Jump to content

Did malwarebytes find viruses in this file?


Recommended Posts

The virustotal.com website tool results in infection in an exe (my)
file compiled using C # code to signal false/true if a notepad
window is minimized, maximized or the file is not open.


In addition to malwarebytes, another detector also pointed to the
presence of viruses, was SecureAge APEX.

I didn't take 2 minutes to report the same to them, I didn't have
to create an account, I didn't have to activate an account, I didn't
have to open a forum content, where I understand to be spontaneous
and unintentional the result of this scanner.

forcing to create an account, to solve it later, is unproductive,
is a waste of time in the race against the real viruses...

keep looking the error path to find error results...


keep looking the error path to find error results...

 

 

Status.zip

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Here is a detection log to assist staff in correcting your issue.

https://www.virustotal.com/gui/file/8bc9ba944dda8ea22375cf757c7334a74b7ff8cb4900fa2214b0b8e2640473d1/detection

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/13/21
Scan Time: 5:46 PM
Log File: 1c5a2dfa-b43d-11eb-8729-001a7dda7102.json

-Software Information-
Version: 4.3.3.116
Components Version: 1.0.1292
Update Package Version: 1.0.40360
License: Premium

-System Information-
OS: Windows 10 (Build 19042.985)
CPU: x64
File System: NTFS
User: I7-PC\SAPC

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 7 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.AI.4128918249, C:\MALWARE TEST\STATUS\STATUS.EXE, No Action By User, 1000000, 0, 1.0.40360, DC177DEEE8BCCCF0F61A4AE9, dds, 01241484, 4F04BC440F2485DAD6EB1A0AAFA51C75, 8BC9BA944DDA8EA22375CF757C7334A74B7FF8CB4900FA2214B0B8E2640473D1

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Edited by Porthos
  • Thanks 1
Link to post
Share on other sites
Posted (edited)
1 hour ago, Porthos said:

Here is a detection log to assist staff in correcting your issue.

https://www.virustotal.com/gui/file/8bc9ba944dda8ea22375cf757c7334a74b7ff8cb4900fa2214b0b8e2640473d1/detection

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/13/21
Scan Time: 5:46 PM
Log File: 1c5a2dfa-b43d-11eb-8729-001a7dda7102.json

-Software Information-
Version: 4.3.3.116
Components Version: 1.0.1292
Update Package Version: 1.0.40360
License: Premium

-System Information-
OS: Windows 10 (Build 19042.985)
CPU: x64
File System: NTFS
User: I7-PC\SAPC

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 7 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.AI.4128918249, C:\MALWARE TEST\STATUS\STATUS.EXE, No Action By User, 1000000, 0, 1.0.40360, DC177DEEE8BCCCF0F61A4AE9, dds, 01241484, 4F04BC440F2485DAD6EB1A0AAFA51C75, 8BC9BA944DDA8EA22375CF757C7334A74B7FF8CB4900FA2214B0B8E2640473D1

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

That's what I think about this event...

2/69 Two occurrences in 69 software, which I understand to be a 
real case of false positive, where it is not necessary to 
affiliate/register an account, open an email, activate an 
account, create a topic, and then resolve the demand.

Perfect, but when it comes to malwarebytes, all this work 
forces the search for the solution via a waste of time, as 
I need the result to be faithful to the content (without viruses),
it is only possible to resolve to meet all the demands dictated 
by malwarebytes.

Hence, I can suppose, that programmatically, this result and 
many more, may not in fact be false positive, even though the 
string rain points to this hypothesis, but it is intentional to 
force more and more victims of the false positive, to affiliate.

What is the reason for not having an isolated tool from the forum, 
without additional demands of efforts by the user to send and remedy 
a false positive?...

 

Thank you very much Sr. for supporting the content posted, and forgive me 
for letting off the steam on your polst, I couldn't find where to edit 
my own post .. there is no interface that is "deductible" the action of
editing around here, or I just can't do it, no know...

 

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites
1 minute ago, nothappyuser said:

or I just can't do it, no know...

New users can not edit because of the abuse to the editing system.

This is the correct and only way to report FP's currently.

  • Thanks 1
Link to post
Share on other sites
10 minutes ago, Porthos said:

New users can not edit because of the abuse to the editing system.

This is the correct and only way to report FP's currently.

zOk, New users can not edit because of the abuse to the editing system. New users can not edit because of the abuse to the editing system.

you remind me of someone whose answers are odd (i'm not saying bad), i'm saying "unique" precisely...

 

Thank you /again Sr. 

Link to post
Share on other sites
  • Staff

Thanks for your offer, you have provided everything we need. This was detected by our machine learning engine and your file has been submitted for retraining.

Link to post
Share on other sites
using System;
using System.Linq;
using System.Resources;
using System.Threading;
using System.Reflection;
using System.Diagnostics;
using System.Collections;
using System.Runtime.InteropServices;

[assembly: ComVisible(false)]
[assembly: AssemblyCulture("")]
[assembly: AssemblyTitle("Status")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyVersion("1.0.0.1")]
[assembly: AssemblyFileVersion("1.0.0.1")]
[assembly: NeutralResourcesLanguage("en")]
[assembly: AssemblyCompany("Ben Knobe Inc")]
[assembly: AssemblyProduct("Check Windows Min|Max")]
[assembly: AssemblyDescription("Check Windows Max/Min")]
[assembly: Guid("064490ee-ad15-4a44-8521-6bcf513f953f")]
[assembly: AssemblyCopyright("Ben Knobe Copyright © 2021")]
[assembly: AssemblyTrademark("Ben Knobe Copyright © 2021")]

namespace Status
{

    class Program
    {
        [DllImport("user32.dll")][return: MarshalAs(UnmanagedType.Bool)]
        static extern bool IsIconic(IntPtr hWnd);

        static void Main(string[] args)
        {
            if (!args.Any())
            {
                Console.WriteLine("\nUse: " + System.AppDomain.CurrentDomain.FriendlyName + " \"File_Name.eXtension\"");
                return;
            }
            else
            {
                 String Title = args[0].ToLower() + " - Notepad";
                 Process process = Process.GetProcesses().Where(p => p.MainWindowTitle
                                                            == Title).SingleOrDefault();
                if (process != null) 
                {
           
                    var wHnd = process.MainWindowHandle;

                    if (!IsIconic(wHnd)) 
                    {
                        Console.WriteLine("False"); // Maximized or Nommal Window: File - Notepad.exe // 
                        return;
                    }
                    else if (IsIconic(wHnd));
                    {
                        Console.WriteLine("True"); // Minimized Window: File - Notepad.exe // 
                        return; 
                    }

                }

                Console.WriteLine("File not open!"); // Not Founded Windows // 

            }
            
        }

    }

}
// https://www.iconfinder.com/icons/2525058/ben_kenobi_jedi_obi_-_wan_kenobi_star_wars_icon
// %__APPDir__%..\Microsoft.NET\Framework64\v4.0.30319\csc.exe /t:exe /out:".\Status.exe" ".\Status.cs" /win32icon:"Ben Knobe.ico" /platform:anycpu /unsafe+ /w:0 /o /nologo

 

Here is the source code of the virus, you can compile using the same line that I used (last line) The promised 10-minute solution has not yet arrived, it is already over 10 hours. I really opened an account to have all this work for a false positive with the MalWareBytes* machine learning engine is unnecessary efforts for little use or none. It is difficult to be technological and advanced using machine learning engine to learn how to produce waste of time for your clients...

Thank you for yours disservices

* Obs.: Your name starting with "Mal" in my natural language it means "bad/evil"

 

Link to post
Share on other sites
1 hour ago, nothappyuser said:

The promised 10-minute solution has not yet arrived,

The attached file is not detected by the consumer or commercial versions of Malwarebytes.

The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. In VirusTotal Malwarebytes uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.

This will eventually fix itself in Virustotal as well, as Malwarebytes has no control over this. Virus Total is having trouble reaching Malwarebytes cloud.

Edited by Porthos
  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.