The Funny World of Virus Scanners

Ok here is some funny results you get from some Virus scanners with them picking up false results.

I made a simple Hello World 3 line code in VB6...here are the 3 lines...with one Form

Private Sub Form_Load()
Caption = "Hello World"
End Sub


I made this as a EXE and called it "helloworld.exe" then i submitted this file to a web site Virus Total www.virustotal.com
This website has a service where it will put the file though many virus scanners and show the results.

Here is picture of the results: www.virustotal.com/analisis/1f2ac722395c75321313a6fa0e59d0051d892f2f9be6dfb64ae9f2f678831fc8-1248968344

 

Now I will UPX the file see what results you get....This packs the executables file with a well known upx http://upx.sourceforge.net/

I am using a GUI for the UPX to make it easyer...using drag and drop.



Now see the amazing result changes ...See eSafe now says its a Suspicious File ... and F-Secure now says its a Suspicious:W32/Malware!Gemini
what is amazing as the file is the same but its just packed using UPX ... and even a-squared its changed.

www.virustotal.com/analisis/a4e5e676c27ba45b2dccb6f0f426e0d9537c2a8b1635df3d106f19abc107a86d-1248970736

 

Now what does this all mean....to me it means you cant really trust the results you get from many virus scanners...
be very carefull to not let there results scare or worry you... many results are just false postives........

 

Here is the VB6 in a winzip click here to download it...if you have VB6
This has the VB6 source ... plus the helloworld.exe and the helloworld.exe UPX packed version

 

Update showing there is nothing in the GUiPeX interface

 

new test