Sethioz wrote:yup i saw, just didnt want any of that in public. however we can still discuss other stuff in public. like the svchost.exe thing and the tracking system, which you explained in PM.
i have to say that my opinion about you has defiently changed, but this svchost.exe and trojan alert thing still bugs me.
typical is that kaspersky havent replied to me. anyone else want to try ??? i think they have blocked my address after about 50 false positive emails.
their mail for reporting new viruses and possible/confirmed false positives is > [email protected]
you have to provide them with the download link and as much info as you can. if its not dangerous and is what you said it is, then they have to remove it from their blacklist.
Caliber, specially for you. if your trainers are completely harmless as you say (to your pc and private information), then you should really contact Kaspersky and possibily others too and let them get their facts straight. lot of Luigi's tools get detected too and its just lame.
i really want to see what kaspersky has to say about it. will they blame it on you, that you have used some malicious code to make some checks/tracking or will they say its false positive and remove it from their list .. or just ignore the mail.
we have a specific person who deals with all of these situations (false postives with antivirus packages). unfortunately even though we are a legit business with no warez or 'scene' underpinnings, our trainers get lumped into the same black 'hole' of warez and 'scene' programs where there is alot of malicious software or software that is not 'safe' or is 'illegal'. our experience with these antiviral people is that they wont do anything unless you are activision or blizzard or some huge studio and they are contacted by lawyers with threat of action. as i said, their detections are based on heuristic scanning (detecting a series of bytes or a memread with crc checks in small areas of .exe to determine 'possible' viral activity by a program). this isn't the same as CONFIRMED VIRUS in a program, only that it has similar code in small sections that is found in some other viral signatures. since viruses attach to other programs, read and write to process memory, and try to 'protect' themselves from disassembly or debugging, then of course our trainers are going to have similar code snippets.
i appreciate the suggestions and we are doing all we can to try and minimize the antivirus false postitives. our latest template is much more less prone (per trainer) to put out antiviral heuristic scan flags. i change it as needed to try and keep it from doing that. bigger trainer titles (especially our promos) have alot more people downloading and submitting our trainers to jotti and other sources to confirm that they are safe, and unfortunately even though they are safe (and reported as so), when jotti and other places get a ton of the same .exe they begin to scan those files more closely and you can see that they begin to flag those bits of our program that deals with read/write process and protections built into our trainer .exe's, and thus we get send to various antiviral companies as 'possible' signatures for this or that virus. it's stupid really, but is an unfortunate casualty to the reality that antivirus stuff has to be proactive to signatures to be more effective. if you run a program for the first time and it's not in the virus vault then you have no defense against it if it is a virus. however, if that virus has a signature and it's similar to other viruses, then heuristic scanning can save you from possible virus infection, but this also flags non-viral programs with similar code as viral.
best,
Cal