From: Horst Heinrich Dittgens on
Nothing in the world is error free. Why do you think that the one antivirus
software you run is an exception? That means, do other antivirus apps also
give a warning?

From: DanS on
Webbiz <nospam(a)noway.com> wrote in
news:9ps1s55gmhnfejvt1ah8cq4hkvu2g4809g(a)4ax.com:

> Anyone have any idea why some compiled vb6 apps would be
> flagged by virus checkers as having a virus? I've got two
> programs that get flagged and they don't have any virusus.
> I can delete them and re-compile and the virus checkers
> will still flag them. They don't do any low-level stuff.
> One works with a DB and the other only does math
> expressions and displays results.
>
> Any ideas?


Because the compiled code has byte patterns that the AV scanner
thinks is a virus 'fingerprint' ?

Recompiling with the same compiler switches will just result in
the same binary code, so just I wouldn't expect recompiling to
make a difference.

There was a thread here a year age discussing someone that had
the same problem, and it was traced back to a certain procedure.
All the coder had to do was change the order of some ops in that
function and AV tag went away.
From: Mayayana on
Oddly, I don't see the original post here, but
I can see your re-quote.

For the OP:

Karl Peterson's article about this might be helpful:

http://visualstudiomagazine.com/articles/2008/01/29/are-you-safer-now.aspx

Personally I think AV has been obsolete for
years and it will only get worse. AV used to
entail a 1 MB download once a month. Even then
there were thousands of byte marker "definitions".
These days it's more like a 30-40 MB download
once per day. It's amazing there haven't been
more problems.

| > Anyone have any idea why some compiled vb6 apps would be
| > flagged by virus checkers as having a virus? I've got two
| > programs that get flagged and they don't have any virusus.
| > I can delete them and re-compile and the virus checkers
| > will still flag them. They don't do any low-level stuff.
| > One works with a DB and the other only does math
| > expressions and displays results.
| >
| > Any ideas?
|
|
| Because the compiled code has byte patterns that the AV scanner
| thinks is a virus 'fingerprint' ?
|
| Recompiling with the same compiler switches will just result in
| the same binary code, so just I wouldn't expect recompiling to
| make a difference.
|
| There was a thread here a year age discussing someone that had
| the same problem, and it was traced back to a certain procedure.
| All the coder had to do was change the order of some ops in that
| function and AV tag went away.


From: Webbiz on
Thanks for the article.

:)
Webbiz


On Mon, 12 Apr 2010 09:11:33 -0400, "Mayayana"
<mayayana(a)invalid.nospam> wrote:

> Oddly, I don't see the original post here, but
>I can see your re-quote.
>
> For the OP:
>
>Karl Peterson's article about this might be helpful:
>
>http://visualstudiomagazine.com/articles/2008/01/29/are-you-safer-now.aspx
>
> Personally I think AV has been obsolete for
>years and it will only get worse. AV used to
>entail a 1 MB download once a month. Even then
>there were thousands of byte marker "definitions".
>These days it's more like a 30-40 MB download
>once per day. It's amazing there haven't been
>more problems.
>
>| > Anyone have any idea why some compiled vb6 apps would be
>| > flagged by virus checkers as having a virus? I've got two
>| > programs that get flagged and they don't have any virusus.
>| > I can delete them and re-compile and the virus checkers
>| > will still flag them. They don't do any low-level stuff.
>| > One works with a DB and the other only does math
>| > expressions and displays results.
>| >
>| > Any ideas?
>|
>|
>| Because the compiled code has byte patterns that the AV scanner
>| thinks is a virus 'fingerprint' ?
>|
>| Recompiling with the same compiler switches will just result in
>| the same binary code, so just I wouldn't expect recompiling to
>| make a difference.
>|
>| There was a thread here a year age discussing someone that had
>| the same problem, and it was traced back to a certain procedure.
>| All the coder had to do was change the order of some ops in that
>| function and AV tag went away.
>
From: Mayayana on


> Thanks for the article.

Speak of the devil....

TheRegister has an article up today about
the "shockingly poor quality" of AV software,
with false positives being a big part of the
problem:

http://www.theregister.co.uk/2010/04/13/winxp_anti_malware_tests/