On Wed, Oct 2, 2024 at 4:51 PM Paul Dufresne via Freedos-devel
<freedos-devel@lists.sourceforge.net> wrote:
>
> Following https://gitlab.com/FreeDOS/issue-reporting/-/issues/57
>
> I downloaded
> https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.3/official/FD13-LiveCD.zip
>
> Extracted it, extracted the iso in it, extracted packages/apps/doszip in it,
> extracted SOURCE/SOURCES.ZIP... and now get something
> like:/home/paul/Téléchargements/virus/packages/apps/virus/SOURCE/DOSZIP/bin
> (I created the virus directory!)
> [paul@betakard bin]$ ls -lh
> total 888K
> -rw-r--r-- 1 paul paul 303K 12 fév 2017 asmc.exe
> -rw-r--r-- 1 paul paul 12 12 fév 2017 build.bat
> -rw-r--r-- 1 paul paul 87K 12 fév 2017 dzrc.exe
> -rw-r--r-- 1 paul paul 3,0K 12 fév 2017 fcmp.exe
> -rw-r--r-- 1 paul paul 9,5K 12 fév 2017 iddc.exe
> -rw-r--r-- 1 paul paul 137K 12 fév 2017 libw.exe
> -rw-r--r-- 1 paul paul 301K 12 fév 2017 linkw.exe
> -rw-r--r-- 1 paul paul 965 12 fév 2017 linkw.lnk
> -rw-r--r-- 1 paul paul 26K 12 fév 2017 make.exe
>
> Most files here have a few (about 4 to 5) detections on virustotal.
> make.exe have 9/69:
> https://www.virustotal.com/gui/file/2af3a455bcab37663f2fdef1c5a7a55959121b2d7969138b082f0885929aa1c2
>
> I did not investigated more than that... but seems suspicious to me.
>
That "9/69" means that it tested with 69 security vendors, and 9 had
some kind of flag.
If you look at what is specifically being flagged in this report, one
is "Win32:Malware-gen" which a person from Avast describes this way:
"Generic threats are files that appear suspicious to AVG but do not
match any known threat"[1]. In other words, it's a generic ("gen")
detection on something the AV software *thinks* might be suspicious.
Another is "Generic.ml" which is the same issue: a generic detection
on something that's not known to be a problem, but the software thinks
might be.
Another is "Malware.Heuristic.1004" which is not actually a virus.
Instead, a "heuristic" is when the AV software has to make a guess
based on other behaviors it has seen. But it's just a guess.
Note that plain DOS programs often get misidentified as Windows
malware because the programs are accessing the low level features of
the CPU or DOS. That's something very common in DOS, but not allowed
in Windows.
[1]https://support.avg.com/answers?id=9060N000000LnS4QAK
_______________________________________________
Freedos-devel mailing list
Freedos-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-devel
