Edward572
21st August 2005 08:45 UTC
W32.Generic - INFECTED / MALWARE
Hello All,
I have been using NSIS for a bit and this is the first time I have had trouble WRT Virus scan. I wrapped up my visual basic 6.0 program (AA-ServerEdit_v240.exe) with NSIS v2.08, and I released it in to the wild for anyone to download, its a plugin of sorts for Americas Army Game.
Anyhow there has been alot of user downloading it and having no trouble using it. But one user decided to scan the software at http://virusscan.jotti.org and found a W32.Generic INFECTED/MALWARE. Well I use the Modern UI and have done a bit of reading and found a few reports of false positives. Now I running NIS2005, NAV2005, Spybot search and destroy, and NoAdware to protect me and the software I compile. I have also gone to StopSign and done a full scan & have scaned complete HD with NAV2005 with the latest data, and have not found and VIRUS or worm or anything. But the software still has this reading from the http://virusscan.jotti.org site , so I am going to make an assumption here and say there is a posible problem with the NSIS 2.08 wrapper software.
Now I not trying to point fingers, I just want to figure out where the problem resides. Whether it be something on my system or if there is still a problem with NSIS false positives.
My download area Site:
http://www.yayawhatever.com/AAServEdit.htm
Scan Site:
http://virusscan.jotti.org
Any resolutions for this problem would be great, or to just let you guys know this is happening.
The information belew is the finding of the scan of the installer.
Joost Verburg
21st August 2005 11:03 UTC
I cannot reproduce this issue with another NSIS installer. Please sumbit a false positive report to ArcaVir.
Edward572
21st August 2005 14:12 UTC
Sorry this is the first time dealing with an issue of this kind, where exactly do I go to report this to and to whom?
Thanks for your help,
Edward572
I use InstallDir Kyes as well in my software, could this maybe be related to the other post?
http://forums.winamp.com/showthread....postid=1755387
Joost Verburg
21st August 2005 20:41 UTC
The log shows that only a relatively unknown anti-virus product (ArcaVir, see http://www.arcavir.com/) finds a virus. You should contact the ArcaBit company and send them a false positive report.
Vazagothic
22nd August 2005 21:16 UTC
My company experiences similar problems - since we've updated the NSIS version to 2.08 (a week ago) I've received about 15 calls about the NSIS error (corrupted installer).
I suspect the problem resides with the online scanner/anti-virus, closing the connection thus causing the corruption.
I've asked few of our problematic clients which anti-virus software they use and AVG seems to be the main cause, though one client mentioned Norton - but in that case there was still a chance for the AVG running on the main network server (government network).
I love NSIS and I want to use it, but I'm not the one pulling the strings in my company - if my boss decides it's time to switch to something else, I will be forced to do so.
For now - I can handle few more clients without causing too much troubles.
Edit: To not sound too harsh or anything - It was me who suggested using NSIS in my company (we've been using Install Shield before) and I'm the only person writing installer scripts.
As you can see, if my boss decides it takes too much time to support all the calls, then he may make a decision.
I've used WinRAR to temporarily fix the problem:
- create an encrypted WinRAR self-extracting archive
- show the user how to extract NSIS installer from there