Results 1 to 7 of 7

Thread: Win32.Palevo False Positive

  1. #1
    Senior Member dj.turkmaster's Avatar
    Join Date
    Feb 2007
    Location
    TURKEY/Ankara
    Posts
    139

    Default Win32.Palevo False Positive

    Hello my uncle has encountered a false positive.
    It is detected as Win32.Palevo. He uses a 64bit win 7 ultimate OS. I have tested the file myself with the old updates but didin't encounter the false positive. But with the latest updates 2011-03-16 I encounter this false positive too. My OS is Win vista hom premium 32bit. It occurs when we debug my uncle's following c file:
    Code:
    #include <stdio.h>
    #include <stdlib.h>
    
    typedef struct
    {
        char adi[30];
        char soyadi[40];
        char nosu[20];
        float vize;
        float final;
        float ortalama;
    } liste;
    void main()
    {
    
        int i, n;
        printf("Kac kisi gireceksiniz? > ");
        scanf("%d",&n);
        liste kayit[n];
    
        for(i=0; i<n; i++)
        {
            printf("\n");
            printf("%d. Kayit: \n\n",i+1);
            printf("Adi gir > ");
            scanf("%s",&kayit[i].adi);
            printf("Soyadi gir > ");
            scanf("%s",&kayit[i].soyadi);
            printf("Nosu gir > ");
            scanf("%s",&kayit[i].nosu);
            printf("Vize gir > ");
            scanf("%f",&kayit[i].vize);
            printf("Final gir > ");
            scanf("%f",&kayit[i].final);
            kayit[i].ortalama = kayit[i].vize*0.4 + kayit[i].final*0.6;
        }
        printf("Butun Bilgiler\n\n");
        printf("SIRA ADI        SOYADI      NOSU VIZE FINAL ORTALAMA");
        printf("\n");
        for(i=0; i<n; i++){
            printf("%4d. ", i+1);
            printf("%s \t", kayit[i].adi);
            printf("%s \t", kayit[i].soyadi);
            printf("%s \t", kayit[i].nosu);
            printf("%.1f \t", kayit[i].vize);
            printf("%.2f \t", kayit[i].final);
            printf("%.2f \t", kayit[i].ortalama);
            printf("\n");
        }
    }
    It's not my code lol :D The teatimer module gives this fp. while executing the program.

    Oh btw: My spybot version is the latest 1.6.2.46
    Last edited by dj.turkmaster; 2011-03-20 at 23:26. Reason: Added spybot version info
    DOCTUS.ORG Turkish security forum

  2. #2
    Junior Member
    Join Date
    Mar 2011
    Posts
    1

    Default

    Yep, got the same problem with debugging or starting compiled programs (visual studio 2008). It seems that older projects are somehow not affected.

  3. #3
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    thank you for reporting this issue. I think I have found the reason for this problem. It will be fixed with the next detection update scheduled for this Wednesday 2011-03-23.
    After the update please make sure to restart the TeaTimer.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  4. #4
    Junior Member
    Join Date
    Mar 2011
    Posts
    2

    Default

    I have a similar problem, the last 2-3 C++ programs I've written in Visual Studio have all been listed as part of Win32.palevo.
    Code:
    #include <iostream>
    
    using namespace std;
    
    template <class T=int>
    class MyClass{
    public:
    	void Increase(T &i){i++;}
    
    };
    
    /*template <class T=int>
    void MyClass<T>::Myclass(T &i)
    {
    	i=i+1;
    	cout << i;
    }*/
    
    
    int main(){
    	int integer=0, pause;
    	char character;
    	
    	MyClass <int> ClassTest; 
    	ClassTest.Increase(integer);
    	cout << integer;
    
    	return 0;
    }
    and this

    Code:
    #include <iostream>
    
    using namespace std;
    
    int function (int a, int b){
     return (a>b?a:b);//If a>b return a, if false return b
    }
    
    
    int main(){
    	int i;
    
    	cout << function(2,1);
    	cin >> i;
    	return 0;
    
    }
    Both of those builds cause the problem... not sure why, as you can tell both programs are pretty straightforward, and more complicated ones I have don't have the problem. I'm running Windows 7 64bit. Thanks in advance.

  5. #5
    Junior Member
    Join Date
    Mar 2011
    Posts
    2

    Default

    Scratch that, everything is working now. Thanks.

  6. #6
    Junior Member
    Join Date
    Apr 2006
    Posts
    1

    Default Getting this with Erlang inet_gethost.exe subprocess now

    Hello there,

    Seeing the same Palevo false positive when running Erlang on windows, version R14B02. Running the 2011-04-06 detection updates on 1.6.2.46.

    The executable inet_gethost.exe, which is an Erlang subprocess, is being flagged, see the image below:



    Source is here: http://www.erlang.org/download/otp_src_R14B02.tar.gz

    inet_gethost.c is a pretty simple bit of code, see:

    https://github.com/erlang/otp/blob/d...inet_gethost.c

    It getting flagged by Spybot is preventing Erlang on Windows from playing nicely with teatimer. This in turn is preventing some really nice software (such as CouchDB) from working right on Win32 that has teatimer active.

  7. #7
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Quote Originally Posted by wohali View Post
    Hello there,

    Seeing the same Palevo false positive when running Erlang on windows, version R14B02. Running the 2011-04-06 detection updates on 1.6.2.46.

    The executable inet_gethost.exe, which is an Erlang subprocess, is being flagged, see the image below:



    Source is here: http://www.erlang.org/download/otp_src_R14B02.tar.gz

    inet_gethost.c is a pretty simple bit of code, see:

    https://github.com/erlang/otp/blob/d...inet_gethost.c

    It getting flagged by Spybot is preventing Erlang on Windows from playing nicely with teatimer. This in turn is preventing some really nice software (such as CouchDB) from working right on Win32 that has teatimer active.
    Hello wohali,

    I cannot confirm the false positive you reported. Have your restarted your computer or TeaTimer after the Spybot S&D update 2011-03-23?
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •