Fallout 2 utility ProtoManager virus?
- Thread starter QuantumApprentice
- Start date
Tygernoot
First time out of the vault
I just compiled the latest source from the above repository and no longer get any virus / trojan warning on it from MS Defender. I attached the binary in case anyone wants to try it.
Sort of a shame, I wanted to figure out which bit of code was causing the issue.
Sort of a shame, I wanted to figure out which bit of code was causing the issue.
The binary has much less warnings from VirusTotal. What version of Visual Studio do you use?
Only the text in the "info" textbox is messed up.
Only the text in the "info" textbox is messed up.
Tygernoot
First time out of the vault
I'm on VS Community 2019.
QuantumApprentice
Where'd That 6th Toe Come From?
32 out of 67 antivirus vendors flagging it doesn't seem very good though.
I've also noticed that when I drop a different version of ProtoManager on virustotal, it seems to take about a week before some of the anti-virus software will flag it.
So I definitely recommend checking it a couple of times throughout the week before assuming it's better than the last compile.
I've also noticed that when I drop a different version of ProtoManager on virustotal, it seems to take about a week before some of the anti-virus software will flag it.
So I definitely recommend checking it a couple of times throughout the week before assuming it's better than the last compile.
The code is right there, everyone can check it. And if someone is able to fix the false-positive, please, go ahead. Otherwise this is just pointless chatter that keeps getting repeated over and over again.
QuantumApprentice
Where'd That 6th Toe Come From?
fair enough, I sure do wish I had enough experience to figure out what's causing the false positive myself
Tygernoot
First time out of the vault
My guess is that it is because of the amount of file I/O the application is doing.
E.g. the virustotal report is reporting on the modification of file and directory permissions.
I removed a ton of File and Directory API calls that delete directories and change permissions, and it reduced the number of positive reports down to 11/70.
I didn't go through the full code obviously, but I also didn't spot anything in particular on the application calling home or other dodgy stuff. Anyone who is feeling adventurous enough (and who doesn't dislike VB too much :p) can likely eliminate all the culprits in the code.
E.g. the virustotal report is reporting on the modification of file and directory permissions.
I removed a ton of File and Directory API calls that delete directories and change permissions, and it reduced the number of positive reports down to 11/70.
I didn't go through the full code obviously, but I also didn't spot anything in particular on the application calling home or other dodgy stuff. Anyone who is feeling adventurous enough (and who doesn't dislike VB too much :p) can likely eliminate all the culprits in the code.
Will this not render the tool useless? After all, it's whole point is to edit (proto) files in that way.
Tygernoot
First time out of the vault
I meant to test getting rid of the (potentially) false positives in an attempt to figure out where they are coming from, not to release a version with that functionality removed 
Thanks for the Github link! I was checking the code, but unfortunately I hadn't have enough time to dive deeply. I like to perform researches like that so if I find something I will let you know here. As I don't feel like it is a good idea to use this software (taking into account situation with the developer and the fact that the code seemed to be legit before) I will just stick with suggested Cubik2k's critter editor.