Jump to content

another false positive - winrar sfx


Recommended Posts

When I create a winrar sfx, it's being detected by nod32.

Looks like no matter, if i Use %appdata%, or %userprofile%, or %temp%, or whatever, it's being detected.

 

with %temp% it's being detected as: RAR/Agent.L trojan

and with %appdata%: RAR/Agent.O trojan

 

the settings are:

 

;The comment below contains SFX script commands
 
Path=%appdata%\settings
Setup=apply.vbs
Silent=1
Overwrite=2
Edited by jessy
Link to post
Share on other sites

Good day Jessy

 

Lets start with providing some more background about what your trying to archive and compress ?

What code is behind apply.vbs file ?

 

All the other info you provided is irrelevent besides the infection name.

Edited by Arakasi
Link to post
Share on other sites

veremo, i'm simply reporting a false positive.

there's no suspecious of what i posted, and it's clearly a false detection, but being able to use the sfx commands.

Link to post
Share on other sites

You try to silently run .vbs from self-extract RAR.. It is suspicious.

If you want to use it yourself just add it to exceptions, if you are going to make public - just don't do it, it will be flagged by more AVs I guess.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...