Jump to content

another false positive - winrar sfx


jessy
 Share

Recommended Posts

When I create a winrar sfx, it's being detected by nod32.

Looks like no matter, if i Use %appdata%, or %userprofile%, or %temp%, or whatever, it's being detected.

 

with %temp% it's being detected as: RAR/Agent.L trojan

and with %appdata%: RAR/Agent.O trojan

 

the settings are:

 

;The comment below contains SFX script commands
 
Path=%appdata%\settings
Setup=apply.vbs
Silent=1
Overwrite=2
Edited by jessy
Link to comment
Share on other sites

Good day Jessy

 

Lets start with providing some more background about what your trying to archive and compress ?

What code is behind apply.vbs file ?

 

All the other info you provided is irrelevent besides the infection name.

Edited by Arakasi
Link to comment
Share on other sites

veremo, i'm simply reporting a false positive.

there's no suspecious of what i posted, and it's clearly a false detection, but being able to use the sfx commands.

Link to comment
Share on other sites

You try to silently run .vbs from self-extract RAR.. It is suspicious.

If you want to use it yourself just add it to exceptions, if you are going to make public - just don't do it, it will be flagged by more AVs I guess.

Link to comment
Share on other sites

I often used this method to create my own installers for my workplace, using a vbs file to launch the software with a silent switch

Link to comment
Share on other sites

I know .msi got the silent parameter which, but that doesn't help me if I want to make a installer for it, which is only 1 single file

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...