the 89 line executable that demos a NOD32 bug

There's no point in trying to help u. Marcos is asking for the application u distribute, not for the demo. I hope u are able to read, and most importantly, to UNDERSTAND this.

 

Correct. As soon as we receive an actual application that employs Madcodehook and is detected, we'll whitelist it providing that one submits it to samples[at]eset.com with "False positive" in the subject and as much information about the application and its purpose enclosed. False positives are dealt with the highest priority.

 

CivilTaz,

i am not getting the assistance needed. the assistance i need is a below.

1. where can i find a list of toolkits that nod32 will say are positive?
2. where can i find a list of toolkits that nod32 will say are a negative?
3. what makes them different?
4. whats to stop those from being "misused by malware" and start being flagged?
5. what does madcodehook do that those dont?

 

i have given you applications that have been distributed that have been detected.

so again...


1. where can i find a list of toolkits that nod32 will say are positive?
2. where can i find a list of toolkits that nod32 will say are a negative?
3. what makes them different?
4. whats to stop those from being "misused by malware" and start being flagged?
5. what does madcodehook do that those dont?

 

There are no such lists available to public, it would be too easy for malware authors to adapt their code so that it's undetected.

It's been mentioned here numerous times already:
Submit the application to samples[at]eset.com with "False positive" in the subject and with as much information about the application and its purpose as possible enclosed.

A quote from Madcodehook's website:
Unfortunately madCodeHook has been misused by malware in the past. Because of that there is no non-commercial edition of madCodeHook available, anymore. Furthermore I will now only sell madCodeHook licenses to companies and programmers, if (after some background check) I'm convinced that they are "good" and don't write malware.

 

since malware developers can no longer get madcodehook why are you still flagging it?

 

Right. I'll quote from your PM:

I've told several times that GSC Client is not detected at all. Please post here a link to an actual application utilizing Madcodehook that is distributed to users and is still detected (not a link to the demo).

 

so then you arent detecting viruses? when will you guys be releasing a virus detector and not some lazy 1/2ed donkey's butt software?

 

Glad to know i had a valid argument and it hurted u to read it. You want help from Eset, but u don't want to help them.
By the way, are u having this discussion with all other AV's companies? because i don't think ur problem is only caused by NOD32.

 

i have also given you this http://www.fileswap.com/share/?id=f6876a9f998f6472cc26708e27444456 which is still detected.

 

I've told several times that GSC Client is not detected at all. Please post here a link to an actual application utilizing Madcodehook that is distributed to users and is still detected (not a link to the demo).

 

so then

 

Who told u a malware developer can no get it? They can buy it if they want it, and the software was free, so i bet a lot of them already got it.

 

As you can read on the Madcodehook author's site, it used to be misused by malware. What makes you think that malware authors who have exploited it for malicious purposes will cease using it now that the author has pulled it from his website?

Again, if you have an actual application utilizing Madcodehook that is detected (not the demo), please send it to samples[at]eset.com as I have advised above.

 

umm see above. marcos stated it.

 

I'm starting to believe that the one who can't read is u.

 

So, what about other AV's companies?

 

i have just followed your instructions and mailed 10 distributed programs that are detected. please advise as to what they are doing that are virus/malware like. and white list them

 

well at the end of another business day and ESET STILL has not contacted me back after over closing in on a week of no communications. and after leaving several voice messages today for contacts i still have not been contacted back. does ESET even support developers?

 

So far we haven't received anything at samples[at]eset.com with "False positive" in the subject.

 

they were all marked with the subject "false positive" i will check in the morning and resend again if you still have not received them.

 

Hi Musikit,

We too distribute an application that has incorporated parts of MadCookHook to perform various functions, and have been detected heuristically by many antivirus products, primarily because lots of malware uses code hooking techniques.

It's really really frustrating when it happens.

Fortunately, I found a simple 5 step solution to it:

1. Zip up your program.

2. Drag the zip file into an email (or use the attach function).

3. In the "To" section, type samples[at]eset.com - take care to replace the [at] with the @ character.

4. In the "Subject" box type "False Positive"

5. In the body, write a calm, respectful message advising that your legitimate software is being incorrectly detected as malware - and send it.

When we followed these steps, we received a very fast white-listing of our application, and when it's happened since then (as our application changes) it has also been whitelisted too.

If only the other AV Companies responded as fast as ESET to false positives, I would be very happy indeed.


Mike

 

We have analysed those files that were actually identical. Again, it's not an actual application but a demo that doesn't do anything. I'm asking again: if you have an actual application that is distributed to users and is detected, send it to samples[at]eset.com, enclose a link to the files/website where users can download it from and provide as much information about it and its purpose as possible. You have reported only one actual application (GSC client) so far whose detection was removed a long time ago. The other files were just demos with no real use and created just for the purpose of demonstrating Madcodehook heuristic detection which are not subject to whitelisting.

 

Marcos, I believe your and ESET's developers' valuable time would be generally spent better just ignoring this guy. He obviously is unable to communicate in a productive manner, unable to understand simple instruction, unwilling to understand simple explanations and keeps trolling and trolling and trolling and flooding this thread with useless posts.

 

Agreed. It is a lost cause.