Forum: SuRun English speaking RSS
Antivirus detection
joaquin #1
Member since Sep 2010 · 2 posts · Location: Spain
Group memberships: Mitglieder
Show profile · Link to this post
Subject: Antivirus detection
I just saw the same problem in the forum pointed out today in German. I have opened a new thread because I do not find any other with the same heading about viruses.

My Avira this morning reports the following:
C:\Programs\surun\InstallSuRun.exe
    [DETECTION] Is the TR/Dropper.Gen2 Trojan
Begin scan in 'D:\' <ARCHIV>
D:\SOFTWARE\WINDOWS\_DEPOT\surun.7z
[0] Archive type: 7-Zip
  [DETECTION] Is the TR/Dropper.Gen2 Trojan
  --> surun/InstallSuRun.exe
    [DETECTION] Is the TR/Dropper.Gen2 Trojan
Begin scan in 'I:\' <DATOS>

I understand that is a false deteción, so I set the antivirus to not check in the future this files. In the past I inform Avira about another false detection. They confirmed the fact, but the alarm always went out in my antivirus, so I did what I did today with Surun.
Kay (Administrator) #2
User title: Weltverbesserer
Member since Nov 2007 · 1509 posts · Location: Magdeburg
Group memberships: Administratoren, Mitglieder
Show profile · Link to this post
You can verify that this is a false positive by compiling SuRun from the sources and having Antivir check the freshly compiled "InstallSuRun.exe".

Avira have a hard job. Windows is so badly programmed that many programmers (like me) must use tricks that bad guys could use to get their Malware into the system.
So Antivirus software sometimes detects these false positives...
joaquin #3
Member since Sep 2010 · 2 posts · Location: Spain
Group memberships: Mitglieder
Show profile · Link to this post
Subject: Avira false positive
Thanks Kay,

I’m sure is a false positive, I trust your software. Avira add SuRun to his data base this month, the year before never detect the same files in my hard disk as containing viruses. Tha last time someone upload InstallSuRun.exe to Virus Total was two days ago and the result was nothing, except “Heuristic.BehavesLike.Win32.ModifiedUPX.C” for McAfee-GW-Edition. Antivir is in that list, but in version 7.10.12.30 (my Avira version is now 10.0.0.567).

Salut
mkoenig (Former member) #4
No profile available.
Link to this post
Subject: NOT FALSE-POSITIVES
I was trying to download and install SuRun on a new system I just finished putting together today and kept getting alerts from the latest AVG anti-virus software also saying that the load module contained malware every time I tried to install it. I verified my source was from you and read the other posts saying these were false-positives and finally made the mistake of allowing AVG to let the install continue.  BIG MISTAKE!!!  Your software contains a Trojan which trashed my entire system! 4 hours later I've got the system working again and won't make the mistake of ignoring the AVG's warnings saying your SuRun install is a Trojan. I tried the previous version you have a link to also with the same result: Malware alert.  I'd like to use SuRun again.  Can you e-mail me a copy?  Thanks, Marcus
Kay (Administrator) #5
User title: Weltverbesserer
Member since Nov 2007 · 1509 posts · Location: Magdeburg
Group memberships: Administratoren, Mitglieder
Show profile · Link to this post
I'm sorry that you ran into trouble with SuRun.

I just checked the online version of SuRun 1.2.0.9. (I really should add MD5 checksums to the downloads!) It has no Trojan inside. InstallSuRun.exe unpacks SuRun.exe and SuRunExt.dll in 32Bit Windows or SuRun.exe, SuRunExt.dll, SuRun32.bin and SuRunExt32.dll in x64 Windows to %WINDIR%. AVG reports that behavior as Trojan.

What probably caused to crash your system is, that SuRun's IAT-Hook routines did conflict with AVG.

If you intend to use SuRun and AVG you first have to deactivate AVG, then install SuRun and then disable SuRun's IAT-Hook. You need to start "SuRun Settings", activate "Show SuRun settings for experienced users", go to the tab "Execution hooks" and uncheck "Set a Hook into all processes that directly execute applications".

After that you should be able to use AVG and SuRun together, but SuRun with limited functionality.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Not logged in. · Lost password · Register
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Page created in 56.8 ms (26.8 ms) · 62 database queries in 16.2 ms
Current time: 2019-12-09, 21:56:21 (UTC +01:00)