I'm a newbie to MASM and to this community, but I'd like to share some info that occured when I installed the latest masm32v7.zip update today.

I have McAfee VirusScan already installed om my Win2000 Pro computer, and it reported a virus in the \masm32\EXAMPLE8\MOB\NOIMPORT\noimport.exe file, when I run the install.exe program. The VirusScan report that the virus is called, 'W32/Undertake' If this is a real virus or some misstake from the Virusscan program I don't know. If anyone else could share some light on this I would appreciate it.


Posted on 2002-01-09 03:09:08 by spaceuser
Don't worry, the file doesn't have a virus. It does, however, use
"virus-like" methods to do it's function imports.

Also, you should very much consider throwing out mcafee and get
a *real* antivirus product: http://www.avp.ch - mcafee just doesn't
work, mmm'kay? :).
Posted on 2002-01-09 03:33:56 by f0dder

f0dder is right here, the file uses a technique for making API detection far more difficult and has its use in producing anti-hacking code. I included it because of the relevance of anti hacking techniques in modern software.

The heuristic scanning on McAfee and a few others is not technically competent by modern standards as other very high powered AV products do not produce the false alarm from the file not having any imports.

I may change the distribution slightly when I get time and remove the EXE file that triggers the false alarms, then the user who is interested can build the file if they like while being familiar with the code within the file.


Posted on 2002-01-09 23:06:39 by hutch--
Good idea hutch. It's not an exe that produces interesting stuff by
clicking it, the interesting stuff is in the source, so... removing the
exe to avoid false alerts is a good idea.
Posted on 2002-01-10 04:33:02 by f0dder