adambiser
Members-
Posts
17 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Thanks again and not a problem. Looks clear now. I appreciate you looking into it again.
-
@AdvancedSetup: I know you weren't. Even the unpacked EXE has a lot of false positives. ESET NOD32 cleared it and then re-flagged it a few days later, so I just gave up. It's old software that needs to be updated/rewritten anyway. Just need to have/find time to do so.
-
I understand. Thanks again.
-
The site is my own. VirusTotal only knows about that link because I tested with it. It is not publicly accessible, but I went ahead and removed the files from the site completely. I got tired of contacting AV companies and them either not responding or telling me "well, we don't see that it's doing anything bad, but since a lot of others are saying it does, we're not going to change it". I traced it down to the DLL call that sets them off, but I can't do anything about it, so I just removed it.
-
Thanks for bumping. It has been showing a clean slate for a week or more at VirusTotal and Noron. https://www.virustotal.com/gui/url/493ea005230a240382db924c87018af03ea87f0b0650bfa6e94b9839955cf6b1/detection https://safeweb.norton.com/report/show?url=winwolf3d.dugtrio17.com
-
That 1 was still active when it was cleared on Sept 9. Yandex finally cleared it today. Just clicked reanalyze and it's at 0 now.
-
Hi, the Firefox extension is blocking the site again. Same message. I haven't changed or added anything to it.
-
I'd say holding off for now is the best course. Thanks again.
-
Thank you again for your time and patience. It looks good through the browser add-on. I'm going to hold off on re-posting IMFCreator until I get the all-clear from several AV vendors and things start to clear up. If I add it back while some are still flagging it, will that cause the site to be blocked again?
-
If it helps for me to re-add the IMFCreator download, I will, but I took it down so it doesn't affect the reputation of dugtrio17 any more than it already has. As I mentioned, I was using a subdomain of his and since this is getting flagged, his site is flagged as well and I feel obligated to get it straightened up. The php file is there and it's just a simple file to keep keep track of download counts for the database. I do understand what you're saying and thank you for your time and patience in this.
-
I've checked out everything. I'm just an indie developer trying to help out the Wolf3D modding community by providing these tools. I don't have the resources to track down every AV software package flagging the file, so I'm just going to start removing things. These were personal projects that have been around since before github existed and written almost completely from scratch by myself, but the amount of time it will take to fight these false positive reports is becoming overwhelming. downloads.php is a file I wrote myself and is probably being flagged because it points to IMFCreator. For example, Fortinet's submission page was the dumbest I've experienced requiring me to explain how the program does certain things that could be malicious after I've already said it does not. They did this for six questions and the end result is that they still think it's malicious. I'm actually using a subdomain from someone else's site and that the fact that this stuff is causing problems is putting me in such a bad situation. It's just better for me to just remove the downloads so the reputation of his site will hopefully return to normal. The funny thing is that now that I've tried to figure out how to compile the program in a way that AV programs don't think it's a virus has had the unintended result that they now see it as a polymorphing virus. I'm giving up.
-
Now ESET is flagging the new download of that file. It's just a simple program to convert MIDI music files to IMF/Adlib music files to use with Wolfenstein 3D modding, but I can't keep going after all these AV sites, so I've removed it completely from the website.
-
Yeah, that's the one that gets the false positives. Approximately how long does it take for the checks that VirusTotal uses to re-evaluate? I'm assuming that since Dr. Web has cleared it and once Yandex and Norton get around to re-evaluating the site/file that these others will eventually follow suit. Each site is dumber than the next for reporting false positives. This experience is actually making me trust them less. (Looking at Fortinet requiring a description for how the software does boot execution and browser integration after I've just said that it does neither of the two.)
-
Dr Web has removed the site from their blacklist. Waiting on Yandex Safebrowsing now. https://www.virustotal.com/gui/url/493ea005230a240382db924c87018af03ea87f0b0650bfa6e94b9839955cf6b1/detection Norton at least gives some details. "IMFCreator-1.0.17.3.exe" is a false positive and not available on the site anymore. I've recompiled both the executable and the installer and posted a newer version.
-
Thanks. I appreciate it. In the meantime, I've sent a false positive report to "Dr Web" and signed up for Yandex's garbage "webmaster" site and requested they re-review it as well. Those are the two that I see as reporting false positives for the site on virustotal.com.