that for most users on standalone machines or on a simple peer to peer network they are perfectly adequate. The modern Windows Defender in Windows 10 has raised the bar higher and is just as good as anything else.
Granted, if you are on a domain or running a VPN you might need something higher powered like Symantec Endpoint but that's an entirely different argument.
Unfortunately, my company's legal 'experts' advised them that if we switched to using free solutions (which would be fine for us) then in the event of a data breach we would be viewed as not taking data security seriously by not paying extra for security software so I am not allowed to move us to Windows Defender which I know would be fine.
The particular software we have causes havoc, apart from the false positives on VB6 compilation, when I get support calls that an application has 'frozen', it's usually because the firewall has randomly decided to block the server machine from the workstation as it believes it is being attacked, even though the server is whitelisted. And rather ironically, for all the software is overzealous about VB6 apps and talking to other machines on the local network, it once allowed a piece of malware through (fortunately it was noticed quickly and did no damage)!
In our country, almost all VB software using Winsock and RPC will be considered viruses by security software, so I can't use VB to develop an IM software. Also if you use Hooks or Subclasses, your app is likely to be marked as a virus.
Some time ago, I used Porkynet's excellent control FIRENZE LABEL in my software, Very strange things happened, my exe was marked as a virus. Finally, I had to rewrite a similar control with Label, Image and Timer, and the problem was solved.
Last edited by dreammanor; Jul 30th, 2018 at 09:42 PM.
What, I do, is to declare in the header strings, the description of what the file does, to what software package belong, the copyright mark, etc, and then SIGN.
Also have a website the same domain since the year 2004. And ofcourse the digital signature. Is impossible to publish these days without a digital signature.
And all that, and get problems with an anti cheat software from rockstar. In concrete in a module, which is meant to sign in the user/pass in a form (like the origin login form, battlenet, etc). Is nothing wrong doing that, it is just the CYBER owner sharing its purchased account to a customer without letting the customer to know the user/pass. That is just what it does. Those apps, don't has a "command line" parameter for that (plus the insecurity of that).
Now, sadly, as that code can move the mouse, can take a screenshot of the surface's form, and can type instead of the user, that is like, the same DLL a cheat must do. So, banned rockstar accounts of my own. Claimed a lot, angry a lot, yelled a lot, but nothing returned those accounts back.
What I did, is to hid the robot, and only unhid it for execution for those 10 , 20 , 30 seconds that the job will require.
So, this is a real example about how good side software can get in trouble.
Anyway. I find out, that I named a MOD roboteyes.bas, just a MODule, and that name "robot" get in the EXE, is to say, MODULES name are written in the EXE!!!, I don't mean a class module name, or an object name like a form, but just the plain .BAS module.
That word, "robot", triggered the anticheat. This was like two years ago.
And you know, it wasn't in execution at all, but as Windows has the prefetch list, they can see what you just executed during the last 24 or 48hrs, and go to inspect those EXE. And that is how they find it.
I spend, like 300 US$ in accounts ruined. a total dissaster. I feel sick!.
In our country, almost all VB software using Winsock and RPC will be considered viruses by security software, so I can't use VB to develop an IM software. Also if you use Hooks or Subclasses, your app is likely to be marked as a virus.
That's crazy! Even with a digital signature that proves your software is legit? Or are there problems with even legit software in China doing bad things?
If Winsock and RPC is out, then I also cannot have my software used in China since it uses both. I mean, you have to communicate with Winsock in order to do anything network-related.
Originally Posted by flyguille
Also have a website the same domain since the year 2004. And ofcourse the digital signature. Is impossible to publish these days without a digital signature.
I spend, like 300 US$ in accounts ruined. a total dissaster. I feel sick!.
That sucks! I guess even checking the EXE with VirusTotal wouldn't have helped prevent that loss, right?
That's crazy! Even with a digital signature that proves your software is legit? Or are there problems with even legit software in China doing bad things?
If Winsock and RPC is out, then I also cannot have my software used in China since it uses both. I mean, you have to communicate with Winsock in order to do anything network-related.
If the software you write with VB6 is network-related and you want to sell and promote your software in the Chinese market, then you must submit your software to Chinese security software companies (eg 360, tencent, kingsoft) for testing. After passing their tests, you need to pay some money to them, they will issue a security certification badge to your software, which means that their security software will no longer mark your software as a virus.
However, if a user's computer is installed with another security software, you must also submit a software security certification application to that company. This depends on which company's security software is installed by your users.
We'll also submit security certification applications to these security software companies in the future. But in the software development and internal testing phase, we don't want to do this.
Previously, network-related software developed with VB6 was the focus of security companies, and perhaps it was a kind of discrimination. Of course, now few people in China use VB6 to develop network-related software.
That's crazy! Even with a digital signature that proves your software is legit? Or are there problems with even legit software in China doing bad things?
If Winsock and RPC is out, then I also cannot have my software used in China since it uses both. I mean, you have to communicate with Winsock in order to do anything network-related.
That sucks! I guess even checking the EXE with VirusTotal wouldn't have helped prevent that loss, right?
Nono, Virustotal resulted clean!. Anticheats are completely different from anti-viruses.
I develop a few applications written in VB6, and within the last 2 or 3 months many of them are now being flagged as containing viruses (eg. VBKrypt)
I always scan my exe's on virustotal.com prior to release.
It's been extremely difficult to pinpoint. Sometimes the exe's get flagged multiple times, other times just the once.
The odd thing is that sometimes simply changing the order of the declared forms/modules/classes in the vbp file and recompile cures it, but it only ever seems a temporary cure. If I perform a rescan on the exes in a few days time, then often they get re-flagged as containing virus(es)
I used to compile to P-Code. Compiling to native code seems to improve matters on the virus-count, but invariably like I said, the get flagged up a little further down the line.
It is extremely difficult to pinpoint.
For example, one app was being flagged as containing VBKrypt, and after removing forms, modules, commenting out etc, I pinpointed it to a single Err.Clear statement!!!!
Anyone else having similar issues with VB6 compiled exes?
Any help whatsoever would be greatly appreciated....
Thanks
Hi Hawker,
Have you managed to solve your issues?
I've had a similar problem to you and others mentioned in this post.
I created a program some years ago, initially mainly for my own use, but may have made it available to others.
I've recently tried to use this on a new W7 OS install (with my intention to use it on W10 OS later).
VB6-compiled apps being flagged as virus
Reply With Quote
Originally Posted by hawker
