I have just down-loaded and unzipped build 878.
My virus checker (AVG) says that BlackBox.exe contains "Win32:SMorph[Cryp]", whatever that means.
Does anyone else have a similar problem; what is the solution?
			
			
									
						
										
						Virus in build 878
- 
				cfbsoftware
- Posts: 204
- Joined: Wed Sep 18, 2013 10:06 pm
- Contact:
Re: Virus in build 878
I checked build 878 on Virus Total and it has already been analysed there. It only fails on 2 out of 61 antivirus programs - AVG and AVAST (I suspect they use the same engine).
The solution might be to get yourself a different virus checker. After several years of little or no problems with it I abandoned AVG a few weeks ago as it was giving me so many false alarms. Worse still it was quarantining the items without even giving me a chance to prevent it from doing so or to recover them. I'm currently trialling Microsoft's Windows Defender and have had no problems so far.
			
			
									
						
										
						The solution might be to get yourself a different virus checker. After several years of little or no problems with it I abandoned AVG a few weeks ago as it was giving me so many false alarms. Worse still it was quarantining the items without even giving me a chance to prevent it from doing so or to recover them. I'm currently trialling Microsoft's Windows Defender and have had no problems so far.
Re: Virus in build 878
AVG goes through cycles. It was rather tedious / onerous to use. Then they changed its interface, and it was much more low key (nicer!). In recent months it has started to be a nuisance with many pop-up adverts for extra products.
I did (after some search) find a way ro restore BlackBox.exe, but when I tried to use it AVG immediately deleted it again!
Finally I was upable to upload it to Virus Total; it now fails 14 / 61 tests with different warnings, mainly: "Gen:Variant.Razy.182001" & "Win32:SMorph [Cryp]".
Maybe build 879 will be ok?
			
			
									
						
										
						I did (after some search) find a way ro restore BlackBox.exe, but when I tried to use it AVG immediately deleted it again!
Finally I was upable to upload it to Virus Total; it now fails 14 / 61 tests with different warnings, mainly: "Gen:Variant.Razy.182001" & "Win32:SMorph [Cryp]".
Maybe build 879 will be ok?
- Josef Templ
- Posts: 2048
- Joined: Tue Sep 17, 2013 6:50 am
Re: Virus in build 878
I don't know exactly how those virus checkers work but it seems that 
they are doing a simple pattern search in the exe file.
With the large file Applogo.ico embedded in BlackBox.exe there are
good chances to find such a pattern. If you replace this file by something else,
for example Doclogo.ico, there are less chances to find a malicious pattern and the
number of Virus Total reports decreases.
- Josef
			
			
									
						
										
						they are doing a simple pattern search in the exe file.
With the large file Applogo.ico embedded in BlackBox.exe there are
good chances to find such a pattern. If you replace this file by something else,
for example Doclogo.ico, there are less chances to find a malicious pattern and the
number of Virus Total reports decreases.
- Josef
Re: Virus in build 878
Don't understand.Josef Templ wrote:With the large file Applogo.ico embedded in BlackBox.exe there are
good chances to find such a pattern. If you replace this file by something else,...
1 - Build 850 is ok, surely it has the same icons embedded?
2 - How do I replace a part of BlackBox.exe?
Re: Virus in build 878
No its not: same problem.Robert wrote:Maybe build 879 will be ok?
- Josef Templ
- Posts: 2048
- Joined: Tue Sep 17, 2013 6:50 am
Re: Virus in build 878
Build 850 lists 11 virus checker messages on Virus Total. (AVG not included)Robert wrote: Don't understand.
1 - Build 850 is ok, surely it has the same icons embedded?
2 - How do I replace a part of BlackBox.exe?
Build 874 lists 14 virus checker messages on Virus Total. (AVG included)
Build 878 lists 17 virus checker messages on Virus Total. (AVG included)
There were some extensions in Kernel and HostFiles since build 850.
This may lead to additional pattern matches (if it is that simple?, I really don't know).
Fact is if you replace Applogo.ico by Doclogo.ico the Virus Total messages decrease sharply
but not down to zero, at least in my experiments.
You replace a part of a BlackBox.exe file by linking a new one with different parts.
- Josef
Re: Virus in build 878
I did some minimal asking around on the internet, and this seemed like a reasonable idea for Windows 10, but less so for Windows 7.cfbsoftware wrote:I'm currently trialling Microsoft's Windows Defender and have had no problems so far.
So I decided to upgrade from 7 to 10, which was reasonably painless so far.
I then extracted build 879, which I was allowed to do, and tried to run it. I immediately got a message from Windows defender that it had protected me from running an unrecognised program, and I had no option to override this decision.
Then, 30 seconds later, AVG told me it had quaranteened the file, and BlackBox.exe disappeared.
I will turn off AVG, and try again.
Re: Virus in build 878
I've found the Windows defender "Run anyway" option.
That's taken almost a whole day - but I guess I had to upgrade to 10 sometime!
			
			
									
						
										
						That's taken almost a whole day - but I guess I had to upgrade to 10 sometime!
- Josef Templ
- Posts: 2048
- Joined: Tue Sep 17, 2013 6:50 am
Re: Virus in build 878
FALSE positives are a wide spread pain today.
I even got an error report recently sending an e-mail via gmail because
the gmail mail server is listed somewhere as a spammer.
On my Windows machines I only use Windows virus tools for many years
because of many kinds of problems, including FALSE positives.
- Josef
			
			
									
						
										
						I even got an error report recently sending an e-mail via gmail because
the gmail mail server is listed somewhere as a spammer.
On my Windows machines I only use Windows virus tools for many years
because of many kinds of problems, including FALSE positives.
- Josef
 
				
