5 replies to this topic

[apemax]

i ran winbuilder lx77rc2cxw for the first time but when it was building my avast anti-virus on-access scanner said it found a virus. the details of it are:

WinNTSetup.exe
Win32:Malware-gen
C:\lx77rc2cxw\Target\LiveXP\Program Files\WinNTSetup_JFX

i sent it to the chest in the middle of the build because i didn't know whether it was an actual virus or a false positive. do you know?

[Wonko the Sane]

Check the relevant thread:
http://www.boot-land...?...ic=7721&hl=

There are no similar reports.

Possibly avast have updated their files and it is marked incorrectly.

Whenever in doubt, check VirusTotal:
http://www.virustotal.com/

And take your chances (there is a "sticky" dedicated to this general possible issue):
http://www.boot-land...?showtopic=7835
that you might have missed.


Wonko

[apemax]

i tried uploading it to VirusTotal but this comes up:

0 bytes size received / Se ha recibido un archivo vacio

so i tried emailing it to them but haven't gotten a reply yet. also i ran a Malwarebytes anti-malware scan yesterday and it found some malware in the lx77rc2cxw folder. i'll post more details when i on windows again.

[apemax]

i tried uploading it to VirusTotal but this comes up:

0 bytes size received / Se ha recibido un archivo vacio

so i tried emailing it to them but haven't gotten a reply yet. also i ran a Malwarebytes anti-malware scan yesterday and it found some malware in the lx77rc2cxw folder.

C:\lx77rc2cxw\Target\LiveXP\Program Files\Partition Find and Mount\FindAndMount.exe (Trojan.FakeAlert) ->
Quarantined and deleted successfully.

[Lancelot]

Hi apemax,

JFX is one of the most trusted developer around, hence when you use an application made by JFX, be sure if there exists antivirus warning, it is false-positive .

Besides, also use latest script
http://livexp.boot-l...etup_JFX.script
here are virustotal results for x86 and x64
http://www.virustota...6e86-1277391563
http://www.virustota...80d8-1281035297

*
"Partition Find and Mount"
maybe disabling "UPX Compress" option on the script may help, in many scripts like "Partition Find and Mount" script, original files and/or setups are used hence only suspect left is upx compression, you may post to http://findandmount.com acknowledging them their application cause false positive which I guess they would like to chase av companies for a false-positive fix.. (unless company really distributes viruses around with an application, or they may decide to ignore...)
besides
in many places during build upx compression still used to gain space, which may cause other fake(lie)-positives....
shortly, if your av can not make searches on upx compressed files, better to change av or disable during build .

moreover, if you have a paronaid antivirus, there is nothing to do for them, they are simply hopeless,
check post 7-8 in the page jaclaz already provided,
http://www.boot-land...?showtopic=7835

[apemax]

ok. WinNTSetup.exe probably not a virus then. i didn't think it was a virus but best to be sure. thanks. i've had a string of viruses lately which has made me a bit paranoid.