Sorry guys my antivirus found a virus in the archive so be very atentive downloading it...
Posted on 2002-01-15 08:13:34 by Duker
Man.........think about what u say *hmpf*

why should i upload a virus to this board and then post weeks later here.......?

the fact is , that the antivirus soft you have is BAD coded !
ur soft cry for help because this parts of this source was used in a trojan uploader by the original coder yoda/fc
look in the source or read the threat : max sample pack1
for more information........

thats what i often say : security firms make paranoia but not good coded software !
and this is the result....
Posted on 2002-01-15 08:24:27 by Max
Posted on 2002-01-15 08:25:12 by Thomas
Max,
I'm pretty sure, Norton 2002 IS good coded.
The infected file, is completly useless for the source you posted.
Because this is the second time, this happens with your attached files, please doublecheck the files you upload to this board, next time.

Thanks!
Posted on 2002-01-15 09:26:41 by bazik
----------
Max,
I'm pretty sure, Norton 2002 IS good coded.
-----------
aha....i found at last some security bugs ,again.

------------
The infected file, is completly useless for the source you posted.
------------
hm ,take a look at the source.
the file you change the icon on ,is ?
yep ,the bin.data file.
try to rename the bin.data to bin.exe and what did you get ?
the FILE i compile with the original sample source from the trojan dropper.
i remove some lines in the code ,change some stuff here and NORTON say its a trojan !
thats what i mean : bad coded
the file is compiled again with other settings and without the dangerous trojan dropping code.
in the source is also the source for the bin.data file.

compile it on your own and run NORTON.....now you know what i mean ?

---------------
Because this is the second time, this happens with your attached files, please doublecheck the files you upload to this board, next time.
---------------
second time ???
its the same file i post twice !

ps: menno sieh dir mal den source an und compiliere das selber.
norton ist halt so doof und meint das dieses neue file der gef?hrliche dropper ist.
echt hart das man mir schon zutraut so doof zu sein einen code mit trojaner zu posten ,so empfinde ich das.
Posted on 2002-01-15 10:03:22 by Max
Ja, aber h?ttest du nicht einfach das Icon von notepad.exe oder so ?ndern k?nnen? Bei deinem "sample pack 1" war die gleiche Datei dabei. Deshalb solltest du eigentlich wissen, das diese als Virus erkannt wird, da damals schon einige hier gemeckert haben.
Also, mein Vorschlag: Entfern die Datei aus dem Zipfile und lass den User die zu ?ndernde Datei selber w?hlen. Dann hast du kein Problem mehr und alle sind gl?cklich :)

MfG,
bAZiK
Posted on 2002-01-15 10:53:25 by bazik

Ja, aber h?ttest du nicht einfach das Icon von notepad.exe oder so ?ndern k?nnen? Bei deinem "sample pack 1" war die gleiche Datei dabei. Deshalb solltest du eigentlich wissen, das diese als Virus erkannt wird, da damals schon einige hier gemeckert haben.
Also, mein Vorschlag: Entfern die Datei aus dem Zipfile und lass den User die zu ?ndernde Datei selber w?hlen. Dann hast du kein Problem mehr und alle sind gl?cklich :)


Let me translate that for the non-german speaking people. ;)

"Yes, but you could have more simply changed the icon from notepad.exe. In your "sample pack 1" there was the same file too. So you could have know that some people here had already complained about that.

So, my advice : remove the file from the zip file and let the user choose another one by himself. This way, you won't have problems anymore and everyone will be happy".

I hope it is accurate, I didn't practiced my german for some years. ;)
Posted on 2002-01-15 11:22:47 by JCP
bAZiK, that the bottom line. Good thinking

Max i got the MAX package (max_tasm_samples_01) some don't work and some do. I guest it depend on what Window operating system we are using. I like all of your How-To Tutes. They are small and to the point....Wonderful work...Hope you build an complete line someday.
Posted on 2002-01-15 12:18:33 by cmax
max: most of the bugs in your programs from the pack are caused by not clearing edx before a division. Change that and most will work.

Thomas
Posted on 2002-01-15 14:10:19 by Thomas
Hossa

im shure this threat say all about todays security soft..what a luck that i found this post :-)

http://www.asmcommunity.net/board/showthread.php?threadid=2850

thanks thomas for the good tip ,i fix it and upload them again.
i would happy if the admins can delete the "malicious" source so there is no problem in the future with this.
im unable to edit my postings.

last i must say ,that are not my how to`s.
i dont find anything of this alone ,i ask or search google.
to make it for other users easy i post them here :-)
but im happy that some find it usefull :-)

happy coding
Posted on 2002-01-15 14:23:27 by Max
Norton *is* a bad antiviral product. But the fact that it identifies
the file "with a few lines removed" either means it has at least a
little heuristics (good) or that it uses very small ID strings (lame).
And anyway, the file *does* look suspicious when disassembled,
even if harmless. Be a bit more careful with your sample code max :)

Also, keep the discussion in English.
Posted on 2002-01-15 14:49:08 by f0dder
>Also, keep the discussion in English.

Sorry, I was in hurry :)
Posted on 2002-01-15 15:16:25 by bazik
Why would you consider Nortons to be bad?

I would honestly much rather trust a big corporate anti viri (nortons) than some small freeware one.
The big corporate obviously has a lot more funds to spend on research against virus's
Posted on 2002-01-16 02:20:20 by ThrawN
and... to create them. ;)
Posted on 2002-01-16 02:35:17 by JCP
Why I wouldn't trust norton? That's easy to answer. It doesn't catch
enough virii. NAV2000 didn't even catch Sub7 when packed with UPX...
how lame is *that*? Apart from not being too sharp at catching
virii (which, I believe, is the most important goal of an AV product?)
it is also bloated and slow, and has one of these ugly custom GUIs.
Oh yeah, it also causes BSODs if you try to use it together with
Tiny Personal Firewall.

I think that's reason enough not to use norton antivirus. In general
I try to stay away from norton products, they aren't much good
after they left the DOS area.

For real protection? The best I know is AVP, http://www.avp.ch .
It does the job pretty well.
Posted on 2002-01-16 03:37:58 by f0dder
I use norton with tiny personal firewall, no problems there. AVP on the other hand gave me the worst crash in my programming history :-/ (lost 2 HD)

I guess user experiences really differ :-/
Posted on 2002-01-16 04:24:49 by Hiroshimator
Perhaps they fixed the norton/tiny firewally in later norton versions.
I was called over to a friends place to fix the norton/tiny issue, it
was on two machines. One with 98, one with Me. I had to remove
the norton VXDs by hand from a dos boot, so I could get into windows
and uninstall the crap. Then I looked for suspicious files (because
my friend told me he didn't like the activity lights on his router when
he wasn't doing anything), and I found sub7. So much for a good AVP product.
Of course I also removed Me and installed 98se while I was there
(friends don't let friends use Me), and just for fun we tried the NAV/Tiny
combination once again... BSOD again.

While they might have fixed incompatibility problems, I very much
doubt they are competent enough to fix up their AV scanning engine.
They might be better than McAfee, but... heh.

I still don't understand your crash thingy hiroshimator, it hasn't
even GPFed on me. Nor the four of my friends who run it. Perhaps
you had a virus that panicked when it saw a real enemy entering
the system? :grin:
Posted on 2002-01-16 04:31:26 by f0dder
when do you delete my postings ?
how often should i ask for it...............

delete :
1.how to change icons
2.how to remove sub7
3.max sample pack 1

or change the time i can edit my postings so i delete it myself if ur out of time..........i asked 5 times for it in 4 days !

Thanks
Posted on 2002-01-16 06:09:02 by Max
NOrtons doesnt pick up sub7 when packed with upx? i dunno bout your experiences but i have sub7 on a cd i use often and nortons ghey alert always lets me know about it.
As for sluggyness yes they were but since 2001NT+ i havnt had sluggyness problems. Seems to run in the background fine
Posted on 2002-01-16 07:18:30 by ThrawN
Max calm down. If you need something from a moderator rather quick, then use PM or e-mail.

Almost every forum has some assigned moderators now. PM or e-mail them and they'll help you out quickly. It's easy not to spot things in a large number of posts.
Posted on 2002-01-16 23:15:34 by Hiroshimator