News:

--

Main Menu

Remove malware from Avidemux please

Started by MuxAllDude, October 23, 2016, 05:58:21 PM

Previous topic - Next topic

MuxAllDude

October 2016

Hope a soon day the developer will remove the malware inside his program Avidemux.

VirusTotal: 2 / 54


False positive doesnââ,¬â,,¢t exist on real fair program!

mean

You do know it is compiled on linux right ?

mean

there is no trojan/malware/virus
Of course, you've downloaded the official release and checked the md5, right ?




dosdan

False positives are common in AV/Malware programs, particularly depending on what methods they are using to identify suspicious-looking code. That's why VirusTotal shows the results from 54 detectors. A result of only 2 out of 54 is a strong indication that it's a false positive detection.

Dan.

dosdan

#4
Quote from: dosdan on October 23, 2016, 08:22:42 PM
False positives are common in AV/Malware programs, particularly depending on what methods they are using to identify suspicious-looking code.

Here is an example of a false positive. I complied a 64-bit version of FFMPEG.EXE, with and without the packing option enabled.  "Packing" is like compressing part of the .EXE as a ZIP, using UPX. It will automatically decompress when run. Some malware/virus programs also use UPX compression in an attempt to hide their malicious code from scanners.

FFMPEG_NOT_PACKED.EXE

File size         22.6 MB ( 23739904 bytes )   
File type         Win32 EXE   
Magic literal     PE32+ executable for MS Windows (console) Mono/.Net assembly   
TrID              Win64 Executable (generic) (76.4%)
                  Win32 Executable (generic) (12.4%)
                  Generic Win/DOS Executable (5.5%)
                  DOS Executable Generic (5.5%)




FFMPEG_PACKED.EXE

File size         10.0 MB ( 10487296 bytes )
File type         Win32 EXE
Magic literal     PE32+ executable for MS Windows (console)
TrID              UPX compressed Win64 Executable (59.4%)
                  UPX compressed Win32 Executable (19.9%)
                  Win64 Executable (generic) (18.0%)
                  Generic Win/DOS Executable (1.3%)
                  DOS Executable Generic (1.3%)



You can see that UPX processing has made the packed version substantially smaller.

The not_packed version of FFMPEG.EXE passed a VirusTotal scan, 0/56.

But the packed version come up as 1/56, with Bkav flagging it for:  HW64.packed.D929

Dan.

Elwood

Only 2 antivirus programs detect something nasty. Only 2 !!!
Now you know these 2 antivirus software should never be installed. ;-)

Blues

Major anti-virus software companies agree about one third of threats goes undetected. This is why we have zombie armies of Windows computers. Why worry about Avidemux? Get rid of Windows instead. As cars without brakes are illegal on highways MS Windows should be illegal on internet. It poses imminent danger to others.  ::)

dosdan

#7
Quote from: Blues on November 08, 2016, 05:19:04 AM
This is why we have zombie armies of Windows computers.

I think this is old-work thinking. At least recent versions of Windows get patched every two weeks.  It's the IOT, where patching is much less common and security is very lax, that is, or soon will be, the kingdom of the living dead.

Dan.