Hello,

My Avira antivir tells me (it's new!) that a virus "BDS/Awq.b.egd" was found in wkreplayshark.dll.

I had to put other dlls in the ignore list too but what about this one... Is it a false positive too ? It's the first time I have this message.

Thank you

The virus warning is most likely caused by the statically-linked madCodeHook library (which is also often used by malware writers). I can't vouch for the module's safety, but it's probably a false positive.

Ok thx, but how can I be sure ? Because it hadn't been there until today. Or at least, the antivirus didnt notice it.

it's probably a false positive.

Indeed, there was an issue with ReplayShark and Kaspersky Antivirus which has been solved after my report.
The Avira Antivir has also been known to make a false alarm to the 3.6.3x beta update installers.

I think you have bigger problems than just Kaspersky and Avira (http://www.virustotal.com/file-scan/report.html?id=cd4198d5f13ed490a143d69b5684e2398e5 cc30aa52f2f2db5236bff7d725be6-1310568582).

I think you have bigger problems than just Kaspersky and Avira (http://www.virustotal.com/file-scan/report.html?id=cd4198d5f13ed490a143d69b5684e2398e5 cc30aa52f2f2db5236bff7d725be6-1310568582).

Well, first, as you can see, those antivirus vendors don't seem to be popular in my opinion (correct me if I'm wrong), that's why during the whole existence of this wormkit module we didn't have any report here.
And second, this module has been reverse-engineered from old 3.6.29.0 version just to support 3.6.31.0. I have no idea why would those antiviruses produce an alarm to it. It can be any byte in the module's code.
Also I've noticed that it doesn't have a wav sound included together with it, I will upload the new archive tomorrow (with readme). Thanks.

Well, you might have less trouble if you link to madCHook dynamically. (If you use Delphi, use the madCHook unit instead of madCodeHook.)

It's detected since the new avira update (13.07.2011). So, dangerous or not ? Isn't the code of the .dlls open ?

Avast also detects it as some Malware Gen

Avast also detects it as some Malware Gen

And as I see, since today.
Please report it to your antivirus vendor.
PS: lol, the same for 3.6.29.0 ReplayShark:
http://www.virustotal.com/file-scan/report.html?id=ec4d8c2d0516f8b1391bca419e97fa639a5 eec5f53692e8ce499c99c58dc0816-1310812376
Growing false positives.

And as I see, since today.


No, first report i had about week ago.

The avast issue seems to be solved:D
http://www.virustotal.com/file-scan/report.html?id=cd4198d5f13ed490a143d69b5684e2398e5 cc30aa52f2f2db5236bff7d725be6-1310910813

Congratz, lbh! I have successfully solved the Avira issue (link (http://analysis.avira.com/samples/details.php?uniqueid=yLLFpybASnOQkZHwCVDs432cg2Jng qyZ&incidentid=786101))
I have also solved many other false alarms:
http://www.virustotal.com/file-scan/report.html?id=cd4198d5f13ed490a143d69b5684e2398e5 cc30aa52f2f2db5236bff7d725be6-1311251816
:D