Page 1 of 1

Check VSIDE with antivirus software

Posted: Thu 2016-09-01 11:49
by Arek

I start my adventure with VS1005.
Before install new software I have to check the files with antivirus software.
I use:

This time I get following message: found three

I'd like to ask you to verify this.

Message from "":

SHA256: 0ac60a1ce3efa719c24e00560878192a9c67fca9bb609402a16dbd39c96a1016
Dateiname: vside_win32_v240.exe
Erkennungsrate: 3 / 54
Analyse-Datum: 2016-09-01 09:32:37 UTC ( vor 3 Minuten )

Antivirus Ergebnis Aktualisierung
Ikarus Trojan-Spy.Win32.Pophot 20160901
Jiangmin Trojan/Generic.apcuw 20160901
McAfee-GW-Edition 20160901

Re: Check VSIDE with antivirus software

Posted: Thu 2016-09-01 12:11
by Henrik

I just run the same check, and yes, it seems that three anti-virus software of 51 thought there were something that looks suspicious.

VSIDE is compiled on a computer that has no Internet access, and we never run external binaries on it. As only 3 of 51 antivirus programs think there might be an issue (and even they disagree on what the issue would be), I'd tend to believe that these are false positives.

E.g. Ikarus thinks it sees Trojan-Spy.Win32.Pophot, but Microsoft's scanner (that does know about that virus) doesn't think there are any issues.

Kind regards,
- Henrik

Re: Check VSIDE with antivirus software

Posted: Thu 2016-09-01 12:44
by Panu
Hi and welcome to the Forum!

I also checked and came to the same conclusion as Henrik. The detections are heuristic and seem to come from the executables that are compiled using quite old compilers. Heuristic scanning can show a file to resemble a virus just because it was compiled with the same compiler as some old viruses.

Furthermore, the analysis seems quite old; I took further look at one included file, vssym.exe, which showed an infection at: ... /analysis/
Analysis date: 2014-02-19 13:13:24 UTC
Emsisoft Win32.Almanahe.D (B) 20140219
But noticed that the detection was 2.5 years old. Rescanning today shows the same file by the same scanner to be clean:
Analysis date: 2016-09-01 10:33:55 UTC
Emsisoft Clean 20160901
So there shouldn't be much to worry about. These things come and go! I also updated my virus scanner and scanned my laptop, seems clean.

Oh, and by the way, welcome to the world of VSDSP! We're looking forward to helping you!


Re: Check VSIDE with antivirus software

Posted: Thu 2016-09-01 12:54
by Panu
I think most of the false detections come from the file packing of NullSoft's installer. Many viruses use similar data packing for their code so naturally the packed files resemble each other and there are similar patterns. This may be emphasized by the fact the VSIDE is quite large package and it contains numerous PE executables. Superficially scanning these packages generates false positives such as these and it seems they cannot be completely avoided. Virus scanners also do their best to try to notice these kinds of files as viruses customarily try to disguise themselves as common installer packages.

For more info, please see:

Re: Check VSIDE with antivirus software

Posted: Thu 2016-09-01 13:34
by Arek
Hallo Henrik and Panu,

many thanks for promt reply.
I've asked my IT Department in my company and get OK to install it.

with best regards