Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PadNull.dll
#1
So Avast flaged a this file as Threat:Win32:malware-gen = severity high

Seeing as this was part of PCSX2 I reported it false positive, This same false postive is flaging any Pcsx2 Git build with that file in which terminates the download fiqure i let you's know too
Reply

Sponsored links

#2
PCSX2 1.3.1-182 for example doesn't flag padnull for me, but all recent versions of PCSX2 do flag it. It's a bit odd.

Something in the code must have changed to become flagged by AV.
Intel Core i5-4670K @ 3.40GHz | 16GB (2x8GB) DDR3-1866 G.SKILL Sniper Series
AMD Radeon R9 280 @ 3 GB | 120GB SSD | Windows 7 Ultimate x64 (SP1)
Reply
#3
Or they changed their detected signatures and started falsely detecting it
[Image: newsig.jpg]
Reply
#4
Did padnull get any changes in the code though in the more recent versions?

If it's truly just the AV being crappy, then -every- padnull should be flagged. But it's only happening in the recent versions.
Intel Core i5-4670K @ 3.40GHz | 16GB (2x8GB) DDR3-1866 G.SKILL Sniper Series
AMD Radeon R9 280 @ 3 GB | 120GB SSD | Windows 7 Ultimate x64 (SP1)
Reply
#5
(11-24-2015, 11:21 PM)Bositman Wrote: Or they changed their detected signatures and started falsely detecting it

it probably is false and I have reported it as such But I report the PADNULL not the actual links to the git builds, but  did give them the links to them. ATM cant download current GIT builds less turning Avast is off.
Reply
#6
(11-24-2015, 11:53 PM)tsunami2311 Wrote: it probably is false and I have reported it as such But I report the PADNULL not the actual links to the git builds, but  did give them the links to them. ATM cant download current GIT builds less turning Avast is off.

You can exclude the buildbot site in Avast's webshield. It's the webshield blocking the download.
Intel Core i5-4670K @ 3.40GHz | 16GB (2x8GB) DDR3-1866 G.SKILL Sniper Series
AMD Radeon R9 280 @ 3 GB | 120GB SSD | Windows 7 Ultimate x64 (SP1)
Reply
#7
As I said in the other thread about this http://forums.pcsx2.net/Thread-uninst-pc...e-infected and in BPH, Kaspersky picks it up as well and I reported it as false positive to them yesterday and again today.

There is some signature matching going on or it wouldn't happen with multi AVs. As Bosit said in BPH likely a new malware has a bit that just so happens to match padnull.dll

However it also seems to coincide with when we switched over to VS2015.
[Image: vwah44]
Gaming: Intel i7 3770k @ 4.2Ghz | R9 290 | 16GB RAM | 480GB(240GB+240GB RAID0) SSD | 3 TB HDD | 1 TB HDD | 500GB HDD
Server: AMD FX 6300 @ 4.4Ghz | GTX 670 | 16GB RAM | 240GB SSD | 320GB HDD
PCSX2 General Troubleshooting FAQ
Reply
#8
(11-25-2015, 12:03 AM)Blyss Sarania Wrote: As I said in the other thread about this http://forums.pcsx2.net/Thread-uninst-pc...e-infected and in BPH, Kaspersky picks it up as well and I reported it as false positive to them yesterday and again today.

There is some signature matching going on or it wouldn't happen with multi AVs. As Bosit said in BPH likely a new malware has a bit that just so happens to match padnull.dll

However it also seems to coincide with when we switched over to VS2015.

Yeah, looks like it has to be related to the VS2015 migration then. Unless something else changed, because it's not happening in older versions of padnull from what I can tell.
Intel Core i5-4670K @ 3.40GHz | 16GB (2x8GB) DDR3-1866 G.SKILL Sniper Series
AMD Radeon R9 280 @ 3 GB | 120GB SSD | Windows 7 Ultimate x64 (SP1)
Reply
#9
Yeah I originally said in BPH it happened all the way back to 1.2.1 but I was mistaken, scanned the wrong archive heh.

Does anyone know EXACTLY what revision we changed over to VS2015 in? I can't tell by the buildbot page and I'd like to verify this.
[Image: vwah44]
Gaming: Intel i7 3770k @ 4.2Ghz | R9 290 | 16GB RAM | 480GB(240GB+240GB RAID0) SSD | 3 TB HDD | 1 TB HDD | 500GB HDD
Server: AMD FX 6300 @ 4.4Ghz | GTX 670 | 16GB RAM | 240GB SSD | 320GB HDD
PCSX2 General Troubleshooting FAQ
Reply
#10
I'd say it's because of new malware. the last code change for padnull.dll was 3 months ago
[Image: gmYzFII.png]
[Image: dvedn3-5.png]
Reply




Users browsing this thread: 1 Guest(s)