It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionImDisk have virus?(22 posts)solved(22 posts)solved
(22 posts)solved
Pages:
1
2
This is my favourite topic
Posted May 17, 2020
avatar
gogamess: Which version do you have? This is the 20191126 version. Anyone have the same version here? ^_^
It was two or three years ago so I honestly couldn't say.
Posted May 17, 2020
avatar
gogamess: Which version do you have? This is the 20191126 version. Anyone have the same version here? ^_^
Don't remember as I've deleted the install file, but I do have the latest driver installed (2.0.10).

In most of the cases programmers changes or adds features/code/algorithms that may look like malware, and since malware scanners are based on known patterns, they produce false-positives relatively often. Especially given the nature of such programs. There's nothing nefarious about that, and it's up to the programmer to either change it again or verify it so that these malware scanners don't mark it as unsafe.

Version 20200404
- SFX module: removed UPX compression and compiled it as console application because of antiviruses
No, they don't catch everything, and yes, malware scanners, especially the most known/pricey ones, are known to be a bit overzealous (and then the smaller ones copy those patterns). If you'd used forensic and hacker tools you'd know most of them are blacklisted... even those that are considered clean officially are also blocked by search engines, file sharers, and browsers.

Why obsess about an old file when the new one has been confirmed to be clean, even the maintainer himself have explained it. Like I wrote, unless the maintainer is proven by several sources / sec researcher to be malicious, then you just have to trust it. And most importantly, unlike proprietary programs, this is open source, meaning you can take the source and build it yourself. If you still don't trust it - why even use it?

avatar
gogamess: It was downloaded from sourceforge.net site: https://sourceforge.net/projects/imdisk-toolkit/
or maybe the ImDisk driver link: http://www.ltr-data.se/opencode.html/#ImDisk
Those two sites distribute very different installers/packages; tr-data.se has only the main virtual driver, while sourceforge has the toolkit. If you have more than one tool in the same folder then you can't have downloaded and installed it from the former (ImDiskTk-x64.zip vs imdiskinst.exe). It's that simple.
Post edited May 17, 2020 by sanscript
Posted May 17, 2020
avatar
Spectre: It's probably ok but virus or malware can go undetected on virustotal with only a handful of the services picking up on it.
avatar
gogamess: I hope so! But Virustotal uses 72 virus scanners! And only 2 of them shows alert, and 70 scanners shows as clean.
It also helps to look at the date it was last scanned. Sometimes they try to sneak it into older versions of programs.
Posted May 18, 2020
avatar
gogamess: Which version do you have? This is the 20191126 version. Anyone have the same version here? ^_^
avatar
Serren: It was two or three years ago so I honestly couldn't say.
Thank you ^_^
avatar
gogamess: I hope so! But Virustotal uses 72 virus scanners! And only 2 of them shows alert, and 70 scanners shows as clean.
avatar
Spectre: It also helps to look at the date it was last scanned. Sometimes they try to sneak it into older versions of programs.
I always make a re-scan so the date is always today. Thank you ^_^
Post edited May 18, 2020 by gogamess
Posted May 18, 2020
avatar
gogamess: Which version do you have? This is the 20191126 version. Anyone have the same version here? ^_^
avatar
sanscript: Don't remember as I've deleted the install file, but I do have the latest driver installed (2.0.10).

In most of the cases programmers changes or adds features/code/algorithms that may look like malware, and since malware scanners are based on known patterns, they produce false-positives relatively often. Especially given the nature of such programs. There's nothing nefarious about that, and it's up to the programmer to either change it again or verify it so that these malware scanners don't mark it as unsafe.

Version 20200404
- SFX module: removed UPX compression and compiled it as console application because of antiviruses
avatar
sanscript: No, they don't catch everything, and yes, malware scanners, especially the most known/pricey ones, are known to be a bit overzealous (and then the smaller ones copy those patterns). If you'd used forensic and hacker tools you'd know most of them are blacklisted... even those that are considered clean officially are also blocked by search engines, file sharers, and browsers.

Why obsess about an old file when the new one has been confirmed to be clean, even the maintainer himself have explained it. Like I wrote, unless the maintainer is proven by several sources / sec researcher to be malicious, then you just have to trust it. And most importantly, unlike proprietary programs, this is open source, meaning you can take the source and build it yourself. If you still don't trust it - why even use it?

avatar
gogamess: It was downloaded from sourceforge.net site: https://sourceforge.net/projects/imdisk-toolkit/
or maybe the ImDisk driver link: http://www.ltr-data.se/opencode.html/#ImDisk
avatar
sanscript: Those two sites distribute very different installers/packages; tr-data.se has only the main virtual driver, while sourceforge has the toolkit. If you have more than one tool in the same folder then you can't have downloaded and installed it from the former (ImDiskTk-x64.zip vs imdiskinst.exe). It's that simple.
Yes, you are right, I think it was downloaded from sourceforge.net, and because it's the complete package with other tools like mounting of image files, a config tool, etc.
I prefer the old one because it runs very well, and I've checked the new one, that is not an .exe file. The new file it's a zip that includes a files.cab installer and install.bat.
I've made a scan on Virustotal for the newest version (the .cab file) and it shows 60 clean engines and 1 alert:
Antiy-AVL Trojan/MSIL.Crypt
https://www.virustotal.com/gui/file/40ae0478497aa16ea4cbed919a0dc51e74f7733d46b269303a5968d7e4ded863/detection

So I get the version I've installed. Also the new one don't have great improvements.

Thank you ^_^
Posted May 18, 2020
I tend to get it from the official download link. Curious. If there's some good new features in an off-branch might consider it.

Edit: I see the link for the toolkit on the official page now.

At this point i say it doesn't have a virus. I use AHK (AutoHotKeys) and it can get flagged as a virus. So it's likely a false positive.
Post edited May 18, 2020 by rtcvb32
Posted May 19, 2020
Thank you everyone for all your answers ^_^
Pages:
1
2
This is my favourite topic
Community
General discussionImDisk have virus?(22 posts)solved(22 posts)solved
(22 posts)solved