OSDev.org

Well
when i compile some of my code, avg 8 dectede is as a virus, and a exe head ???
but the code is far from a virus, and a exe.
avg 8 ignore when i tell it not to tjek that file (kernel16.bin), but that dont help

since it dectede it, can it be due to the "cpu" chek i do in the beginning ??
secound: have any other tried that ??


KMT dk

My boot sector (and therefore,the whole floppy image - since boot sector starts at ofs 0 and ends 0x200 in the image) was unfriendly to NOD32, so I have send them the asm code of the sector and compiled binary to report as false alarm, and I'm no more getting the "virus" warning.

Maybe you should e-mail Grisoft (the creator of AVG) with your code [firstly try to smoothen your English a bit], and if that wouldn't help, try a better anti virus program (e.g. nod32 ).

Regards
inflater

Never had any problems with my anti-virus detecting my OS as a virus, but I used to used AVG and it has a load of problems...
Jules

I use avg8 and I've never had any problems like that. Very intersting. You should try removing the one peice of code temporarily and see what it is, and if you find the exact issue, submit it to AVG and see if they can alter the signature a bit to weed-out the harmess.

Wow, the odds of your code compiling to something that is recognized as a virus seems astronomical. Does AVG check file names too to detect viruses? Perhaps it recognizes kernel16.bin as the name of a known virus file.

I once hat that problem with my code. I used AVG, too. But that was more then two years ago.

Perhaps it is some kind of boot viruses detection... or its some sort of marketing gag to find some viruses from time to time.

It is probably detecting a signature like a known virus, does it tell you which virus it thinks it is? You can try to get its signature and compare bit for bit.

well
it happend after i removede some code, and add some.
well it aint a bootloader, it is a file betwen 32 bit protected mode, and the 16 bit.
my own therio was a call to 0x5000, since this is out of the program ,witch begins at 0x8000.
I first got home now som im testing it now ..

edit:
test results:
it is becase of the first part of the code.
It must be seen as a exe file .. wird .
reason:
i add a nop in the top of the code, and then it dont saw it as a virus ..


KMT DK

Solution? Use *nix.

Come on Brynet-inc, you should have been in there before me with that...

JamesM wrote:Solution? Use *nix.

WARNING: Flamebait detected
Post has been blocked

Laksen wrote:

JamesM wrote:Solution? Use *nix.

WARNING: Flamebait detected
Post has been blocked

That's barely flamebait material, it's just a friendly joke, calm down.
Jules

edit:spellings.

JamesM wrote:Solution? Use *nix.

Come on Brynet-inc, you should have been in there before me with that...

I'm a harmless observer now, perhaps next time.

Hi,

Telgin wrote:Wow, the odds of your code compiling to something that is recognized as a virus seems astronomical. Does AVG check file names too to detect viruses? Perhaps it recognizes kernel16.bin as the name of a known virus file.

Relying on signatures (and file names) would help for viruses you know about, but it's entirely useless for viruses you don't know about.

Good anti-virus programs analyze the contents of the file. If the file starts with a PE header then check if it uses Windows API functions that provide direct disk access. If all the bytes are valid ASCII characters (or UTF-8 characters) separated by linefeed characters then it's probably harmless (text file, HTML, etc). If it contains a valid header for BMP, JPG, MPG, etc then it's probably a BMP, JPG, MPG, etc.

If it's a small binary that begins with a JMP instruction, contains 16-bit code and accesses the BIOS's disk services, then it's probably a boot sector virus. For a normal Windows user, it's unlikely to be anything else...


Cheers,

Brendan

This is a sign of good tight code written in ASM, my OS is also detected as a virus, its a virus to bloatware.

But of course, most Windows users (me included) trust our Anti-virus programs, so it's always preferable that your code isn't detected as a virus. An ASM boot sector is likely to be detected as a boot sector virus (because most people don't keep random 512-byte binaries with 16-bit jump instructions and an FAT BPB on their hard drives).