Stop false alert on my own program - help please

Discussion in 'ESET NOD32 Antivirus' started by clivew, Dec 15, 2007.

Thread Status:
Not open for further replies.
  1. clivew

    clivew Registered Member

    Joined:
    Aug 22, 2006
    Posts:
    17
    I am a professional programmer.
    I am currently writing a program to uninstall an application.
    Every time I either compile or copy the executable somewhere I get a big "Infection!" pop-up with unknown heuristic virus found message.

    I need to find a way round this for my clients.
    I can hardly include an explanation to ignore the infection warning.:(

    It seems to be related to the fact that I have to write to the runonce Key in the registry as I need to do a reboot during the process.

    Plenty of other installer/uninstallers I run (from others) do not trigger this behavior.

    Can someone (from Eset?) explain the problem and how to code round it?
    It is DEFINITELY not a virus:)

    Thanks,
    Clive.
    Clive Walden
    Walden Consulting
    clivew@clivewalden.com
    www.clivewalden.com
     
  2. krokodil_bb

    krokodil_bb Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    86
    Location:
    BB
    you can solve this problem:

    1. in nod try to set and use exclusion, your folder will be ignored by nod

    2. when you finish programming, protect your exe by crypter and nod can't use heuristic detection on your program anymore (pespin - is free and not supported by eset, some version of upx scrambler - nod will show unpack error, comercial vmprotect can't be decoded...)
     
  3. clivew

    clivew Registered Member

    Joined:
    Aug 22, 2006
    Posts:
    17
    Thanks. I did figure that one out eventually.
    OK. I will give that a try.
    Sounds like a good plan.

    I would still like to understand what is actually triggering the alert, and, if it is the write to the runonce Key, wont Nod32 still catch it when it actually tries to do this at runtime?

    Clive.
     
Thread Status:
Not open for further replies.