Forum :: Lounge :: Endless Edge has a virus

Hello, when I went to download Endless Edge, it said "This file looks malicious". So when it finished downloading I went to a virus scan website and here are the results:

Click here

-Pine.

Looks like a false positive:

SubsystemVersion.........: 4.0
Comments.................: This installation was built with Inno Setup.
LinkerVersion............: 2.25
ImageVersion.............: 6.0
FileSubtype..............: 0
FileVersionNumber........: 0.0.0.0
LanguageCode.............: Neutral
FileFlagsMask............: 0x003f
FileDescription..........: EndlessEdge Setup
CharacterSet.............: Unicode
InitializedDataSize......: 17920
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 
TimeStamp................: 1992:06:20 00:22:17+02:00
FileType.................: Win32 EXE
PEType...................: PE32
ProductVersion...........: 
UninitializedDataSize....: 0
OSVersion................: 1.0
FileOS...................: Win32
LegalCopyright...........: 
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Apollo
CodeSize.................: 37888
ProductName..............: EndlessEdge
ProductVersionNumber.....: 0.0.0.0
EntryPoint...............: 0x9c40
ObjectFileType...........: Executable application

Someone shot this kid.

---
https://www.fallen-evolution.com
https://www.fallen-evolution.com/discord
https://eosource.net

elevations posted: (11th Jul 2012, 09:03 am)

Looks like a false positive:

SubsystemVersion.........: 4.0
Comments.................: This installation was built with Inno Setup.
LinkerVersion............: 2.25
ImageVersion.............: 6.0
FileSubtype..............: 0
FileVersionNumber........: 0.0.0.0
LanguageCode.............: Neutral
FileFlagsMask............: 0x003f
FileDescription..........: EndlessEdge Setup
CharacterSet.............: Unicode
InitializedDataSize......: 17920
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 
TimeStamp................: 1992:06:20 00:22:17+02:00
FileType.................: Win32 EXE
PEType...................: PE32
ProductVersion...........: 
UninitializedDataSize....: 0
OSVersion................: 1.0
FileOS...................: Win32
LegalCopyright...........: 
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Apollo
CodeSize.................: 37888
ProductName..............: EndlessEdge
ProductVersionNumber.....: 0.0.0.0
EntryPoint...............: 0x9c40
ObjectFileType...........: Executable application

Someone shot this kid.

why would a setup give a false postive?

elevations posted: (11th Jul 2012, 09:03 am)

Looks like a false positive:

SubsystemVersion.........: 4.0
Comments.................: This installation was built with Inno Setup.
LinkerVersion............: 2.25
ImageVersion.............: 6.0
FileSubtype..............: 0
FileVersionNumber........: 0.0.0.0
LanguageCode.............: Neutral
FileFlagsMask............: 0x003f
FileDescription..........: EndlessEdge Setup
CharacterSet.............: Unicode
InitializedDataSize......: 17920
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 
TimeStamp................: 1992:06:20 00:22:17+02:00
FileType.................: Win32 EXE
PEType...................: PE32
ProductVersion...........: 
UninitializedDataSize....: 0
OSVersion................: 1.0
FileOS...................: Win32
LegalCopyright...........: 
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Apollo
CodeSize.................: 37888
ProductName..............: EndlessEdge
ProductVersionNumber.....: 0.0.0.0
EntryPoint...............: 0x9c40
ObjectFileType...........: Executable application

Someone shot this kid.

So there is a virus, or not?

Because most people use these kinds of free setup providers for viruses to trick you so they all get put into a common blacklist for anti viruses.

That's why it's a false positive.

How do i know this? Because FE's setup also has some few false positives just because other people use the install makers for stupid things.

And i doubt apollo would be dumb enough to make his client a virus download and ruin his reputation like that.

But if you want to doubt me and think it's a virus you go ahead you intelligent.. You..

---
https://www.fallen-evolution.com
https://www.fallen-evolution.com/discord
https://eosource.net

elevations posted: (11th Jul 2012, 09:10 am)

Because most people use these kinds of free setup providers for viruses to trick you so they all get put into a common blacklist for anti viruses.

That's why it's a false positive.

How do i know this? Because FE's setup also has some few false positives just because other people use the install makers for stupid things.

And i doubt apollo would be dumb enough to make his client a virus download and ruin his reputation like that.

But if you want to doubt me and think it's a virus you go ahead you intelligent.. You..

Oh okay. Thanks Ele. I was just curious.

elevations posted: (11th Jul 2012, 09:10 am)

Because most people use these kinds of free setup providers for viruses to trick you so they all get put into a common blacklist for anti viruses.

That's why it's a false positive.

How do i know this? Because FE's setup also has some few false positives just because other people use the install makers for stupid things.

And i doubt apollo would be dumb enough to make his client a virus download and ruin his reputation like that.

But if you want to doubt me and think it's a virus you go ahead you intelligent.. You..

so the setup was built by inno setup maker, i will try to use it to make a test setup and scan it......

eoclone posted: (11th Jul 2012, 09:13 am)

elevations posted: (11th Jul 2012, 09:10 am)

Because most people use these kinds of free setup providers for viruses to trick you so they all get put into a common blacklist for anti viruses.

That's why it's a false positive.

How do i know this? Because FE's setup also has some few false positives just because other people use the install makers for stupid things.

And i doubt apollo would be dumb enough to make his client a virus download and ruin his reputation like that.

But if you want to doubt me and think it's a virus you go ahead you intelligent.. You..

so the setup was built by inno setup maker, i will try to use it to make a test setup and scan it......

I just extracted the setup it's most likely because he packed Eirc.exe with it which actually is some kind of malicious bitch according to all anti viruses.

---
https://www.fallen-evolution.com
https://www.fallen-evolution.com/discord
https://eosource.net

can u post a scan for the Eirc file?

eoclone posted: (11th Jul 2012, 09:21 am)

can u post a scan for the Eirc file?

No point even the main download of Endless Online that includes the Eirc.exe is detected as a "virus" i believe it's just a big fat false positive.

@Apollo a word of advice next time don't pack Eirc.exe into your setup's or else people post virus threads.

But if i must:

Here is the virustotal scan of the Eirc.exe contained in apollo's setup:

https://www.virustotal.com/file/775e85a3a0d924d6c21dd37cd0a7c73f6bcfb50da67d2a6d39810ef48b97af46/analysis/1341998766/

Now Combine a free setup maker with a Eirc.exe and you have one DEADLY FALSE POSITIVE VIRUS

---
https://www.fallen-evolution.com
https://www.fallen-evolution.com/discord
https://eosource.net

elevations posted: (11th Jul 2012, 09:22 am)

eoclone posted: (11th Jul 2012, 09:21 am)

can u post a scan for the Eirc file?

No point even the main download of Endless Online that includes the Eirc.exe is detected as a "virus" i believe it's just a big fat false positive.

the type of virus may vary,

however , here a scan of a setup made with inno setup maker
without the eirc(0/41)
https://www.virustotal.com/file/f13119474b45478c30b14d0c0b245595f1ac5eb67cf89973507fe040a55168eb/analysis/1341998422/

with eirc(1/41)

https://www.virustotal.com/file/4a43000f2262a0af912167161d450a5987d60c64c00662ef18c2bc9e0a0c1eb3/analysis/1341999035/

so its not the irc or the setup maker, now we need an explanation  for this false postive.....


edit : @elevations

relax bro , we are trying to clear things....

eoclone posted: (11th Jul 2012, 09:33 am)

elevations posted: (11th Jul 2012, 09:22 am)

eoclone posted: (11th Jul 2012, 09:21 am)

can u post a scan for the Eirc file?

No point even the main download of Endless Online that includes the Eirc.exe is detected as a "virus" i believe it's just a big fat false positive.

the type of virus may vary,

however , here a scan of a setup made with inno setup maker
without the eirc(0/41)
https://www.virustotal.com/file/f13119474b45478c30b14d0c0b245595f1ac5eb67cf89973507fe040a55168eb/analysis/1341998422/

with eirc(1/41)

https://www.virustotal.com/file/4a43000f2262a0af912167161d450a5987d60c64c00662ef18c2bc9e0a0c1eb3/analysis/1341999035/

so its not the irc or the setup maker, now we need an explanation  for this false postive.....


edit : @elevations

relax bro , we are trying to clear things....

The only other explanation is epatch.exe and epatch2.exe, EndlessEdge.exe, or Escreenshot.exe

I noticed both Eirc.exe and the first guys original scan are rated as :

Symantec Reputation

Suspicious.Insight

Which is lowest of the shit.

Don't put so much faith in these crappy online virus shitters cause when you get hit by a real virus it won't be detected on that site.
Well maybe not until they fuck your PC and blow it up then it will detect it on your site after a week of that.

Another thing to mention is the file sizes of your InnoSetups are not the same size or has the same amount of content that is packed into apollos setup.

---
https://www.fallen-evolution.com
https://www.fallen-evolution.com/discord
https://eosource.net

eoclone posted: (11th Jul 2012, 09:33 am)

elevations posted: (11th Jul 2012, 09:22 am)

eoclone posted: (11th Jul 2012, 09:21 am)

can u post a scan for the Eirc file?

No point even the main download of Endless Online that includes the Eirc.exe is detected as a "virus" i believe it's just a big fat false positive.

the type of virus may vary,

however , here a scan of a setup made with inno setup maker
without the eirc(0/41)
https://www.virustotal.com/file/f13119474b45478c30b14d0c0b245595f1ac5eb67cf89973507fe040a55168eb/analysis/1341998422/

with eirc(1/41)

https://www.virustotal.com/file/4a43000f2262a0af912167161d450a5987d60c64c00662ef18c2bc9e0a0c1eb3/analysis/1341999035/

so its not the irc or the setup maker, now we need an explanation  for this false postive.....


edit : @elevations

relax bro , we are trying to clear things....

And what makes you trust the false positive of EO? But not other servers..

I also noticed:
endless edge.exe gives 1 false positive
eirc.exe gives like 22 false positives
escreenshot gives 1 false positive

comibine these false positives together and you get A FALSE POSITIVE.

Just saying if there really is a virus in there then i will start pointing fingers at apollo.

I sandboxed the entire installation process and launching of EE nothing went wrong EXCEPT when i tried to hit play game it said i was permanently banned :(.

Nothing has been chucked into my startup either.

---
https://www.fallen-evolution.com
https://www.fallen-evolution.com/discord
https://eosource.net

elevations posted: (11th Jul 2012, 09:36 am)

eoclone posted: (11th Jul 2012, 09:33 am)

elevations posted: (11th Jul 2012, 09:22 am)

eoclone posted: (11th Jul 2012, 09:21 am)

can u post a scan for the Eirc file?

No point even the main download of Endless Online that includes the Eirc.exe is detected as a "virus" i believe it's just a big fat false positive.

the type of virus may vary,

however , here a scan of a setup made with inno setup maker
without the eirc(0/41)
https://www.virustotal.com/file/f13119474b45478c30b14d0c0b245595f1ac5eb67cf89973507fe040a55168eb/analysis/1341998422/

with eirc(1/41)

https://www.virustotal.com/file/4a43000f2262a0af912167161d450a5987d60c64c00662ef18c2bc9e0a0c1eb3/analysis/1341999035/

so its not the irc or the setup maker, now we need an explanation  for this false postive.....


edit : @elevations

relax bro , we are trying to clear things....

The only other explanation is epatch.exe and epatch2.exe, EndlessEdge.exe, or Escreenshot.exe

I noticed both Eirc.exe and the first guys original scan are rated as :

Symantec Reputation

Suspicious.Insight

Which is lowest of the shit.

Don't put so much faith in these crappy online virus shitters cause when you get hit by a real virus it won't be detected on that site.
Well maybe not until they fuck your PC and blow it up then it will detect it on your site after a week of that.

Another thing to mention is the file sizes of your InnoSetups are not the same size or has the same amount of content that is packed into apollos setup.

i didn't say i repacked apollos setup, i just made a random test setup file to see if the inno setup gets detected and i packed a eirc also.
--------------------------------------------------------------------------------------
so now i have repacked every .exe in EE and here is the scan

https://www.virustotal.com/file/d84a78e2c5e5dc1d469d3bfb0a71377dc0606eb0b82a8b6bda11e3af1c4f6868/analysis/1342000645/

still not enough, we need some explanation.