Jump to content

another false positive - winrar sfx

Recommended Posts

When I create a winrar sfx, it's being detected by nod32.

Looks like no matter, if i Use %appdata%, or %userprofile%, or %temp%, or whatever, it's being detected.


with %temp% it's being detected as: RAR/Agent.L trojan

and with %appdata%: RAR/Agent.O trojan


the settings are:


;The comment below contains SFX script commands
Edited by jessy
Link to post
Share on other sites

Good day Jessy


Lets start with providing some more background about what your trying to archive and compress ?

What code is behind apply.vbs file ?


All the other info you provided is irrelevent besides the infection name.

Edited by Arakasi
Link to post
Share on other sites

veremo, i'm simply reporting a false positive.

there's no suspecious of what i posted, and it's clearly a false detection, but being able to use the sfx commands.

Link to post
Share on other sites

You try to silently run .vbs from self-extract RAR.. It is suspicious.

If you want to use it yourself just add it to exceptions, if you are going to make public - just don't do it, it will be flagged by more AVs I guess.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...