Jump to content

False positive on ChipTuningPRO (https://sms-soft.ru)


Recommended Posts



File is a loader for starting executable of SMS-Soft ChipTuningPRO software

We are developing this product and use VMProtect to protect it.
File is digitally signed.

Please, add to white-list.

Link to post
Share on other sites

  • Staff

I don't see it here.

Also note, Our engine format and configuration in VirusTotal is different than our consumer and corporate products’ default configuration. In VirusTotal we use a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.

This file has been whitelisted for our commercial products already and it is not detected anymore. This will eventually fix itself in Virustotal as well, as we don't have control over this.

Link to post
Share on other sites

I will allow myself some reasoning. I created an empty project in C++ RAD Studio, with a clean form and one TButton displaying on click "Hello world". Then I protected one function (TForm1:: Button1Click(TObject *Sender)) using VMProtect (in ultra mode, mutation plus virtualization). Your antivirus already finds Malwarebytes Malware.AI.2327300706 in the code. Do you consider this the norm? I can attach all the sources.

Link to post
Share on other sites

At the same time, as a programmer, I perfectly understand the complexity of the task of detecting malwares in code protected by virtual machines. However, I think that the analysis of such code should be carried out more gently if the executable have an non compromised digital signature.




Link to post
Share on other sites

5 minutes ago, almi said:

Your antivirus already finds Malwarebytes Malware.AI.2327300706 in the code.

The file you attached is not detected by the installed version of Malwarebytes. It is still detected by Virus Total. That VT detection was explained already a few posts ago.

Virus Total is having issues reaching the cloud whitelisting server for your software. Whitelists are based in the cloud.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.