Fixed: Win32.Palevo False Positive

D

dj.turkmaster

New member
Alpha Testers
Hello my uncle has encountered a false positive.
It is detected as Win32.Palevo. He uses a 64bit win 7 ultimate OS. I have tested the file myself with the old updates but didin't encounter the false positive. But with the latest updates 2011-03-16 I encounter this false positive too. My OS is Win vista hom premium 32bit. It occurs when we debug my uncle's following c file:
Code: 
#include <stdio.h>
#include <stdlib.h>

typedef struct
{
    char adi[30];
    char soyadi[40];
    char nosu[20];
    float vize;
    float final;
    float ortalama;
} liste;
void main()
{

    int i, n;
    printf("Kac kisi gireceksiniz? > ");
    scanf("%d",&n);
    liste kayit[n];

    for(i=0; i<n; i++)
    {
        printf("\n");
        printf("%d. Kayit: \n\n",i+1);
        printf("Adi gir > ");
        scanf("%s",&kayit[i].adi);
        printf("Soyadi gir > ");
        scanf("%s",&kayit[i].soyadi);
        printf("Nosu gir > ");
        scanf("%s",&kayit[i].nosu);
        printf("Vize gir > ");
        scanf("%f",&kayit[i].vize);
        printf("Final gir > ");
        scanf("%f",&kayit[i].final);
        kayit[i].ortalama = kayit[i].vize*0.4 + kayit[i].final*0.6;
    }
    printf("Butun Bilgiler\n\n");
    printf("SIRA ADI        SOYADI      NOSU VIZE FINAL ORTALAMA");
    printf("\n");
    for(i=0; i<n; i++){
        printf("%4d. ", i+1);
        printf("%s \t", kayit[i].adi);
        printf("%s \t", kayit[i].soyadi);
        printf("%s \t", kayit[i].nosu);
        printf("%.1f \t", kayit[i].vize);
        printf("%.2f \t", kayit[i].final);
        printf("%.2f \t", kayit[i].ortalama);
        printf("\n");
    }
}
It's not my code lol :D The teatimer module gives this fp. while executing the program.

Oh btw: My spybot version is the latest 1.6.2.46
 
Last edited:
Yep, got the same problem with debugging or starting compiled programs (visual studio 2008). It seems that older projects are somehow not affected.
 
hello,

thank you for reporting this issue. I think I have found the reason for this problem. It will be fixed with the next detection update scheduled for this Wednesday 2011-03-23.
After the update please make sure to restart the TeaTimer.
 
I have a similar problem, the last 2-3 C++ programs I've written in Visual Studio have all been listed as part of Win32.palevo.
Code: 
#include <iostream>

using namespace std;

template <class T=int>
class MyClass{
public:
	void Increase(T &i){i++;}

};

/*template <class T=int>
void MyClass<T>::Myclass(T &i)
{
	i=i+1;
	cout << i;
}*/


int main(){
	int integer=0, pause;
	char character;
	
	MyClass <int> ClassTest; 
	ClassTest.Increase(integer);
	cout << integer;

	return 0;
}

and this

Code: 
#include <iostream>

using namespace std;

int function (int a, int b){
 return (a>b?a:b);//If a>b return a, if false return b
}


int main(){
	int i;

	cout << function(2,1);
	cin >> i;
	return 0;

}

Both of those builds cause the problem... not sure why, as you can tell both programs are pretty straightforward, and more complicated ones I have don't have the problem. I'm running Windows 7 64bit. Thanks in advance.
 
Getting this with Erlang inet_gethost.exe subprocess now

Hello there,

Seeing the same Palevo false positive when running Erlang on windows, version R14B02. Running the 2011-04-06 detection updates on 1.6.2.46.

The executable inet_gethost.exe, which is an Erlang subprocess, is being flagged, see the image below:

snap005y.png


Source is here: http://www.erlang.org/download/otp_src_R14B02.tar.gz

inet_gethost.c is a pretty simple bit of code, see:

https://github.com/erlang/otp/blob/dev/erts/etc/common/inet_gethost.c

It getting flagged by Spybot is preventing Erlang on Windows from playing nicely with teatimer. This in turn is preventing some really nice software (such as CouchDB) from working right on Win32 that has teatimer active.
 
wohali said:
Hello there,

Seeing the same Palevo false positive when running Erlang on windows, version R14B02. Running the 2011-04-06 detection updates on 1.6.2.46.

The executable inet_gethost.exe, which is an Erlang subprocess, is being flagged, see the image below:

snap005y.png


Source is here: http://www.erlang.org/download/otp_src_R14B02.tar.gz

inet_gethost.c is a pretty simple bit of code, see:

https://github.com/erlang/otp/blob/dev/erts/etc/common/inet_gethost.c

It getting flagged by Spybot is preventing Erlang on Windows from playing nicely with teatimer. This in turn is preventing some really nice software (such as CouchDB) from working right on Win32 that has teatimer active.
Click to expand...

Hello wohali,

I cannot confirm the false positive you reported. Have your restarted your computer or TeaTimer after the Spybot S&D update 2011-03-23?
 
You must log in or register to reply here.
Back
Top