Messages - Deozaan [ switch to compact view ]

Pages: prev1 ... 5 6 7 8 9 [10] 11 12 13 14 15 ... 1832next
2. - But those Delphi packages are still causing trouble:

2. Upload of "Portable-Edition" possible? I could anal with debugger the target and its extra libraries.
2a. If I would need to guess again, the bpl files are not the ones that delphi compiler produced once, they are compressed somehow.
2b. Or they are compiled with a specific Delphi Version (Delphi 7) that has been blacklisted on all major antivirus sites.

I guess I now have another backup. :D

My guess why AntiVirus tools cry: "Portable-Edition" (RarSfx)

Programs that extract programs to run them are in general "bad" for scanning tools.
It looks like Windows Defender does not like your program extras (the *.bpl files, those are Delphi binary packages).

How-To-Fix: Extract *.exe Rar-file and play with extracted :-)

Oh! It makes so much sense now. I didn't realize the RarSfx meant self-extracting RAR. It seems so obvious in retrospect! I extracted the files manually and I see there are some Google Analytics related files. And since there doesn't appear to be any way to turn off analytics in the settings, I deleted the GoogleAnalyticsHelper.dll and GASender.exe yet the main executable still seems to work just fine without them.

Speaking of the main executable, now when I run the extracted .exe file it opens so much faster!

But those Delphi packages are still causing trouble:

vclie160.bpl on VirusTotal

AxComponentsRTL.bpl on VirusTotal

Most AVs just give them the generic "potentially unwanted" label, which is a pretty good indicator that it's likely a false positive. But one of them specifically labels it as adware/virus, which is a little concerning. However, I don't think I've ever seen a random ad, inside or outside of the application, in all the years I've been using this program. So I think I'll chalk this one down to a false positive until/unless I get more information that convinces me otherwise.

While thinking about this, I realized this is something Twitter does already:


Just a random, not-very-helpful observation from a twit, I suppose. :D

A good example for applying the 3-2-1 rule when back-upping.

After I found the backup in my Dropbox folder, I immediately made an extra copy on a thumb drive. I didn't even know 3-2-1 was a thing and I unintentionally started following that strategy after this incident. :Thmbsup:

I've had a portable .exe of Auslogics Disk Defrag Portable sitting in a folder on my PC for years, and frequently used it. The most recent time I used it a few days ago, out of nowhere Windows Defender marked it as malicious. I went into Windows Security center and told it to allow/restore it, but after I rebooted my computer today for the most recent Windows Update, it's gone! That leads me to two questions:

#1: Is it feasible that this portable app has had some hidden trojan all these years and only now is it being properly picked up by anti-virus scanners, or is it most likely just a sudden false positive? I uploaded the file to Jotti and VirusTotal before it disappeared, and there were several AVs flagging it as malicious. So it's not just Windows Defender acting up. Again, this is a file I've had for years. It's not like I just downloaded a new or updated version that changed the code.

#2: Does anyone know how to restore a file that Windows Defender got rid of? I don't see the usual "allow" or "restore" options in Windows Security. In fact, Windows Security tells me that it failed to remediate the problem. I'm attaching relevant screenshots if it helps to see what I'm seeing.

Windows Security - Removed or Restored.png

Windows Security - Remediation Incomplete.png

EDIT: Nevermind about #2. I had a backup in my Dropbox folder.

Pages: prev1 ... 5 6 7 8 9 [10] 11 12 13 14 15 ... 1832next
Go to full version