NO

Author Topic: 360 Total Security False Malware Indication  (Read 5129 times)

Offline daniel_bingamon

  • Member
  • *
  • Posts: 22
360 Total Security False Malware Indication
« on: March 13, 2017, 12:12:59 PM »
I use this compiler on a regular basic and just recently a program I wrote a long time ago was reported to have malware.  Now, the .zip file is the same file I uploaded to my website, I thought maybe someone got into it and add some malware payload.   So, I made a totally new compilation with a couple bug fixes while I was in the code and made a new zip and uploaded it to the site.     This ONLY occurs with 360 Total Security Antivirus, which an end user is using.

BTW - My desktop is secured with ESET NOD32 and is running fine with no indications of virus.  I'm reasonably sure the PC is not infected.

It is listing HEUR/QVM20.1.55BF.Malware.Gen.

Is it possible that one of the Pelles Libraries code has been used by someone making malware and this section of library is being used as the signature?
I can't get an answer back (two email) from the 360 Total Security people, they are ignoring my requests.

The program TWCalc (for calculating toneholes on Pennywhistles) is here:  http://kingsmills.us/twcalc/twcalc.htm
I don't understand why this is happening, there is no intent to have any malware in this.

Offline jj2007

  • Member
  • *
  • Posts: 536
Re: 360 Total Security False Malware Indication
« Reply #1 on: March 13, 2017, 12:36:10 PM »
It is listing HEUR/QVM20.1.55BF.Malware.Gen.

Don't worry, your program is fine - this is just a false positive from a crappy AV. There is a dedicated sub-forum over at the Masm32 site. These guys should be thrown in jail for the damage they are causing.

If you need to convince your end user, upload your file to https://virusscan.jotti.org/en-US/scan-file and show the result to that user. Or point them to False Positives Sink Antivirus Ratings (360 crapware is not even listed there).

Typical result for my RichMasm editor: Scan finished. 2/18 scanners reported malware - probably because it's a packed executable, really, really suspicious 8)
« Last Edit: March 13, 2017, 12:48:32 PM by jj2007 »

Offline TimoVJL

  • Global Moderator
  • Member
  • *****
  • Posts: 2122
Re: 360 Total Security False Malware Indication
« Reply #2 on: March 13, 2017, 01:45:55 PM »
- sometimes debug-info gives false alarms.
- using MT multithreaded CRT gives less false alarms.
May the source be with you

Offline daniel_bingamon

  • Member
  • *
  • Posts: 22
Re: 360 Total Security False Malware Indication
« Reply #3 on: March 14, 2017, 07:14:31 PM »
Thanks for the comments.  I do have the debugger turned on, I'll try turning it off.
I'll look into the other stuff as well.