Closed SysopSolaris closed 2 years ago
Sure, it's a false positive.. I think the problem is that loader has to use Metasploit Shellcode for 32->64bit transition and some malware might use the same shellcode too, so Antiviruses then flag it as malware, even though it is not malware. At least I suspect that this is the reason for the detection. Interestingly, only Win7 loader is detected? If you are planning to use it on Win10, you can delete 6.2 loader, if you want, only 10.0 loader gets used on Win10.
I use Symantec Endpoint Protection and "ldntvdm.dll" is OK.
By the way, Symantec Endpoint Protection show C:\work\ntvdmpatch\util\settsaware.exe --> Heur.AdvML.C
I know this is false positive.
I think we are all used to these stupid false positives now.
Windows defender and Vivaldi Browser find Woreflint.A!cl
containerfile: C:\Users\Sysop\Downloads\ntvdmx64.7z
file: C:\Users\Sysop\Downloads\ntvdmx64.7z->ldntvdm/syswow64/6.2/ldntvdm.dll webfile:
C:\Users\Sysop\Downloads\ntvdmx64.7z|http://www.columbia.edu/~em36/ntvdmx64.7z|pid:10324,ProcessStart:132272806148697102
False positive ?