Closed ThinhVu closed 8 years ago
Some people misuse ConfuserEx to obfuscate their malware. Because of slightly similar signatures after obfuscation your output becomes detected as malware too.
Since many malware authors use ConfuserEx to protect their apps, the antiviruses detect some protections as virus.
For me, the only protection that is detected as virus is the anti-tamper (method encryption), disable it for executable modules (for dlls it´s no problem) and you should be fine.
Thank for your answer :)
2015-07-20 23:07 GMT+07:00 MurariAlex notifications@github.com:
Since many malware authors use ConfuserEx to protect their apps, the antiviruses detect some protections as virus.
The only protection that is detected as virus is the anti-tamper (method encryption), disable it for executable modules (for dlls it´s no problem) and you should be fine.
— Reply to this email directly or view it on GitHub https://github.com/yck1509/ConfuserEx/issues/290#issuecomment-122929193.
Another thing that might work is using a simple method to scramble the executable; for example, store an encrypted version in a resource and decrypt it at runtime. You can even write a plugin for ConfuserEx!
When i scan obfuscated file with virustotal, they detect that obfuscated file contain virus. Anyone can explain that.