GoogleCodeExporter
commented
9 years ago [deleted comment]Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago [deleted comment]PHP Desktop MSIE 1.13 scan results were OK:
https://www.virustotal.com/en/file/dbd569836d38f61d85476c40677c9be6c662dcecf478a
c55f9e4e58a24dce419/analysis/1414658395/
There were only cosmetic changes between 1.13 and 1.14 versions. It doesn't
make sense for AegisLab to report Troj.W32.Gen.
Scanned phpdesktop-msie 1.14 DEBUG version of the executable and scan results
are OK:
https://www.virustotal.com/en/file/9b7783243dc33d2af142ef271f3538d3de7b5c9f852cb
001c1ac189a5c3d4ab7/analysis/1414658783/
So looks like this is some random behavior on AegisLab side.Original comment by czarek.t...@gmail.com on 30 Oct 2014 at 8:51
GoogleCodeExporter
commented
9 years ago Did some google for "Troj.W32.Gen":
Whenever you see antivirus software identify something with "Gen" (which is short for "Generic"),
it means it hasn't actually identified a virus, just that it's heuristics (which is the magic
that tries to guess if something might contain some new currently unknown malware) flagged it
as a possible suspect.
Reference:
http://steamcommunity.com/app/223510/discussions/0/540732596816138479/
So the solution seems to be to try recompile phpdesktop executable with some
different build options, until its binary code path changes enough for the
Troj.W32.Gen heuristics not to flag it anymore.Original comment by czarek.t...@gmail.com on 30 Oct 2014 at 9:03
GoogleCodeExporter
commented
9 years ago After exposing additional environment variables in mongoose.c (Issue 136),
binary code path changed enough so that Troj.W32.Gen is no more detected, see:
https://www.virustotal.com/en/file/018e3950bd20f6cf74f68c4ec7746a569715f86e0b55f
122ed0d426a5993165d/analysis/1414661811/Original comment by czarek.t...@gmail.com on 30 Oct 2014 at 9:48
Original issue reported on code.google.com by
czarek.t...@gmail.comon 30 Oct 2014 at 5:30