bat2exe icon indicating copy to clipboard operation
bat2exe copied to clipboard

Published 20 hours ago verified publisher icon islamadel

Virus warning when downloading

Open retardedidiot opened this issue 4 years ago • 2 comments

When I downloaded this, my browser said that there's a virus in that file, so I checked this on virustotal and it said that a lot of engines actually detected a virus. Is there actually malware or is it just detected wrong? I downloaded this both from github and your website and I got the same virus browser warning on both of them. (This is about the converter itself, not the converted file.)

retardedidiot avatar Aug 27 '20 15:08 retardedidiot

bat2exe includes a resource editor to apply the icon file and edit the exe info. it gets detected as malware by some antivirus software bec. of its capabilities i assume, but it is completely safe to use. the resource editor isn't included in the generated exe. still remains that the exe file isn't signed which some antivirus programs don't like.

islamadel avatar Aug 27 '20 16:08 islamadel

Old issue but still a problem. One thing to note when using VT is which engines are detecting it. For example, of the 8 positive results for this, these are the engines:

  • SecureAge APEX, which is not a good engine as it seems to rely more on being overly cautious (IOW, it's not very good at detecting real vs questionable threats, so it just flags everything it even somewhat suspects), resulting in a high false positive rate, and so you'll see this as one of the most common ones flagging files
  • ClamAV, which is just a generally very poor AV
  • Cynet, K7AntiVirus, Gridinsoft, K7GW, and Trapmine, all obscure scanners that I have never heard of
  • Avira, which is the only well-known, moderately respectable scanner to give a positive result, and then it's only a heuristic result, which is unsurprising, as that only means the behavior is suspicious, which makes sense since this is not only compiling but, as the developer said, it's doing stuff that seems suspicious with the resource editor

Meanwhile, all of the other reputable* vendors (Avast, BitDefender, Comodo, Emsisoft, ESET, F-Secure, Fortinet, GData, Kaspersky, Malwarebytes, McAfee, Microsoft, Panda, Sophos, Tencent, TrendMicro, Webroot, Yandex, and ZoneAlarm) all show it as safe. Just something to keep in mind when looking at VT results in the future for anything.

*Obviously what's considered reputable varies by person to person, and there's a difference between reputable and trusted/competent. For example, Kaspersky and Yandex are Russian but Kaspersky at least is known to be very good and Yandex likely is at least decent, and Tencent is Chinese but, I believe, also supposedly pretty good. Comodo, Microsoft, Malwarebytes, and McAfee are big names that are generally considered to be mediocre in regard to malware scanning (MS has improved but I still don't think they're as good as some of the others, and I'd put them at upper-midrange). Avast and AVG both used to be good, but since Avast acquired AVG possibly not as much anymore.

vertigo220 avatar Jun 19 '22 20:06 vertigo220