As I already reported in the past, MessenPass, my password recovery tool for Messenger applications, is falsely detect as Virus/Trojan/Malware by many Antivirus programs.
Currently, according to this virustotal report, 18 out of 41 Antivirus programs shows a virus alert for MessenPass utility.
So I decided to make a nice test. I took the same code of MessenPass, and recompiled it with different compiler optimization options.
I also left it without UPX compression that I usually do with all my utilities.
I posted the new build of MessenPass for testing in VirusTotal Web site, and here’s the amazing result:
Only 2 out of 41 Antivirus programs trigger a virus alert for the new build of MessenPass.
Just to be clear – It’s still the same version of MessenPass (v1.26) like the original MessenPass with the 18 Antivirus alerts.
I simply compiled the same code of MessenPass with different compiler options.
avoiding from UPX compression also helped a little, because after compressing the same file with UPX, I got 5 virus alerts.
Currently, this build of MessenPass is only posted in this blog, while the I left the original build in the MessenPass Web page.
It’s interesting to see whether the Antivirus companies read or scan my blog.
If they do, the number of virus alerts in this MessenPass build will increase very soon…
Rarst says:
Heh, shows how "efficient" signature-based approach is. By the way had antivirus products gave up on heuristics? It was supposed to be big thing and ended up useless, don't remember a single example of it catching anything using any AV soft.
July 31, 2009, 1:38 amAaron says:
I can't tell you how many times I've been frustrated by Symantec's Norton Anti-virus product when I insert my tools drive and have various of your utilities deleted without warning. They just end up gone. They aren't even quarantined.
While it's good you are able to make your program undetected as a problem, I see that Symantec is still on the list. Since they make their product harder to disable, it makes it harder on me to use the tools.
August 4, 2009, 4:52 pmBill Bartmann says:
Great site…keep up the good work.
September 1, 2009, 9:18 pmiNsuRRecTiON says:
Hi Nir,
you should know that almost all samples send to virustotal.com should be automatically passed to the AV companies for analysis..
regards,
iNsuRRecTiON
September 30, 2009, 6:47 pmAlectronic says:
2009-10-7: 10/41 (24.39%)
October 7, 2009, 11:52 amjo says:
Actually, the older version did show up as viruses.. sorry I can’t remember it’s been so long ago, but that was fine with me because it allowed me to delete any files left behind, windows 7 doesn’t give up as many secrets as the older windows did, but I thank you, because of the simplicity of that program it only took seconds to find out where our money went and where my hubby went, that program saved my life from deadly STD’s as well as financial homelessness and broken heart and of course it stopped him from using my computer! and to think I only wanted to recover one of my lost passwords, now I use it to help me find my lost password in seconds instead of waiting and I don’t have secrets so I don’t mind it being on my computer, but thanks for saving my life.
December 30, 2009, 9:26 pm