Sign in to follow this  
Followers 0
Der_Andi

Compiled EXE's are recognized as VIRUS

2 posts in this topic

Hi,

sometimes i write small scripts for a friend of mine.

Some of these scripts EXE's are detected as a VIRUS. Some, not all!

The virus' name is: TR/Dldr.Agen.185398

These scripts are detected as a virus:

- Program-Starter:

a gui with a listview, where he can add his favourite programs.

you can start a single program by doubleclicking a listviewitem,

or you can start all listed programs with a button placed below this listview.

- AVI-Info:

when you mark an avi-file in explorer, windows starts collecting some information about this file,

e.g. length, resolution, bitrate, etc..., and displays this information in the explorers statusbar.

The whole thing takes about 2 or 3 seconds. Within this time, you cannot move the file to another

folder or delete it.

To disable this function in windows, a value in the registry must be changed. Path:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}\InProcServer32

from:

(Default), REG_EXPAND_SZ, "%SystemRoot%\system32\shmedia.dll"

to:

(Default), REG_EXPAND_SZ, ""

This value will be restored, if you run the script again.

These scripts are NOT detected as a virus:

- Eject_E / Eject_F

only one line per script: CDTray("e:", "open")

these scripts opens the cd-tray of the specified drive-letter. scripts are executed via special key of the logitech keyboard.

- eHDD-Manager (external Hard Disc Drive Manager)

(the name is not my creation ;) )

A tool, that runs in background. When the eHDD is connected via USB to the computer, some special files and folders are exchanged between computer and eHDD.

Any ideas, why some scripts "are" viruses, and some not? Maybe, because some scripts dig deeper in the system ("hacking" registry, starting other programs...) ?

The anti virus software is called "AntiVir", one of the best, you can get for free.

Let me say, that i also use this anti virus software and i tested these "viruses" on my computer, too.

But on my computer, everything is fine with these EXEs. Not any script or its EXE has ever been detected as a virus.

One way to get rid of this problem is to exclude these EXE's in every scan process.

The drawback is: if you have a REAL virus on your computer, it can contaminate these EXE's, you excluded from the scanning process. So AntiVir cannot eliminate the virus completely.

Any ideas?

Andi

Share this post


Link to post
Share on other sites



Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0