Login  •  Register


The time is now: Mon Nov 19, 2018 3:57 pm

Emaculation wiki  •  Delete all board cookies



Post new topic  Reply to topic Page 1 of 1 [ 7 posts ]
Print view Previous topic  |  Next topic
Author Message
PostPosted: Fri Aug 17, 2018 8:27 pm 
Offline
Space Cadet

Joined: Fri Aug 17, 2018 8:20 pm
Posts: 1
I downloaded a Sheepshaver for Windows build from Columbia University:

http://www.columbia.edu/~em36/macos9win.html

When I run it, Windows Defender reported it as Malware (Bitrep.A).

Anyone else had this?
Is it a false positive?


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Fri Aug 17, 2018 9:52 pm 
Offline
Forum All-Star

Joined: Tue Oct 14, 2008 12:12 am
Posts: 923
As I said in a private e-mail to Paul D., if you don't trust my software, just don't use my software. It's as simple as that.

I don't expect anyone to take my word when I say the software is clean. Upload it to VirusTotal.com and let the experts test it.


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Fri Aug 17, 2018 9:58 pm 
Offline
Forum All-Star
User avatar

Joined: Fri Nov 27, 2009 5:11 am
Posts: 2267
Location: Emaculation.com
Do you have the SHA1 or SHA256 hash for that file? Bitrep appears to be detecting on a class of installers that drop and execute malware as part of an attack chain. The ones I've seen appear to be trying to install malware that captures credentials from point of sale and online credit card transactions.

[edit] If this is emendelson's bundle, it's highly unlikely to be a TP. Best to submit it to Microsoft as an FP.

Submitting it to VT may have a cascade effect, as some vendors will see that MS has detected the file and detect it as well, which will cause further vendors to consider it malicious. So getting all vendors to clean up at that point may take a while.


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Sat Aug 18, 2018 11:34 am 
Offline
Forum All-Star

Joined: Tue Oct 14, 2008 12:12 am
Posts: 923
It seems that someone submitted the file to VirusTotal.com on 22 July. Here are the results:

https://www.virustotal.com/#/url/0e6a85 ... /detection


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Mon Aug 20, 2018 6:32 pm 
Offline
Forum All-Star

Joined: Tue Oct 14, 2008 12:12 am
Posts: 923
The original poster took the trouble to send me an e-mail telling me he had decided not to use my system after all, because he got another malware warning from him. I urged him to delete the software and not to think about it again, because I didn't see any point in wasting time trying to convince someone to use something he doesn't trust.

However, what may have produced that warning is this: I wrote my Windows-based launcher for SheepShaver in the AutoIt scripting language, and some anti-virus programs (Avast, Avira, Webroot, at different times) simply treat all AutoIt-based programs as dangerous, because script-kiddies used AutoIt to create malware in the past. There's nothing to be done about this except to get a better antivirus program.


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Tue Aug 21, 2018 5:51 pm 
Offline
Forum All-Star
User avatar

Joined: Fri Nov 27, 2009 5:11 am
Posts: 2267
Location: Emaculation.com
emendelson wrote:
I wrote my Windows-based launcher for SheepShaver in the AutoIt scripting language, and some anti-virus programs (Avast, Avira, Webroot, at different times) simply treat all AutoIt-based programs as dangerous, because script-kiddies used AutoIt to create malware in the past. There's nothing to be done about this except to get a better antivirus program.


Ah; that explains it. Trust me: it's not just script kiddies using it in the past; there are thousands of malware files pumped out each day that use AutoIt despite the fact that most spammers have moved on to using powershell finally.

AutoIt is best used for internal tools.


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Tue Aug 21, 2018 8:25 pm 
Offline
Forum All-Star

Joined: Tue Oct 14, 2008 12:12 am
Posts: 923
adespoton wrote:
AutoIt is best used for internal tools.


If I knew how to use anything else, I would! AppleScript and AutoIt are more or less my limits.


Top
 Profile  
Reply with quote Post a reply  
Display posts from previous:  Sort by  
Post new topic  Reply to topic Page 1 of 1 [ 7 posts ]


Who is online

Users browsing this forum: Google [Bot], meador4 and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
 

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group