Why does Malwarebytes view a Windows 3.1 program as malware?

Discussions about everything else

Why does Malwarebytes view a Windows 3.1 program as malware?

Postby EvilGrins » Fri Sep 26, 2014 4:11 am

I still use a lot of prgorams that I've been using since as far back as I've been using computers, though in some cases I've had to go hunting for downloads to find some I've lost. Like this thing:
Image
Handy little mouse tool. Right-click selects weapons, left-click shoots. You can destroy your desktop or whatever windows you had open before activating it...

...which is handy for destroying certain annoying people on Twitter:
Image
It makes me feel better. Sue me.

Here's what I don't understand: Malwarebytes views the program as malware, although AVG doesn't. It isn't malware but it keeps getting recognized as such by 1 of the 2 system checkers I've got.

Why is that?
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
User avatar
EvilGrins
Godlike
 
Posts: 6175
Joined: Thu Jun 30, 2011 8:12 pm
Location: Palo Alto, CA
Personal rank: God of Fudge

Re: Why does Malwarebytes view a Windows 3.1 program as malw

Postby Dr.Flay » Fri Sep 26, 2014 7:08 am

Without knowing what "a windows 3.1 program" or "this thing" is or where it can be downloaded, all I can do is shake some bones in a cup, read some tea-leaves, or pull some mystic cards from a deck.

Some info please. I can't virus test screenshots ;)

*EDIT*
Try this in your browser https://www.virustotal.com/en/documenta ... xtensions/
User avatar
Dr.Flay
Site Staff
 
Posts: 3169
Joined: Thu Aug 04, 2011 9:26 pm
Location: Kernow, UK
Personal rank: Chaos Evangelist

Re: Why does Malwarebytes view a Windows 3.1 program as malw

Postby EvilGrins » Fri Sep 26, 2014 7:14 am

Dr.Flay wrote:Some info please. I can't virus test screenshots ;)

Given nature of the question, thought linking might be frowned on.

1) Windows 3.1 is the version of Windows that was out before Windows '95; Microsoft Windows.

2) It's from http://www. MouseRunner. com

Go here http://www. mouserunner. com/MR_StressBustersScreenshots.html skim down to "Stress The Game".
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
User avatar
EvilGrins
Godlike
 
Posts: 6175
Joined: Thu Jun 30, 2011 8:12 pm
Location: Palo Alto, CA
Personal rank: God of Fudge

Re: Why does Malwarebytes view a Windows 3.1 program as malw

Postby Dr.Flay » Fri Sep 26, 2014 7:26 am

I take your point, but the product name and site name cane be done without linking....
Too late.
https://www.mywot.com/en/scorecard/mouserunner.com
Site: https://www.virustotal.com/en/url/5f8b1 ... 411712711/
File: https://www.virustotal.com/en/file/2102 ... 411688942/

*EDIT*
Tweaked your URLs

Evidence is inconclusive, but I think it is "jokeware" Avira has it as an option to block.

Note:
Many "desktop hacks" do odd things to the OS, so AV software can detect this as bad activity.
Most of the good AV is ignoring it and most others are aware but classify as a joke. I suspect a false positive.
User avatar
Dr.Flay
Site Staff
 
Posts: 3169
Joined: Thu Aug 04, 2011 9:26 pm
Location: Kernow, UK
Personal rank: Chaos Evangelist

Re: Why does Malwarebytes view a Windows 3.1 program as malw

Postby JackGriffin » Fri Sep 26, 2014 3:39 pm

Without a long technical post, here's the important part:

Back when this was made coders were still very much working out how to show things on the screen. Super quickly the advertiser sites hijacked this code to splash stuff all over your screen. For a long time Windows has established a "pipeline" within the code where things that render to the screen must go or they are discarded. This is the root of a lot of your black screenshots, some games not displaying properly (or at all), etc. I bet you had to run this as an administrator to get it to work? That's why, it had to be specifically allowed.

Anyway MwB sees it as a rogue program that wants to display things to the screen without following the declared path.
"You damn kids, back in my time we made the items, maps and games ourselves with an unwieldy engine using counter-intuitive crash-prone tools and we liked it so much we built communities around this which nowadays look like cults because they're quasi-parallel societies based on the same old games." -Hellkeeper
User avatar
JackGriffin
Godlike
 
Posts: 3751
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: Hack coder

Re: Why does Malwarebytes view a Windows 3.1 program as malw

Postby Chamberly » Fri Sep 26, 2014 11:31 pm

You can always send MWB a message about what's up and see what they say.
Image
Image
Image
User avatar
Chamberly
Godlike
 
Posts: 1658
Joined: Sat Sep 17, 2011 4:32 pm
Location: TN, USA
Personal rank: Dame. Vandora

Re: Why does Malwarebytes view a Windows 3.1 program as malw

Postby EvilGrins » Sat Sep 27, 2014 1:01 am

Chamberly wrote:You can always send MWB a message about what's up and see what they say.

I may just.
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
User avatar
EvilGrins
Godlike
 
Posts: 6175
Joined: Thu Jun 30, 2011 8:12 pm
Location: Palo Alto, CA
Personal rank: God of Fudge

Re: Why does Malwarebytes view a Windows 3.1 program as malw

Postby papercoffee » Sat Sep 27, 2014 2:24 am

ClamWin can find things other scanner do not even recognize ...but...
Got a worm Trojan alert ...checked it via total virus and got nothing ...only Clam AV reacted on the list.
MwB couldn't find anything ...and SUPER-Antispyware could find other threads (Synthesia and some tracking cookies) but nothing more. After a virus-DB update from ClamWin did I got another trojan warning.
I scan it again ...but I get the slight feeling only ClamWin is somehow corrupted.
User avatar
papercoffee
Site Staff
 
Posts: 9127
Joined: Wed Jul 15, 2009 11:36 am
Location: Cologne, the city with the big cathedral.
Personal rank: coffee addicted !!!

Re: Why does Malwarebytes view a Windows 3.1 program as malw

Postby Dr.Flay » Sat Sep 27, 2014 3:09 am

Unfortunately modern AV companies do not share their databases (unlike the Amiga AV software).

MalwareBytes has detected the behaviour of the file rather than an infection.
Jack explained it very well, and it is why we still refer to such software as a "Desktop hack".
A favourite of mine was Lemmings climbing around my windows, but probably the most famous was the desktop cockroaches, hiding under the windows.
Things like this tend not to be "OS legal", and so it is mostly a thing of the past.
However as I said Avira (and some others) can tell these apart, and have a "Joke" category you can enable if these programs are a concern.
User avatar
Dr.Flay
Site Staff
 
Posts: 3169
Joined: Thu Aug 04, 2011 9:26 pm
Location: Kernow, UK
Personal rank: Chaos Evangelist


Return to Misc | Off-Topic

Who is online

Users browsing this forum: No registered users and 2 guests