Build Your Own Arcade Controls Forum

Main => Software Forum => Topic started by: protokatie on July 17, 2008, 05:41:19 am

Title: AVG and MALA
Post by: protokatie on July 17, 2008, 05:41:19 am

Apparently, if anyone here has upgraded, AVG 8 (the free virus protection program) calls Mala (or more specificly, malakeyhook.dll) a spyware virus. Did I get a bad distro of Mala? Or is AVG at fault here?

As far as my new scan is for sure, ONLY malakeyhook.dll is the ONLY virus on my PC. (BTW, AVG calls it a potentially harmful program (class: logger)) Maybe this is because the DLL looks at the keyboard buffer directly? IDK, anyone have any insights? Just seems odd that AVG would have added a mala dll to their list of virii, unless it is simply looking for anything that hooks directly into the keyboard buffer (at the DLL level? What is AVG doing then? Decompiling the code???)

Title: Re: AVG and MALA
Post by: youki on July 17, 2008, 07:09:21 am

MalaHook is not a virus.  don't worry.

Title: Re: AVG and MALA
Post by: loadman on July 17, 2008, 07:20:38 am

Quote from: youki on July 17, 2008, 07:09:21 am

MalaHook is not a virus.  don't worry.

Youki is correct.  ;D

I think you only need it for win 98/ME anyway,

Just delete that dll if you want and mala will work fine

There is a note about this on the right page of the website download page

http://malafe.net/index.php?page=download (http://malafe.net/index.php?page=download)

Title: Re: AVG and MALA
Post by: Ummon on July 17, 2008, 04:59:45 pm

Yeah, AVG took it right out of the directory and I haven't missed it. But if you're worried, you can set 'exemptions'.

Title: Re: AVG and MALA
Post by: u_rebelscum on July 18, 2008, 12:27:49 pm

Quote from: protokatie on July 17, 2008, 05:41:19 am

BTW, AVG calls it a potentially harmful program (class: logger)) Maybe this is because the DLL looks at the keyboard buffer directly? IDK, anyone have any insights? Just seems odd that AVG would have added a mala dll to their list of virii, unless it is simply looking for anything that hooks directly into the keyboard buffer (at the DLL level? What is AVG doing then? Decompiling the code???

You pretty much got it.  Most antivirus check the binary and look for commands that match "suspicious" commands.  Only thing not quite right is that no decompiling is needed to look for commands in dlls; the "suspicious commands" are calls to the OS API that can be used to do suspicious stuff, and the API calls look the same in all dlls.

Title: Re: AVG and MALA
Post by: headkaze on July 18, 2008, 01:31:27 pm

Yep it's detecting the "virus" using heuristics rather than actual signatures from viruses. Since a keyhook would use API that would be common in keylogger apps I would suspect that is why it's being detected as a virus.