Jump to content
UBot Underground

Antivirus Issue Getting Worse?


Recommended Posts

I am utterly fed up with this persistent issue, which seems to be getting worse. The last time I ran a compiled bot through Virustotal, there were around 6 or 7 virus warnings. This is what came back on my latest bot: 15/66. It's utterly ridiculous. It's all very well for Seth and his team to create fancy new versions of Ubot at professional level prices, but if they can't fix the basics - and this is one of them, then what's the point? The people I sell to use Virustotal as a basic check so you're starting on the back foot before you even open your mouth. I have resorted to creating other products, with Ubot programs thrown in as sweeteners because I just can't sell them with this issue. Sorry for the rant people.

 

FJwTYd7.jpg

  • Like 2
Link to post
Share on other sites

I have never heard of Virustotal.  So when I did a search, it seems that it is a free service supposedly produced by Google.

I then went to this site https://www.toptenreviews.comthat has done a superior job of reviewing AV software and I searched for Virustotal.  Not one article was shown by this site.  This site has a long history of doing through reviews.

From your post, you sound like you are frustrated with UBot and its inability at avoiding being flagged by AV software.  I do understand your concern.

Can you direct me to the official site where UBot Studio should register with AV software companies?  I will be gladly to pass it along.

The problem is that there is no site.  We do notify AV companies but to what end?  How do we find new AV companies?  How can we force them to add us to their definitions?

 

How would we even know about sites like Virustotal?  I personally don't trust free sites.  I have used enough free tools to see that they do not do a 100 percent scan or even present what they actually find.

 

If there is a better process then please share it.  But don't blame UBot.

 

Thanks

 

Buddy

Link to post
Share on other sites

Thanks for the comments, and apologies if I came over as angry. Not angry, just frustrated. Buddy, thank you for your comments: Virustotal was acquired by Google and is very well-known among developers. I'm not one but I've worked with plenty.

 

But discussing Virustotal and whether it's free/trustworthy etc is to miss the point. How many pieces of professional software do you have on your PC? I have hundreds. How many of them trigger Microsoft Windows AV warnings? In my case none, except Ubot programs. All of them get eventually flagged, and have to be manually excluded from quarantine, and every time Windows 10 gets an update, you have to start again. It's a royal pain. So not just Virustotal - even the host OS that Ubot runs on doesn't like it!

 

You say you advise the AV companies - well you must be doing something wrong - because nothing else on my PC has this issue. You're suggesting that if I  know of a better process, I should share it, but not to blame Ubot. Well, heck, why not blame Ubot? It's not my area of expertise to figure out how to stop Ubot programs triggering AV warnings.  I'm just a customer who's shelled out a decent amount of cash on a product that has a problem and the product owner shows no interest in fixing it - he just blames the AV companies. The question for Ubot is: how come every other piece of pro software you buy doesn't have this problem, just Ubot? I don't need or want a technical answer -  this can't be insoluble - it's just not a priority is it?

  • Like 2
Link to post
Share on other sites

I have never heard of Virustotal.  So when I did a search, it seems that it is a free service supposedly produced by Google.

 

I then went to this site https://www.toptenreviews.comthat has done a superior job of reviewing AV software and I searched for Virustotal.  Not one article was shown by this site.  This site has a long history of doing through reviews.

 

From your post, you sound like you are frustrated with UBot and its inability at avoiding being flagged by AV software.  I do understand your concern.

 

Can you direct me to the official site where UBot Studio should register with AV software companies?  I will be gladly to pass it along.

 

The problem is that there is no site.  We do notify AV companies but to what end?  How do we find new AV companies?  How can we force them to add us to their definitions?

 

How would we even know about sites like Virustotal?  I personally don't trust free sites.  I have used enough free tools to see that they do not do a 100 percent scan or even present what they actually find.

 

If there is a better process then please share it.  But don't blame UBot.

 

Thanks

 

Buddy

As mentioned by stever - ubot software is blocked by window antivirus/firewall so first you can contact Microsoft.

As far as I understand the main problem is build-in file loader which downloads internal browser files - maybe this issue can be resolved, since that is what trigger antivirus mostly .

  • Like 1
Link to post
Share on other sites

All --

 

Nobody wants to download and use software that appears to be virus infected malware.

 

So when I share a link to this VirusTotal detection report...

 

https://www.virustotal.com/#/file/41fdbe471f168cb82a2931dcb009ca236dc8280c808f29f415dde3a86939d4b4/detection

 

...and you see that 30 out of 68 anti-virus/malware programs classify it as dangerous (at least as of the time I'm sharing the report link)...

 

You're likely to conclude there's no way anyone would ever download and use the software.

 

And that's what I'd initially assume, too.

 

But thousands, if not tens-of-thousands of people use this software every day.

 

(I'm running multiple instances of this software as I type this message.)

 

Two things make the difference.

 

1) A rational upfront explanation of why the software may be showing up as malware.

 

From the sales thread of the software whose VirusTotal report I'm highlighting...

 

 

 

Windows 10 Defender recognizes miner as a virus, some antiviruses do the same. Miner is not a virus, add it to Defender exceptions.
I write miners since 2014. Most of them are recognized as viruses by some paranoid antiviruses, perhaps because I pack my miners to protect them from disassembling, perhaps because some people include them into their botnets, or perhaps these antiviruses are not good, I don't know. For these years, a lot of people used my miners and nobody confirmed that my miner stole anything or did something bad.
Note that I can guarantee clean binaries only for official links in my posts on this forum (bitcointalk). If you downloaded miner from some other link - it really can be a virus.
However, my miners are closed-source so I cannot prove that they are not viruses. If you think that I write viruses instead of good miners - do not use this miner, or at least use it on systems without any valuable data.

 

2) Social proof confirming that the software works and doesn't do any harm.

 

In this case, the software is posted for download on a forum where people can reply and post questions, comments, or concerns.

 

You can see the thread for yourself: https://bitcointalk.org/index.php?topic=1433925.0

 

The original post gets updated whenever a new version of the software is released.

 

But you can see the first reply to the original post specifically mentions the malware issue:

 

- - - -

My antivirus removed the file as soon as it was available.
So ill keep off until some more comments are available.

- - - -

 

It starts becoming a non-issue once the software author replies with...

 

- - - -

I pack my miners to prevent disassembling. Some paranoid antiviruses treats any packer as a virus. I'm trying to fix it, but not sure that it is possible for all antiviruses.
If you think that I write viruses - do not use this miner.

- - - -

 

...and it snowballs as more social proof rolls in throughout the forum thread.

 

The Solution

 

In a perfect world, no app/bot created with UBot Studio would get flagged as virus infected malware.

 

But it happens.

 

Trying to get some random AV company to whitelist one's software is tricky at best, impossible at worst.

 

Pleading with the UBot Studio development team to fix the problem is understandable, but the issue has been addressed in the past:

 

http://network.ubotstudio.com/blog/why-your-bot-is-showing-up-as-a-virus-and-what-to-do-about-it/

 

I've only used one part of the formula (a rational upfront explanation of why the software may be showing up as malware) and haven't had any real issues.

 

Here's what I say, feel free to borrow or modify it:

 

========

Hi, it's %%YOUR-FIRST-NAME%%. I'm the creator of %%NAME-OF-SOFTWARE%%.
 

Before you download %%NAME-OF-SOFTWARE%%, I just want to take a moment to personally thank you for expressing an interest in this amazing software.
 

I also want to take a moment to proactively bring some very weird and bizarre information to your attention.
 

The overwhelming majority of anti-virus systems correctly classify %%NAME-OF-SOFTWARE%% as being completely clean and safe to download and install. That's why I'm bewildered to have to tell you that a small minority anti-virus systems are erroneously classifying %%NAME-OF-SOFTWARE%% as being virus infected malware.
 

You can see the independently generated 'Virus Total' results for the %%NAME-OF-SOFTWARE%% executable (EXE) file here: [LINK-TO-VIRUS-TOTAL-REPORT]. Verify the SHA-256 hash listed on the 'Virus Total' page with the code below.

%%NAME-OF-SOFTWARE%%.exe :: [the-sha256-hash-for-your-ubot-exe-file]

After speaking to several other independent software developers and reaching out to a software security consultant, I discovered that a lot of legitimate software gets erroneously flagged as virus infected malware from time to time.

In conclusion, if you download %%NAME-OF-SOFTWARE%% directly from this website ("YourDomainName.com") and not from some random "warez" site, I'm 100% certain that everything will be fine. I use %%NAME-OF-SOFTWARE%% every day.
 

Thank you for your support,
%%YOUR-FIRST-NAME%%

========

 

Now imagine if in addition to that upfront transparency, there were at least 80 "replies" with various messages that join the conversation already going on in the mind of the individual who might be interested in the software.

 

"Yeah, my AV flagged it, but I whitelisted and there are no problems."

 

"No problems installing it on my system."

 

"Works fine."

 

"The file is clean."

 

I'm just saying, we as a community don't have to let this AV issue hold us back or hold us down.

  • Like 1
Link to post
Share on other sites

I am utterly fed up with this persistent issue, which seems to be getting worse. The last time I ran a compiled bot through Virustotal, there were around 6 or 7 virus warnings. This is what came back on my latest bot: 15/66. It's utterly ridiculous. It's all very well for Seth and his team to create fancy new versions of Ubot at professional level prices, but if they can't fix the basics - and this is one of them, then what's the point? The people I sell to use Virustotal as a basic check so you're starting on the back foot before you even open your mouth. I have resorted to creating other products, with Ubot programs thrown in as sweeteners because I just can't sell them with this issue. Sorry for the rant people.

 

FJwTYd7.jpg

Have you tried this? Would be good to see before/after

http://network.ubotstudio.com/forum/index.php/topic/19547-how-to-avoid-antivirus-and-windows-alerts/

 

Link to post
Share on other sites

I have never heard of Virustotal.  So when I did a search, it seems that it is a free service supposedly produced by Google.

 

I then went to this site https://www.toptenreviews.comthat has done a superior job of reviewing AV software and I searched for Virustotal.  Not one article was shown by this site.  This site has a long history of doing through reviews.

 

From your post, you sound like you are frustrated with UBot and its inability at avoiding being flagged by AV software.  I do understand your concern.

 

Can you direct me to the official site where UBot Studio should register with AV software companies?  I will be gladly to pass it along.

 

The problem is that there is no site.  We do notify AV companies but to what end?  How do we find new AV companies?  How can we force them to add us to their definitions?

 

How would we even know about sites like Virustotal?  I personally don't trust free sites.  I have used enough free tools to see that they do not do a 100 percent scan or even present what they actually find.

 

If there is a better process then please share it.  But don't blame UBot.

 

Thanks

 

Buddy

YOU never heard of virustotal, so it must be garbage. Yet itt is widely used by everyone when checking out software across many different mediums. Yet YOU, the person with a clear bias and agenda deem it to be worthless and suggest people ignore it.

 

NO! You are being a biased, disingenuous, and hostile little spin weasel, nothing new here...

 

From your post, you DON'T seem to understand his or anyone's concern, and only seem yourself concerned with making excuses for ubot and downplaying the reality that it faces as a product that is supposed to produce clean software that won't trigger potential customers virus scans and software.

 

Passive-aggressive rhetorical questions aren't arguments. How can you contact virus companies to take ubot off the list? That's the job of the developers, why are you asking a customer? How about you DO YOUR FKN JOB! As opposed to just spin doctoring damage control on the forums like a sneak. Again, just snarky feminine talk that solves nothing, and expects the customer to take responsibility for what the developers are supposed to be doing!

 

How would you even know sites like virustotal?  BY DOING YOUR GODDAMN JOB! Who do you think you are fooling here with your spin bullshit? Enough it enough! I see your snarky retorts in just about every thread criticizing the valid problems with ubot, and trying to fool people while feigning concern half the time. It makes me SICK! Nobody here with half a brain is stupid enough to fall for the garbage anymore, especially with the current state of the long time unfixed bugs ubot has. I'm just the only one with the balls to say it out loud.

 

I don't care if you personally trust free sites or tools. The wide community of people who buy software DO! You don't matter, the sales that I and others here are missing or refunding because of ubot's flaky exe's do matter!

 

There is a better process, and I'm sharing it now. Do your damn job and reach out to all of the virus companies by phone and email, start with looking at the ones that read ubot exe's as virus installs in the damn image that the OP posted. Or go to virustotal yourself and scan an exe you made, then check out the companies who flagged it. Find their websites and contact them!

 

And until you or whoever is responsible over there for doing that damn job gets their ass in gear, I WILL BLAME UBOT! Because there is NOBODY else to blame but the source of the problem itself!

  • Like 2
Link to post
Share on other sites

Can you direct me to the official site where UBot Studio should register with AV software companies?  I will be gladly to pass it along.

 

The problem is that there is no site.  We do notify AV companies but to what end?  How do we find new AV companies?  How can we force them to add us to their definitions?

 

 

 

VirusTotal with the Alexa rank 4,120 is so famous.
But finding reports' links is easy enough:
 
1. Scroll all the way down to get to the list of the vendors:
 
 
2. Get on Google and search "avName report false positive" or "avName false positive submission". check the first few returned links, you will find it.
 
Once found, start to submit UBot and update users with the submission reports in a place like tracker.
Link to post
Share on other sites

Well that started quite a conversation - thank you all for your input.

I haven't tried the wrapping approach, and it's yet more investment from third parties on top of an already expensive product whose developers don't seem to acknowledge there's a problem. It's a pity there isn't much in the way of competition for Ubot, because markets have a habit of resolving indifference and poor customer service. 

 

Personally I think there's much to praise about Ubot, but the lack of concern about this issue (and also the crippleware philosophy behind the product variants) only goes to highlight Ubot's culture, which presumably comes from the top. And as long as there's nothing else out there better to draw customers away, they can do what they d***-well like and we'll just have to put up with it. It certainly doesn't engender loyalty, which can have unexpected downsides.

 

But come the revolution it'll be a different story...

  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...