PadNull.dll
#1
So Avast flaged a this file as Threat:Win32:malware-gen = severity high

Seeing as this was part of PCSX2 I reported it false positive, This same false postive is flaging any Pcsx2 Git build with that file in which terminates the download fiqure i let you's know too
Reply

Sponsored links

#2
PCSX2 1.3.1-182 for example doesn't flag padnull for me, but all recent versions of PCSX2 do flag it. It's a bit odd.

Something in the code must have changed to become flagged by AV.
AMD Ryzen 5 3600 @ 3.60~4.20 GHz | Corsair Vengeance LPX 16 GB (2x8GB) DDR4-3200
MSI GeForce GTX 1660 Super @ 6 GB | Kingston A400 480GB SSD | Windows 10 Pro x64 (b19043.1288)
Reply
#3
Or they changed their detected signatures and started falsely detecting it
[Image: newsig.jpg]
Reply
#4
Did padnull get any changes in the code though in the more recent versions?

If it's truly just the AV being crappy, then -every- padnull should be flagged. But it's only happening in the recent versions.
AMD Ryzen 5 3600 @ 3.60~4.20 GHz | Corsair Vengeance LPX 16 GB (2x8GB) DDR4-3200
MSI GeForce GTX 1660 Super @ 6 GB | Kingston A400 480GB SSD | Windows 10 Pro x64 (b19043.1288)
Reply
#5
(11-24-2015, 11:21 PM)Bositman Wrote: Or they changed their detected signatures and started falsely detecting it

it probably is false and I have reported it as such But I report the PADNULL not the actual links to the git builds, but  did give them the links to them. ATM cant download current GIT builds less turning Avast is off.
Reply
#6
(11-24-2015, 11:53 PM)tsunami2311 Wrote: it probably is false and I have reported it as such But I report the PADNULL not the actual links to the git builds, but  did give them the links to them. ATM cant download current GIT builds less turning Avast is off.

You can exclude the buildbot site in Avast's webshield. It's the webshield blocking the download.
AMD Ryzen 5 3600 @ 3.60~4.20 GHz | Corsair Vengeance LPX 16 GB (2x8GB) DDR4-3200
MSI GeForce GTX 1660 Super @ 6 GB | Kingston A400 480GB SSD | Windows 10 Pro x64 (b19043.1288)
Reply
#7
As I said in the other thread about this http://forums.pcsx2.net/Thread-uninst-pc...e-infected and in BPH, Kaspersky picks it up as well and I reported it as false positive to them yesterday and again today.

There is some signature matching going on or it wouldn't happen with multi AVs. As Bosit said in BPH likely a new malware has a bit that just so happens to match padnull.dll

However it also seems to coincide with when we switched over to VS2015.
[Image: XTe1j6J.png]
Gaming Rig: Intel i7 6700k @ 4.8Ghz | GTX 1070 TI | 32GB RAM | 960GB(480GB+480GB RAID0) SSD | 2x 1TB HDD
Reply
#8
(11-25-2015, 12:03 AM)Blyss Sarania Wrote: As I said in the other thread about this http://forums.pcsx2.net/Thread-uninst-pc...e-infected and in BPH, Kaspersky picks it up as well and I reported it as false positive to them yesterday and again today.

There is some signature matching going on or it wouldn't happen with multi AVs. As Bosit said in BPH likely a new malware has a bit that just so happens to match padnull.dll

However it also seems to coincide with when we switched over to VS2015.

Yeah, looks like it has to be related to the VS2015 migration then. Unless something else changed, because it's not happening in older versions of padnull from what I can tell.
AMD Ryzen 5 3600 @ 3.60~4.20 GHz | Corsair Vengeance LPX 16 GB (2x8GB) DDR4-3200
MSI GeForce GTX 1660 Super @ 6 GB | Kingston A400 480GB SSD | Windows 10 Pro x64 (b19043.1288)
Reply
#9
Yeah I originally said in BPH it happened all the way back to 1.2.1 but I was mistaken, scanned the wrong archive heh.

Does anyone know EXACTLY what revision we changed over to VS2015 in? I can't tell by the buildbot page and I'd like to verify this.
[Image: XTe1j6J.png]
Gaming Rig: Intel i7 6700k @ 4.8Ghz | GTX 1070 TI | 32GB RAM | 960GB(480GB+480GB RAID0) SSD | 2x 1TB HDD
Reply
#10
I'd say it's because of new malware. the last code change for padnull.dll was 3 months ago
[Image: gmYzFII.png]
[Image: dvedn3-5.png]
Reply




Users browsing this thread: 1 Guest(s)