[issue]: still detecting viruses #1300
Comments
|
What about asking the AV-Vendors what they found or why they whitelist later always? |
|
Well to be honest, you can guess whatever you want, guessing is bad, as long as there are no facts thats actually worse than everything else. the only way to get rid of all this guessing etc. is to get a feedback from AV-Vendors, so if nobody else does, i will already ask Bitdefender for their opinion/analysis. |
|
I asked Bitdefender, will write the Results here, maybe others can Contact their Antivirus-Vendors. |
|
@thetuxinator The only right ways are as you say, asking antivirus vendors for their analysis (not their opinion) or analyzing yourself the binaries. |
|
An idea for @ventoy what if your machine is somehow infected? So who can ask other AV-Vendors? I have a Bitdefender Subscription thats why i asked them. |
|
@ventoy |
|
You can build the 3 exe files from source with VisualStudio easily. |
|
@ventoy Are you using VisualStudio under Windows to compile? |
|
@ventoy What about other blobs in sources? |
|
The links in the topic involve |
The blobs in sources are descripted in https://github.com/ventoy/Ventoy/blob/master/DOC/BuildVentoyFromSource.txt |
|
You perhaps caught something bad in your Windows. If someone could compile with same version of VisualStudio on same version of Windows, it would be interesting to compare binaries. |
|
@ventoy why the hell has this been closed? |
|
9 antivirus are flagging last version 1.0.67: https://www.virustotal.com/gui/file/90eb3c4365547a2bd6bbd001dba23c0a9fcde1c59bfe90f3758f204eeda44045 |
|
Bitdefender (my only remaining AV Subscription) was not willing to provide Info on why they detected it. As of now i stop recommending Ventoy and Stop using it, especially as @ventoy refuses to care about and to scan his machine or do anything in the right direction! thats irresponsible and unacceptable! You distribute software and you may distribute a Malware/Virus/Trojan with it and you don't even seem to care that your own machine may be infected! |
|
My machine is not infected. |
|
The detection of false positives in files is common. AV and antimalware programs use a combination of identifying specific byte sequences, near matches, black list signatures (and white list signatures) and analyse of portions as well as identifying common delivery sequences/packages that are often used by virus (but also used by legitimate products).
The scan results show that 63 AV programs PASSED VentoyVlnk.exe (including many of the top AV products). You need to be aware that most AV s/w simply have a 'whitelist' of hashes - when you report a false positive to the AV developer, they simply add the hash of your product into their AV whitelist table so it is not reported as a virus. As the developer says, you can simply build the exe yourself from a 'clean' system (e.g. fresh VM) and source files and the .exe produced will probably also give approx 6 false positives (even though the exe may have a slightly different hash). That is why VirusTotal also allows people to 'vote' on how bad or clean they think it is and comment on the results in the 'Community' tab, because you cannot just look at 6 fails and say 'Oh - it has a virus!'. If many of the 'better' AV products flagged it as a virus (e.g. Avira, Acronis, Avast, BitDefender, DrWebb, EMSiSoft, FSecure, Eset, GDta, Mcafee, Microsoft, Symantec, etc.) then you should worry but not when a few obscure AV products fail it. |
|
So you are saying that Avira, Acronis, Avast, BitDefender, DrWebb, EMSiSoft, FSecure, Eset, GData, Mcafee, Microsoft and Symantec, are not professionals, even though their livelihood and reputation depends on detecting malicious software? |
|
Found this discussion helpful. I used VirusTotal earlier to scan ventoy-1.0.70-windows.zip and it reported only one security vendor (Ad-Aware MaxSecure) that flagged the file as Trojan.Malware.300983.susgen. |
Official FAQ
Ventoy Version
1.0.62
What about latest release
Yes. I have tried the latest release, but the bug still exist.
BIOS Mode
Legacy BIOS Mode
Partition Style
MBR
Disk Capacity
1000
Disk Manufacturer
No response
Image file checksum (if applicable)
No response
Image file download link (if applicable)
No response
What happened?
https://www.virustotal.com/gui/file/7895fcd68559e7afbf2a8f9445bf2d55abbfbeefe0ac3bc40991801f34bcfd6c
https://www.virustotal.com/gui/file/f9dd10bd20b56cba3f963cde06874d5a2ee8d267c85060d26f1cefb691b304bd
https://www.virustotal.com/gui/file/fece97f4d5c67cfce808b14472287210147b9344005024539e4580ce0bea3c25
The text was updated successfully, but these errors were encountered: