Hi, I downloaded masm package from one of the websites given at www.masm32.com. When I'm installing it I get a message saying that there's a malicious code detected. The location is masm32\qeicon.vbs.

Is it a virus there ?
I downloaded it twice from different addresses, still get the same warning.
Thanks
Posted on 2004-08-27 14:37:02 by Trooper
Don't worry, it's not a virus.

See this thread:

http://www.asmcommunity.net/board/viewtopic.php?t=2850

:)
Posted on 2004-08-27 14:59:11 by S/390
I see. However what I get is malicious script and it refers to different files.
If someone could clarify on this, it would make feel better.
Thanks
Posted on 2004-08-27 17:27:16 by Trooper
Trooper, the script isn't malicious - it's merely an annoyance (iirc it's the script that creates a shortcut for QEditor, including keyboard shortcut... and it's executed by MASM32 install without asking whether you want this).

But don't worry, there isn't any malicious code in the MASM32 package.
Posted on 2004-08-29 12:51:02 by f0dder
Trooper,

What you have been told is right, its a simple VBS script that is written on the fly by the installer to install the icon for the editor. It is deleted when its been run as its no longer needed. I may use a different method for the next version to avoid the warning but its hard to predict what AV scanners do these days as they are not all that well written anymore.

Regards,

hutch at movsd dot com
Posted on 2004-08-30 21:06:31 by hutch--
Hutch, it should be easy enough to create the shortcut icon directly through code (some shell function) without any VBScript. You might want to prompt the user whether he wants the icon though, it's not very polite installing desktop icons without asking, especially not when they have a hotkey bound to them :)
Posted on 2004-09-01 04:17:16 by f0dder
I certainly will simplify the icon installation for the next version. There is a limit to what a single person can know and with keyboard layouts for different countries, the Ctrl+Alt+Q is a problem with at least two european languages that I know about.

I prefer the VBS script to the COM method in the shell DLL and I don't really want to commit an installation to crap like COM when its not reliably implemented on all targetted versions. At worst a VBS script can fail if the DLL is not there but you can have other problems with a more complex interface when bits are missing or damaged in an OS installation.

There does not seem to be a way around bad AV heuristic scanning, some have spat the dummy on standard MASM PE headers, others on compiled EXE files, others again on compressed exe files and the real problem is they restrict the PE standard because they don't properly understand it.

A VBS file is innocent enough and the scanner that drops a false positive on it is not powerful enough to analyse the contents which in this case came directly from a Microsoft website.
Posted on 2004-09-01 10:44:24 by hutch--