1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can VB code cause fake postive?

Discussion in 'Visual Basic 6' started by Theodore, Dec 23, 2010.

  1. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    I've just hired a person from GAF to create a simple clicker program and the file he sent me has 4 trojans in it. He swears his computer is clean and he checked it again and hese not getting any warnings. So i was just wondering before i tell him that i dont accept his work, might these actually be fake positives?

    And i know you get what you pay for when you go on websites like GAF :p

    Link:
    HTML:
    http://www.virustotal.com/file-scan/report.html?id=73b525460e7c0e87d0ae788b27eb37aa2cc22dd2789c9373720a13e7367aa246-1293080549
    Edit: sorry i know i have spelt positives wrong in the title lol
     
    Last edited: Dec 23, 2010
  2. ExobiT

    ExobiT Junior Member

    Joined:
    Apr 21, 2008
    Messages:
    145
    Likes Received:
    25
    Scan the file with Anubis

    Code:
    http://anubis.iseclab.org/
    and post the link for the results here.
     
  3. raidel21

    raidel21 Regular Member

    Joined:
    May 17, 2009
    Messages:
    401
    Likes Received:
    324
    Code:
    http://www.computing.net/answers/security/virus-problem/29531.html
    I don't expect 4 Trojans on ANY application..
    I wouldn't trust this...

    it has a redirector...
     
  4. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    Thank you, thats what i was thinking 4 is a bit suspicous =\
     
  5. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    Thank you but i got this everytime i tried to upload it =\

    Error - No Executable File

    Unfortunately your file could not be executed.
    Either your file is not a valid Windows executable or some of its startup-dependencies have not been met.
    According to the Unix file command your file is of the following type:
    Zip archive data, at least v2.0 to extract
     
  6. SleepieGirl

    SleepieGirl Regular Member

    Joined:
    Mar 7, 2009
    Messages:
    439
    Likes Received:
    290
    Occupation:
    Need Custom Programs? Message Me!!!
    Location:
    TenDollarBlog.com
    im not sure what gaf is but yes you can get false positives...

    i would run it in a vmware sandbox and watch what it does
    also you should always make sure you get the source code
     
  7. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    ive just uploaded it to threatexpert and it says it will email the results to me within a few minutes.

    Also regarding the zip file, if i unzip it that would leave my laptop under threat if you get me? Atleast the file is zipped up.
     
  8. ExobiT

    ExobiT Junior Member

    Joined:
    Apr 21, 2008
    Messages:
    145
    Likes Received:
    25
    unzip it without running the exe, and then upload it.
     
  9. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    right so aslong as i dont load the program im fine? Thank you
     
  10. silver

    silver Jr. VIP Jr. VIP

    Joined:
    Sep 16, 2008
    Messages:
    158
    Likes Received:
    103
    Occupation:
    Software Engineer & Entrepreneur
    Is it programmed in visual basic or is it a VBScript?
     
  11. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
  12. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    as i know of visual basic. But the guy that did it pretty much just did it for me he made it so simple lol.
     
  13. silver

    silver Jr. VIP Jr. VIP

    Joined:
    Sep 16, 2008
    Messages:
    158
    Likes Received:
    103
    Occupation:
    Software Engineer & Entrepreneur
    analysis says that is opens facebook, and thats most of it.
    if that's what you wanted then I'd say it's ok.

    although that's weird.
    maybe you should ask the programmer about that.
     
    • Thanks Thanks x 1
    Last edited: Dec 23, 2010
  14. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
  15. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    yea its meant to do that thank you silver and money! Glad its a false positive. Just was a bit suspicous 4 trojans like if you get me
     
  16. Theodore

    Theodore Power Member

    Joined:
    Oct 13, 2009
    Messages:
    679
    Likes Received:
    266
    Thanks again guys i will ask him that, and get back to use :) rep and thanks to you both.
     
  17. Cyber_Demon12

    Cyber_Demon12 Junior Member

    Joined:
    Apr 16, 2009
    Messages:
    182
    Likes Received:
    50
    Its probably false positives. If you are worried about it, have him send you the code and check it and compile it yourself.

    If you don't know VB well enough, have a friend or someone look at it?
     
  18. cicciovalenti

    cicciovalenti Newbie

    Joined:
    Jul 4, 2011
    Messages:
    2
    Likes Received:
    0
    when I use HTTP librery also for me some antivirus give a false positive virus
     
  19. bulldawg88

    bulldawg88 Junior Member

    Joined:
    Jan 13, 2012
    Messages:
    167
    Likes Received:
    106
    Location:
    San Diego, CA
    I use VBScript to do auto-clicking. I could look it over or write you a quick script if you want.
     
  20. jammie

    jammie Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 24, 2008
    Messages:
    773
    Likes Received:
    453
    Since you own the rights to the code, why not look through it?

    VB is very simple to understand and then you can compile and run it yourself and know nothing weird is going on.

    If he won't send you the code, which you paid for, then something weird is going on.