Sign in to follow this  
Vesper

False Positive - TheNoobBot

Recommended Posts

Hi,



This is a "bot/AI" for World of Warcraft, paid software since 2012, without any issues.



Details of the product are as follows:



File Name: TheNoobBot-6.0.10.rar (and newers version)


Detection Type: Gen:Heur.MSIL.Krypt.4 ( B)


Virus Total : https://www.virustotal.com/fr/file/8aec8dd1c73ff77b89c896419d6977a68958edf14751fa8698c397d84124aa4d/analysis/1469432950/


Installer location: http://thenoobbot.com/downloads/latest.php


Website: http://thenoobbot.com/





Regards,


Marc MALKA



Ad-Aware incorrectly indentify the program to malware while we simply obfuscate a C# Application. Please help to correct it.



Note that we constantly update our program so if you could add a pattern for the false positive, would be great.




Edit: I'm sorry for actually not posting a log since I don't use your software, I'm just sending a bunch of false positive notice to concerned AntiVirus company.


Edited by Vesper

Share this post


Link to post
Share on other sites

Thank you !

I just hope the next update of my software wont have the same issue (I update it almost daily sometimes).

Since this obfuscator uses the same encryptions of name, it should not change much from one .exe to another tho.

Share this post


Link to post
Share on other sites

Got the same issue with my next update...

 

tnb_V6.0.11.rar

 

I've been doing some testing, it seems that only string value encryption causes the detection.

I may not use that feature anymore at the cost of letting crackers get a bit more informations about my software protection.

 

Seems variables/functions renaming don't trigger any heuristic detection. just string encryption.

Edited by Vesper

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this