deanrather / steam-limiter

Automatically exported from code.google.com/p/steam-limiter
BSD 2-Clause "Simplified" License
1 stars 0 forks source link

Software identifies as Win32:Evo-gen #39

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Install Avast antivirus
2. Ensure Antivirus is up-to-date
3. Attempt to download any version of Steam-Limiter

What is the expected output? What do you see instead?
Code needs to be modified so it no longer identifies as malware. Alternatively, 
computer creating compiled software needs a complete clean to remove said 
malware.

What version of the product are you using? On what operating system?
Version 0.3.2.0 onward detect with this malware, 0.3.1.0 and 0.3.0.0 are clean.

Please provide any additional information below.

Original issue reported on code.google.com by phillip....@gmail.com on 30 Nov 2014 at 2:43

GoogleCodeExporter commented 9 years ago
Obviously, none of the files actually contain any malware - the steam-limiter 
download is quite simply far too small to have malware and still do the job it 
does. That's one of the reasons I worked so hard to make my executables so tiny 
- and the machine on which all the builds were hosted was kept clean and never 
had any infections.

You can also look at the reports of online scanners which verify that all the 
files I've made are clean - this one says that Avast! in particular as at 28 
November 2014 doesn't have a problem with steam-limiter: 
https://www.virustotal.com/en/file/419f9b8c9e78a9ef4441e4999bf7e3394e3f807ec953a
afa5fec925017ca2cdb/analysis/1417191215/

Note that VirusTotal report linked above does show the 28 Nov 2014 F-Prot! 
based scanners showing false positives due to their generic schemes - 
http://www.f-prot.com/support/windows/fpwin_faq/132.html - which are 
essentially just crude checks which will alert on almost any program that hooks 
into another one. Since that's what steam-limiter *has* to do to work at all, I 
can't actually do anything about those particular false positives.

The so-called Evo-Gen system used by Avast is similarly a generic detection 
that isn't looking for any actual malware, nor indeed looking for any of the 
things that actual modern polymorphic malware does, so it's similarly known for 
generating lots and lots of false positives that no-one can tune away e.g. 
https://forum.avast.com/index.php?topic=151077.0

Original comment by nigel.bree@gmail.com on 30 Nov 2014 at 10:00