Windows 95 DST Patch Detected as Virus.

edited January 2017 in Software
Downloaded the Daylight Savings Time update from the "Patches" section under the Win95 product page and one of the two executables in the archive, "Q932590.EXE" is picked up by avast as malware. I'm pretty sure it's a false positive, but thought the staff might want to know.

Comments

  • Hmm, something is screwpot with that file. It contains a non-microsoft file nircmd.exe that is UPX compressed, and the scanners report that as malware.

    The MCVCRT file seems legit though. However everyone else out there seems to have the exact same file.

    Of course Microsoft helpfully removed the older updates so they can make you buy their Windows 10 malware.
  • Ok, a little more research indicates nircmd.exe is a legitimate system tool, but is flagged because some malware incorporated it. This update DST patch contains non Microsoft tools because the genuine patch is only for Windows XP, and this patch installer is designed for 9x.

    I'll just add a note about that on the download page.
  • SomeGuy wrote:
    Ok, a little more research indicates nircmd.exe is a legitimate system tool, but is flagged because some malware incorporated it. This update DST patch contains non Microsoft tools because the genuine patch is only for Windows XP, and this patch installer is designed for 9x.

    I'll just add a note about that on the download page.
    Thanks. WinWorld is just about the safest download site around. Knew it had to be a false positive. Wonder which piece of malware used a flie like that, and was it that exact file in particular or just the same file name?
  • Well, these days with newer software you can never be too sure.

    Modern scanners look for patterns inside the file itself. This is especially important when programs are compressed with things like UPX or the old PKLite.

    But these scanners usually rely on various automated forms of analysis or "AI", with the end result of just throwing crap to see what sticks.

    If your scanner has someplace to report false positives, you might submit that.

    But like I said, if it turns out to misbehave in any way let us know.
  • I don't have internet at home, (everything I do is from my Android) so I can't report it to avast! but the patch installed in my Win95 VM with no problems, at least no drive wiping or other overt payloads have manifested themselves yet. I'll update this thread in a heartbeat if that changes.
Sign In or Register to comment.