I like to do allot of coding and I like to hide (Protect) my files sources using Software Passport but when a user downloads one of my programs they say there avast Detects it as a win32 Trojan AS-Pack Armadillo
I’m not understanding the concept on how it judges it as a virus when it cant even read the source. Software Passport has been around for a long time and I paid good money for it to just say that with antivirus’s. Your AntiVirus and a couple of other ones say the same thing when it gets scanned. Any Idea why? If there is some strings I need to CHange for Passort Please let me know.
I think the best way is to send the detected file in a password-protected zip-file to virus (at) avast (dot) com
Don’t forget to write the password for the zip-file into your e-mail.
Describe your problem and state that the submitted file is detected as virus although it should be clean. They will (if it is indeed a false detection) remove it from the virus-database.
Or do you use Avast! too? then there would be the possibility to send the file out of the chest (no zip-encrypton needed)…
Why? Well, the answer is rather simple… for one “real” program, packed with Armadillo (or other protectors), there are thousands of malicious files out there, packed in the same way.
So, it sometimes happens that the detection of the malicious program is chosen in such a way that it detects a common part of Armadillo stub - so it starts to detect all executables packed with [the particular version of] Armadillo as well.
So yes, it’s a mistake (and not that rare, unfortunatelly), occurring because of the huge amount of packed/protected malicious samples.
Btw, avast! can unpack the Armadillo-protected files in most cases and look inside - but that has nothing to do with the described problem.
That sux how a very expensive program gets Picked up like that. I talked to the Software Passport Company about it and they said The best way to get rid of this false positive is to pay for a new Encryption Key and that’s another $125.00 that I don’t have. Is virus’s getting so bad now that People cant even write programs without Protecting the files any more. Everything might as well be open source now. I have to reason to make programs any more because of this issue. All crypters ( File Protectors) I have tried comes to the same conclusion. Virus Virus Virus. I Give up ??? ??? ???
I don’t know what exactly the encryption key does - but if the packer stub (loader) itself is detected, I don’t know any new key would help.
I’d say - if your program gets detected, submit it to the antivirus company as a false positive; can’t speak for other companies, but I’d say avast! would be willing to fix it. Also, you can ask to include your program into the “clean set” (the files we use to check for false positives internally), so the problem should not appear again - at least for that particular version of the program.
Thats alot of work to have to do with every new program Im just gonna wait until I can get a New Stub for it. I think thats what they ment by encryption key. Thnx for the support though. Your av is the best one out there And I dont want to Make u guys put holes in it just for my little vb programs. I have been using your Anti Virus Ever since U started. I even Use it on one of my servers and it made it super secure. Some users tried to rfi my server with a c99.php shell exploit and your av caught it right when i t tried to inject its self. This day in age for the internet needs High Protection.