The Portable Freeware Collection Forums

[Moderator note: author self-edited posts]

---

a

Can you share one of your custom invisible exe files here for study?

ones i made doesnt trigger anything from avira

a

try to put in some information under version information

I think I had this happen before since some scanners doesn't like nameless programs. put in a company and description and see if it still triggers alert

also your thing didnt trigger avira for me, so its probably just your program settings

[offtopic]I wish people'd use Drop.io or other free no wait service instead of either making me wait on a countdown or bust out FF with it's skipscreen plugin and then hope it works[/offtopic]
my 7zipportable (latest version) didn't much care for your 7z file.

VirusTotal Results 11/42 scanners
Jotti Results 3/20 scanners

Uncompressed file:

VirusTotal Results 11/42 scanners
Jotti's Results 2/20 scanners

These scanners use heuristic settings which will almost always find something
if you use upx or write your own bat files or make silent installers.

I seriously doubt this program adds viruses to your batch files.
If you wrote the bat file yourself I wouldnt worry too much over this

...of course I aint gonna click that exe either


MiDojo are you using the 7Zip 9.11beta? I have heard it doesnt always extract files properly.

Me personally,I dont like to download from MediaFire it takes so long to load the page and the ads and popups drive me nuts...but I use it to store files cuz my files upload almost instantly.
Maybe thats why people use filehosting services that make you wait,
not so much for your convenience,but maybe their own.

- Most likely it's not a false positive
- (Most likely) It does *not* add any crapware to the batches and is 100% safe to use.

So why is it considered insecure?
Because you can write crapware in any language, including MS Batch. I guess that sb. did it and packed with this converter.
The converter encrypted it and hidden in own internals (as such converters usually do) and for AV it's much easier to flag all such exes than reverse the encrypting procedures and look into the batches.
From AV perspective wrapping encrypted program code in a kind of stub is flawed procedure.

AutoHotKey compiler had (has?) this issue. Both programs work mostly the same way. It doesn't mean the reason for flagging is the same, the converter's author might have his computer infected, but this is just much less likely.

Nope, using 7Zip 4.65 wrapped in PortableApps (blech wrapper). Why is Portableapps at 4.x when beta is 9.x?

a

I sent the Norton report to the Contact email at f2ko.de, and also asked that he/she look at invisible compiled batch files.

If I'm understanding this thread, some folks here are looking to get a batch-to-exe converter off of anti-virus programs watch list because its a false positive. The problem I see with this is that any batch file can be essentially made into a trojan. You just create a bat file with "del /s C:\WINDOWS" (a simple dos command for deleting the contents of a folder) turn it into an EXE and suddenly you have a trojan.

Since a batch file can easily be turned into something dangerous, if I were an anti-virus company, I'd want to err on the side of caution and list it as a trojan. Then, if the user wants to take the risk, that's up to them.

I agree with WebFork on this one

I agree that the real danger with batch files are the commands that are put into them.

There are actually two technical issues that I read here; one being the caution that scanners have towards compiled batch files, launchers, etc., because of the potential payload the ease of adding that payload, and the other being the products of f2ko.

The Web scan report sent to f2ko (still awaiting a response) listed four products coming up, none of which was the Bat To Exe Converter. They were all mini utilities in the CmdTools section of the web site. The topic here is whether these are false positives or infected.

The original question is whether benign batch files compiled with Bat To Exe Converter in "invisible" mode" introduced a trojan (because of some "value added" by the converter) or a false positive, as I understand it.

I have been using the converter for some time at 1.4.0, 1.4.1, and 1.5 version levels, and have occasionally found false positives in controlled situations. I determined that invisible AND properties data in 1.4.x very often came up with false positives. I verified to my satisfaction these were not trojans by watching process, temporary or created files, and modifications of registry entries during these tests. Of the limited tests I have done with 1.5, I found I could usually get rid of false positives by changing inconsequential lines in batch files and recompiling. My batch files are usually installer mechanisms that modify registry and config files before copying files, etc., and usually invisible.

So I don't have definitive answers to the queries, but have been able to make the Bat To Exe Converter work for me. So far.

a