nothappyuser Posted May 13, 2021 ID:1456772 Share Posted May 13, 2021 (edited) The virustotal.com website tool results in infection in an exe (my) file compiled using C # code to signal false/true if a notepad window is minimized, maximized or the file is not open. In addition to malwarebytes, another detector also pointed to the presence of viruses, was SecureAge APEX. I didn't take 2 minutes to report the same to them, I didn't have to create an account, I didn't have to activate an account, I didn't have to open a forum content, where I understand to be spontaneous and unintentional the result of this scanner. forcing to create an account, to solve it later, is unproductive, is a waste of time in the race against the real viruses... keep looking the error path to find error results... keep looking the error path to find error results... Status.zip Edited May 14, 2021 by AdvancedSetup corrected font issue Link to post Share on other sites More sharing options...
Porthos Posted May 13, 2021 ID:1456774 Share Posted May 13, 2021 (edited) Here is a detection log to assist staff in correcting your issue. https://www.virustotal.com/gui/file/8bc9ba944dda8ea22375cf757c7334a74b7ff8cb4900fa2214b0b8e2640473d1/detection Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/13/21 Scan Time: 5:46 PM Log File: 1c5a2dfa-b43d-11eb-8729-001a7dda7102.json -Software Information- Version: 4.3.3.116 Components Version: 1.0.1292 Update Package Version: 1.0.40360 License: Premium -System Information- OS: Windows 10 (Build 19042.985) CPU: x64 File System: NTFS User: I7-PC\SAPC -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 0 min, 7 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4128918249, C:\MALWARE TEST\STATUS\STATUS.EXE, No Action By User, 1000000, 0, 1.0.40360, DC177DEEE8BCCCF0F61A4AE9, dds, 01241484, 4F04BC440F2485DAD6EB1A0AAFA51C75, 8BC9BA944DDA8EA22375CF757C7334A74B7FF8CB4900FA2214B0B8E2640473D1 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Edited May 13, 2021 by Porthos 1 Link to post Share on other sites More sharing options...
Staff cli Posted May 13, 2021 Staff ID:1456782 Share Posted May 13, 2021 Thanks for reporting, this will be fixed in 10 minutes. 1 Link to post Share on other sites More sharing options...
nothappyuser Posted May 13, 2021 Author ID:1456786 Share Posted May 13, 2021 (edited) 1 hour ago, Porthos said: Here is a detection log to assist staff in correcting your issue. https://www.virustotal.com/gui/file/8bc9ba944dda8ea22375cf757c7334a74b7ff8cb4900fa2214b0b8e2640473d1/detection Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/13/21 Scan Time: 5:46 PM Log File: 1c5a2dfa-b43d-11eb-8729-001a7dda7102.json -Software Information- Version: 4.3.3.116 Components Version: 1.0.1292 Update Package Version: 1.0.40360 License: Premium -System Information- OS: Windows 10 (Build 19042.985) CPU: x64 File System: NTFS User: I7-PC\SAPC -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 0 min, 7 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4128918249, C:\MALWARE TEST\STATUS\STATUS.EXE, No Action By User, 1000000, 0, 1.0.40360, DC177DEEE8BCCCF0F61A4AE9, dds, 01241484, 4F04BC440F2485DAD6EB1A0AAFA51C75, 8BC9BA944DDA8EA22375CF757C7334A74B7FF8CB4900FA2214B0B8E2640473D1 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) That's what I think about this event... 2/69 Two occurrences in 69 software, which I understand to be a real case of false positive, where it is not necessary to affiliate/register an account, open an email, activate an account, create a topic, and then resolve the demand. Perfect, but when it comes to malwarebytes, all this work forces the search for the solution via a waste of time, as I need the result to be faithful to the content (without viruses), it is only possible to resolve to meet all the demands dictated by malwarebytes. Hence, I can suppose, that programmatically, this result and many more, may not in fact be false positive, even though the string rain points to this hypothesis, but it is intentional to force more and more victims of the false positive, to affiliate. What is the reason for not having an isolated tool from the forum, without additional demands of efforts by the user to send and remedy a false positive?... Thank you very much Sr. for supporting the content posted, and forgive me for letting off the steam on your polst, I couldn't find where to edit my own post .. there is no interface that is "deductible" the action of editing around here, or I just can't do it, no know... Edited May 14, 2021 by AdvancedSetup corrected font issue Link to post Share on other sites More sharing options...
Porthos Posted May 13, 2021 ID:1456788 Share Posted May 13, 2021 1 minute ago, nothappyuser said: or I just can't do it, no know... New users can not edit because of the abuse to the editing system. This is the correct and only way to report FP's currently. 1 Link to post Share on other sites More sharing options...
nothappyuser Posted May 13, 2021 Author ID:1456792 Share Posted May 13, 2021 10 minutes ago, Porthos said: New users can not edit because of the abuse to the editing system. This is the correct and only way to report FP's currently. zOk, New users can not edit because of the abuse to the editing system. New users can not edit because of the abuse to the editing system. you remind me of someone whose answers are odd (i'm not saying bad), i'm saying "unique" precisely... Thank you /again Sr. Link to post Share on other sites More sharing options...
nothappyuser Posted May 14, 2021 Author ID:1456794 Share Posted May 14, 2021 45 minutes ago, cli said: Thanks for reporting, this will be fixed in 10 minutes. Thank you, if you need the code, let me know... Link to post Share on other sites More sharing options...
Staff cli Posted May 14, 2021 Staff ID:1456798 Share Posted May 14, 2021 Thanks for your offer, you have provided everything we need. This was detected by our machine learning engine and your file has been submitted for retraining. Link to post Share on other sites More sharing options...
nothappyuser Posted May 14, 2021 Author ID:1456896 Share Posted May 14, 2021 using System; using System.Linq; using System.Resources; using System.Threading; using System.Reflection; using System.Diagnostics; using System.Collections; using System.Runtime.InteropServices; [assembly: ComVisible(false)] [assembly: AssemblyCulture("")] [assembly: AssemblyTitle("Status")] [assembly: AssemblyConfiguration("")] [assembly: AssemblyVersion("1.0.0.1")] [assembly: AssemblyFileVersion("1.0.0.1")] [assembly: NeutralResourcesLanguage("en")] [assembly: AssemblyCompany("Ben Knobe Inc")] [assembly: AssemblyProduct("Check Windows Min|Max")] [assembly: AssemblyDescription("Check Windows Max/Min")] [assembly: Guid("064490ee-ad15-4a44-8521-6bcf513f953f")] [assembly: AssemblyCopyright("Ben Knobe Copyright © 2021")] [assembly: AssemblyTrademark("Ben Knobe Copyright © 2021")] namespace Status { class Program { [DllImport("user32.dll")][return: MarshalAs(UnmanagedType.Bool)] static extern bool IsIconic(IntPtr hWnd); static void Main(string[] args) { if (!args.Any()) { Console.WriteLine("\nUse: " + System.AppDomain.CurrentDomain.FriendlyName + " \"File_Name.eXtension\""); return; } else { String Title = args[0].ToLower() + " - Notepad"; Process process = Process.GetProcesses().Where(p => p.MainWindowTitle == Title).SingleOrDefault(); if (process != null) { var wHnd = process.MainWindowHandle; if (!IsIconic(wHnd)) { Console.WriteLine("False"); // Maximized or Nommal Window: File - Notepad.exe // return; } else if (IsIconic(wHnd)); { Console.WriteLine("True"); // Minimized Window: File - Notepad.exe // return; } } Console.WriteLine("File not open!"); // Not Founded Windows // } } } } // https://www.iconfinder.com/icons/2525058/ben_kenobi_jedi_obi_-_wan_kenobi_star_wars_icon // %__APPDir__%..\Microsoft.NET\Framework64\v4.0.30319\csc.exe /t:exe /out:".\Status.exe" ".\Status.cs" /win32icon:"Ben Knobe.ico" /platform:anycpu /unsafe+ /w:0 /o /nologo Here is the source code of the virus, you can compile using the same line that I used (last line) The promised 10-minute solution has not yet arrived, it is already over 10 hours. I really opened an account to have all this work for a false positive with the MalWareBytes* machine learning engine is unnecessary efforts for little use or none. It is difficult to be technological and advanced using machine learning engine to learn how to produce waste of time for your clients... Thank you for yours disservices * Obs.: Your name starting with "Mal" in my natural language it means "bad/evil" Link to post Share on other sites More sharing options...
Porthos Posted May 14, 2021 ID:1456913 Share Posted May 14, 2021 (edited) 1 hour ago, nothappyuser said: The promised 10-minute solution has not yet arrived, The attached file is not detected by the consumer or commercial versions of Malwarebytes. The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. In VirusTotal Malwarebytes uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal. This will eventually fix itself in Virustotal as well, as Malwarebytes has no control over this. Virus Total is having trouble reaching Malwarebytes cloud. Edited May 14, 2021 by Porthos 1 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now