Re: Bully Bootloader as virus detected

88 views
Skip to first unread message

Robert Reese

unread,
Aug 13, 2012, 1:50:28 PM8/13/12
to pic24-assemb...@googlegroups.com
This is the first time we have ever had this complaint. Where did you get the installation file from? The latest code archive?

In doing some googling on the web, it seems that Avira has a history of false positives.
One suggestion from the web is:

"If you have "Advanced Heuristic Analysis Detection" set on High level, I'd use Medium (default level), and keep testing on low, or disable it altogether. "


On Thursday, August 9, 2012 7:06:22 AM UTC-5, Andy Zehnder wrote:
Hello,

It is not possible to install and run the bully bootloader, my virus-protection detects it as a 
virus TR/Crypt.XPACK.Gen.
We use here Avira Antivir Software.
Do you have any idea to fix the problem?

Andy

Robert Reese

unread,
Aug 22, 2012, 1:31:01 PM8/22/12
to pic24-assemb...@googlegroups.com
Here is what I have done.

Our institution uses 'Sophos Protection' as its anti-virus software.  I made sure it was up-to-date, and had it scan the code archive, both in packed form and unpacked form.  Sophos according to their page detects this particular virus, and Sophos did not report any virus found.

I will try with other malware tools and see what they say.


On Wednesday, August 22, 2012 6:32:46 AM UTC-5, Andy Zehnder wrote:
A few days ago, I disabled the security scan. And startet the application.
Yesterday our provider closed our email port because of spam mails,
sent out from my computer. After disconnecting it first and deleting
all the bully files frrom the virus detection program my pc is clean.

After that, I downloadet the archive from here:
and let the virus scan over the zip file. It detectet again that virus
TR/Crypt.XPACK.Gen . This is a troyan horse.
I tried it with an older support library, I downloaded about 2 years ago
and with that, it was ok.
Do you have any idea?

Andy

Bryan A. Jones

unread,
Aug 22, 2012, 1:58:20 PM8/22/12
to pic24-assemb...@googlegroups.com
I've done the same -- scanned, plus installed it on my PC. No problems reported...

--
You received this message because you are subscribed to the Google Groups "PIC24 Assembly-to-C Book" group.
To view this discussion on the web visit https://groups.google.com/d/msg/pic24-assembly-to-c-book/-/ZdujOrKPQJUJ.

To post to this group, send email to pic24-assemb...@googlegroups.com.
To unsubscribe from this group, send email to pic24-assembly-to-...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/pic24-assembly-to-c-book?hl=en.



--
Bryan A. Jones, Ph.D.
Associate Professor
Department of Electrical and Computer Engineering
231 Simrall / PO Box 9571
Mississippi State University
Mississippi state, MS 39762
http://www.ece.msstate.edu/~bjones
bjones AT ece DOT msstate DOT edu
voice 662-325-3149
fax 662-325-2298

Our Master, Jesus Christ, is on his way. He'll show up right on
time, his arrival guaranteed by the Blessed and Undisputed Ruler,
High King, High God.
- 1 Tim. 6:14b-15 (The Message)

Robert Reese

unread,
Aug 22, 2012, 6:42:43 PM8/22/12
to pic24-assemb...@googlegroups.com
Byron, Bryan: thanks for checking as well. I also completed a full scan on my computer (not just a scan of the archive) and nothing was reported.

Andy -- exactly what file is Avira reporting with the virus if you unpack the zip archive? There are only two executables in the archive, and both are in the /bin folder once you unpack it.

One is called bully.msi and is the installation package for the bootloader, and one is  just the the executable (winbootldr.exe) -- we kept this executable in there because we used to include it before we had the installation package, this duplicates the executable inside the installer.

If the anti-virus is reporting one of these two files and you don't trust our executables, then just build it yourself. The .NET source code is in bootloader/winbootldr and you may be able to use the free .NET Visual studio express from Microsoft to build it (I would try Visual Studio C++ express).  I have not tried using Express to build it since we have the full version of Visual Studio, but I imagine it would work.

 In any case, I would be interested in exactly what file is being reported by the anti-virus as being contaminated.

Bryan A. Jones

unread,
Aug 27, 2012, 11:44:10 AM8/27/12
to pic24-assemb...@googlegroups.com
Andy,

I rescanned that file again and ran it from a copy I just downloaded from the website; everything seems fine to me. I'm sorry to hear of your problems -- not sure what happened...

Bryan

On Mon, Aug 27, 2012 at 1:10 AM, Andy Zehnder <zehnd...@gmail.com> wrote:
sorry for the delay!
It was the file winbootldr.exe which war reportet.
I have an achive I downloaded in beginning of april 2011. On the winbootldr.exe of that archive, Avira won't report anything.
But if other antivirus software do not recognize it as a virus, I guess it is ok.
I hope I did not make any inconveniences........

Andy

--
You received this message because you are subscribed to the Google Groups "PIC24 Assembly-to-C Book" group.

To post to this group, send email to pic24-assemb...@googlegroups.com.
To unsubscribe from this group, send email to pic24-assembly-to-...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/pic24-assembly-to-c-book?hl=en.
Reply all
Reply to author
Forward
0 new messages