Log inRegister an accountBrowse CSDbHelp & documentationFacts & StatisticsThe forumsAvailable RSS-feeds on CSDbSupport CSDb Commodore 64 Scene Database
 Welcome to our latest new user Harvey ! (Registered 2024-11-25) You are not logged in - nap
CSDb User Forums


Forums > C64 Coding > ICU64 suddenly gone?
2024-03-23 21:10
ws

Registered: Apr 2012
Posts: 251
ICU64 suddenly gone?

I just observed that my ICU64 is suddenly gone, and after getting the "Sorry, but this file contains a virus" warning upon trying to re-download it from the official google drive, i noticed that my antivirus quietly has anihilated the file, reason : "Trojan Generik.LBYTBYU".

I already contacted mathfigure about it, but i cannot believe that this is anything else but a false positive.
 
... 4 posts hidden. Click here to view all posts....
 
2024-03-24 06:19
ws

Registered: Apr 2012
Posts: 251
It seems that only this version of ICU64 for VICE from CSDb acts the same as the version from mathfigures google drive (that version is inaccessible now):
ICU64 for VICE 3.x V0.1.3
The frodo versions are not impacted.

But this version of ICU for VICE is now also useless, since it reqires the icu64.exe of the "flagged" version above:
ICU64 for VICE 3.7 V0.1.3
2024-03-24 10:59
Martin Piper

Registered: Nov 2007
Posts: 718
Quote: huh... totally no idea what to make of this https://www.virustotal.com/gui/file/980e8d8750aa8a66a8e02183cd2..

This looks like a heuristic scan result, meaning it saw some code that was similar to code used in another virus, but it wasn't a precise match and it might or might not be malicious.

But given ICU64 launches a process and uses some form of process memory injection or inspection to get the emulated C64 memory, then this might itself be flagged as "maybe suspicious". I mean, doing such things with external processes is often used by suspicious code, so it's not a surprise it gets flagged during a scan.

But in this case we know ICU does this kind of process tweaking for legitimate reasons, so it's probably safe to ignore unless there is an exact and specific match with a known virus.
2024-03-24 12:18
tlr

Registered: Sep 2003
Posts: 1787
Quoting Martin Piper
But in this case we know ICU does this kind of process tweaking for legitimate reasons, so it's probably safe to ignore unless there is an exact and specific match with a known virus.

Some antivirus programs just rip away the binary on the fly and don't let you override that though.

Sometimes there isn't even a warning about it. I'm pointing at you windows defender!
2024-03-24 13:02
Fungus

Registered: Sep 2002
Posts: 680
This is due to AV's not being anything other than garbage anymore and they use "AI" which is so smart all it does it check that string literals match some crap someone reported. It will mistake EXE files for js exploits etc (defender is the worst at this) but other AV companies trade signatures and they get out there and then perfectly legit stuff is flagged. It's incredibly annoying...
2024-03-24 16:26
ws

Registered: Apr 2012
Posts: 251
I have now submitted the .exe alongside a false positive mail, according to their rules, to ESET. Lets see if they can grasp the idiocy of the situation.
2024-03-24 20:22
ws

Registered: Apr 2012
Posts: 251
Adding the ICU64.exe to your virus-scan exceptions also seems to work as a workaround. (If you are using ESET, you can use the hashes provided by the virustotal link under DETAILS above, make sure to add path to VICE and also path to the ICU exe in both exclusion options (the second option requires the hash)).

Not great, not terrible.
2024-03-26 09:03
ws

Registered: Apr 2012
Posts: 251
Ok ESET Support confirmed: "It is a false positive that was fixed already in the latest update. Please update your ESET product."

so, if your antivirus kills ICU64.exe, it is now officially a good idea to submit a false positive mail to them. For ESET it is now fixed.
2024-03-26 09:35
Martin Piper

Registered: Nov 2007
Posts: 718
\\Yay//
2024-03-29 22:19
goerp

Registered: Feb 2006
Posts: 21
thanks for all the tips here!
i never thought reporting a false positive would work, so i never tried and kept using a very old version
i use a different AV but i'll try to report it there
2024-03-30 02:49
Martin Piper

Registered: Nov 2007
Posts: 718
I used to work for a security software company. Handling false positives was important because it was related to accuracy of the product offering. If people saw the product was not accurate they wouldn't buy it.
Previous - 1 | 2 - Next
RefreshSubscribe to this thread:

You need to be logged in to post in the forum.

Search the forum:
Search   for   in  
All times are CET.
Search CSDb
Advanced
Users Online
serato/Finnish Gold
E$G/HF ⭐ 7
Guests online: 91
Top Demos
1 Next Level  (9.7)
2 13:37  (9.7)
3 Coma Light 13  (9.7)
4 Edge of Disgrace  (9.6)
5 Mojo  (9.6)
6 What Is The Matrix 2  (9.6)
7 The Demo Coder  (9.6)
8 Uncensored  (9.6)
9 Wonderland XIV  (9.6)
10 Comaland 100%  (9.6)
Top onefile Demos
1 Layers  (9.6)
2 Party Elk 2  (9.6)
3 Cubic Dream  (9.6)
4 Copper Booze  (9.6)
5 Libertongo  (9.5)
6 Rainbow Connection  (9.5)
7 Onscreen 5k  (9.5)
8 Morph  (9.5)
9 Dawnfall V1.1  (9.5)
10 It's More Fun to Com..  (9.5)
Top Groups
1 Performers  (9.3)
2 Booze Design  (9.3)
3 Oxyron  (9.3)
4 Nostalgia  (9.3)
5 Triad  (9.2)
Top Logo Graphicians
1 t0m3000  (10)
2 Sander  (9.8)
3 Mermaid  (9.5)
4 Facet  (9.4)
5 Shine  (9.4)

Home - Disclaimer
Copyright © No Name 2001-2024
Page generated in: 0.378 sec.