Asp Forum
Home
|
Login
|
Register
|
Search
Forums
>
microsoft.public.dotnet.framework.interop
False positive on interop_shell32.dll generated by VS2005?
Jason Schultz
8/13/2007 6:40:00 AM
Hi all,
A customer reported that their Antivirus software (Rising Antivirus 2007)
detected a virus in our product, specifically the "Backdoor.Agent.hyn" trojan
in the interop.shell32.dll file generated by Visual Studio 2005 on our behalf.
Running this file through
http://www.virus...
indicates that Rising
Antivirus is the only product that finds a problem with the file, which I
generated for the test using a "clean" install of Visual Studio 2005 on an XP
VM.
Has anyone else seen this, or can anyone else confirm that this is a false
positive? I've found only one other mention of this on the 'net, on a chinese
site
Thanks! Jason
1 Answer
wawang
8/14/2007 2:07:00 AM
0
Hi Jason,
The interop.shell32.dll is just an interop assembly that contains metadata
used to consume COM type library from .NET. If you use Reflector
(
http://www.aisto.com/roed...
) to view it, you will see there're
just some interfaces or data structures.
It's probably because the malware you mentioned that has some identical
binary signature with this interop assembly. In my opinion, such issue
should probably be reported to the anti-virus software vendor.
That said, we might be able to workaround this by somehow changing the
content of this interop assembly so that it might bypass the anti-virus's
checking, but there's no guarantee that it will work.
You can give the interop assembly a strong name and sign it with a key
(such assembly is called primary interop assembly, PIA in short), this will
somehow change the binary content of the assembly. To do this, please refer
to following documents:
http://msdn2.microsoft.com/en-us/library/aa3...
Regards,
Walter Wang (wawang@online.microsoft.com, remove 'online.')
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Servizio di avviso nuovi messaggi
Ricevi direttamente nella tua mail i nuovi messaggi per
False positive on interop_shell32.dll generated by VS2005?
Inserendo la tua e-mail nella casella sotto, riceverai un avviso tramite posta elettronica ogni volta che il motore di ricerca troverà un nuovo messaggio per te
Il servizio è completamente GRATUITO!
x
Login to ForumsZone
Login with Google
Login with E-Mail & Password