Results 1 to 13 of 13

Thread: Why is my application infected according to VirusTotal site?

  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    Nov 2015
    Posts
    760

    Why is my application infected according to VirusTotal site?

    Hello vbForums community

    i submitted my application to VirusTotal scan.
    This is the result.
    I should not that I'm not using any third party component.
    Name:  18-06-2022 16-41-40.jpg
Views: 137
Size:  15.0 KB

  2. #2
    Frenzied Member
    Join Date
    Dec 2014
    Posts
    1,936

    Re: Why is my application infected according to VirusTotal site?

    nothing we can do about that.
    its the fault of the antivirus search database/algorithm.
    all my programs gets false-positive.

  3. #3
    Fanatic Member
    Join Date
    Jun 2015
    Posts
    724

    Re: Why is my application infected according to VirusTotal site?

    Itís hard to get a clean bill of health with almost 70av vendors as long as itís not the major ones I ignore it. Itís bad signatures hello world can come back with detections especially with vb6.

  4. #4
    Frenzied Member
    Join Date
    Feb 2014
    Location
    Norfolk UK (inbred)
    Posts
    1,530

    Re: Why is my application infected according to VirusTotal site?

    VirusTotal submits to various a/v scanners so that you don't have to. You then have to use your noggin when the results arrive. If the majority do not raise a positive then you can assume:

    A. The one engine that raises the positive is correct as it is a better check than all the others
    B. The one engine that raises the positive is falsely doing so based upon a faulty algorithm or information.

    When you use VirusTotal there is a brain analysis component and you have to use yours to make that final assessment. IF you test your program against your own a/v tool on your PC it may tell you it is safe or it may not. If you wrote it then YOU are the best person to tell.

    In case of B. you may choose to raise it as a False Positive, you are in effect training that a/v tool to be more correct. Sometimes it is required.
    By the power invested in me, all the threads I start are Niya and Olaf free zones - no arguing about the benefits of VB6 over .NET here please. Happiness must reign.

  5. #5
    PowerPoster
    Join Date
    Feb 2006
    Posts
    23,556

    Re: Why is my application infected according to VirusTotal site?

    Something about your program is causing its score to pass the threashold.

    Because VB6 is now so often used to deliver malware packages written in other languages, just being recognized as compiled by VB6 means it gets assigned a fairly high "possible malware" score before anything else is even looked at.

    Does the program have a proper embedded manifest? Not having one increases your score.

    Does the program do anything weird, like "drop" other compiled code from resources? It doesn't matter whether they are 3rd party libraries or Microsoft libraries: just dropping code adds a lot to your score.

    Does the program use the FSO or other things from the Microsoft Scripting Runtime? That bumps your score. WMI? That bumps your score.

    The point is that lots of things get examined and scored if found or not found.

    Of course another factor is "reputation" and that is something most small volume programs can never do anything about. It gets worse if you produce several different versions of your program over time because reputation is assigned via a hash of the compiled program. Keep changing it and there is no way the reputation can mount to a helpful level.

  6. #6
    PowerPoster
    Join Date
    Feb 2006
    Posts
    23,556

    Re: Why is my application infected according to VirusTotal site?

    AV tests find that reputation really does count

    Trend Micro's reputation system works because it blocks specific URLs. But reputation systems can use a variety of factors to determine whether to block a program. Nachenberg's Symantec Reputation Based Security system, used by the just-released Norton Internet Security 2010, uses complex algorithms to figure out a program's reputation. (This version wasn't available when NSS conducted its tests.)

    In essence, it's a lot like the film-rating system of NetFlix, making a prediction based on a number of factors. How long has the program been around? Where did it come from? How many people use it? "All these pieces of information can be correlated together and used to drive a reputation rating for every piece of software," Nachenberg said.

  7. #7

    Thread Starter
    Fanatic Member
    Join Date
    Nov 2015
    Posts
    760

    Re: Why is my application infected according to VirusTotal site?

    thank you all
    now I felt some quietude

  8. #8

    Thread Starter
    Fanatic Member
    Join Date
    Nov 2015
    Posts
    760

    Re: Why is my application infected according to VirusTotal site?

    Does the program have a proper embedded manifest? Not having one increases your score.

    Does the program do anything weird, like "drop" other compiled code from resources? It doesn't matter whether they are 3rd party libraries or Microsoft libraries: just dropping code adds a lot to your score.

    Does the program use the FSO or other things from the Microsoft Scripting Runtime? That bumps your score. WMI? That bumps your score.
    the answer is yes

  9. #9
    PowerPoster
    Join Date
    Feb 2012
    Location
    West Virginia
    Posts
    14,095

    Re: Why is my application infected according to VirusTotal site?

    Quote Originally Posted by newbie2 View Post
    the answer is yes
    So does that mean that it is yes to all three / four questions?

  10. #10
    Addicted Member
    Join Date
    Oct 2011
    Posts
    179

    Re: Why is my application infected according to VirusTotal site?

    Quote Originally Posted by DataMiser View Post
    So does that mean that it is yes to all three / four questions?
    I think it must be for the second: Does the program do anything weird? (Yes!)

  11. #11
    Frenzied Member
    Join Date
    Dec 2014
    Posts
    1,936

    Re: Why is my application infected according to VirusTotal site?

    with 2-4 result I assume its the "normal" false-positive.
    if u embed any executable or using API that can be used for hacking we would see 15+ warnings.
    remember its 65-70 different AV that are used.

  12. #12

    Thread Starter
    Fanatic Member
    Join Date
    Nov 2015
    Posts
    760

    Re: Why is my application infected according to VirusTotal site?

    Quote Originally Posted by DataMiser View Post
    So does that mean that it is yes to all three / four questions?
    sorry I didin't pay attention
    yes for embedded manifest and Microsoft Scripting Runtime

  13. #13
    Addicted Member
    Join Date
    Oct 2011
    Posts
    179

    Re: Why is my application infected according to VirusTotal site?

    Quote Originally Posted by baka View Post
    with 2-4 result I assume its the "normal" false-positive.
    if u embed any executable or using API that can be used for hacking we would see 15+ warnings.
    remember its 65-70 different AV that are used.
    Agree, 0-4 is normal.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width