Adaware marks a VB program containing function CreateObject("WScript.Shell") a Trojan
Hi,
I am a developer with a software company.
Adaware marks our program containing the Microsoft function CreateObject("WScript.Shell") a Trojan.
When we remove only this line from the program and recompile, Adaware finds no Trojan in the file.
Could someone please help?
If required I can send the versions of the file.
Many thanks in advance.
-
Hi,
Thanks for directing my question to the correct forum.
Attached you will find the Adaware report file as requested.
I made full scans of my PC before and they all came up with no threat found.
Also attached is a zip file containing the infected and clean versions of the file which I have compiled myself.
As I have indicated earlier, the ONLY difference between the two files is that the infected one contains the following line:
CreateObject("WScript.Shell")
and the clean one does not.
It is conceivable that many viruses or trojans may use the CreateObject("WScript.Shell") command, because it is primarily a file operations command.
However this does not mean that all apps using this function are trojans.
My guess is that you need to change the fingerprint for this particular trojan family (Gen:Trojan.Heur.VP2.dm...) so that it is not based on the presence of the CreateObject("WScript.Shell") command in an executable file.
Many thanks for your kind support.
0 -
Hi matmat,
I've moved your topic to the forum for false positives.
Please follow the guide
0 -
Hi matmat,
Thanks for providing so much detail. The detection is a false positive and will be removed within the next few updates/within a few hours.
LS Andy
0
Vous devez vous connecter pour laisser un commentaire.
Commentaires
3 commentaires