Is Hybrid PhysX mod v1.03 a virus?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View



http://www.ngohq.com/graphic-cards/17706-hybrid-physx-mod-v1-03-a.html

Avira (forgot when) had once reported it as a virus....

--
   @~@   Might, Courage, Vision, SINCERITY.
  / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10)  Linux 2.6.34
   ^ ^   20:10:01 up 12 days 23:21 2 users load average: 0.06 0.03 0.00
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺!
請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Re: Is Hybrid PhysX mod v1.03 a virus?





| http://www.ngohq.com/graphic-cards/17706-hybrid-physx-mod-v1-03-a.html

| Avira (forgot when) had once reported it as a virus....


Plaese upload the file(s) to UploadMalware for evalusation.
http://www.uploadmalware.com /


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is Hybrid PhysX mod v1.03 a virus?



Quoted text here. Click to load it

No, it was probably a false positive detection at one time - since
corrected. You could submit the program to virustotal.com, jotti.org, or
virscan.org to see what some other scanners have to report.

...better safe than sorry.



Re: Is Hybrid PhysX mod v1.03 a virus?



FromTheRafters wrote:

Quoted text here. Click to load it

Until the AV program quarantines system files for the OS.  A false
positive on a system file could render your OS unbootable or inoperable.

Re: Is Hybrid PhysX mod v1.03 a virus?



Quoted text here. Click to load it

Those are file submission scanners, no danger of that.



Re: Is Hybrid PhysX mod v1.03 a virus?



FromTheRafters wrote:

Quoted text here. Click to load it

I thought you meant "better safe than sorry ... to allow false
positives".  I have my AV program alert my on *everything* it thinks is
bad; i.e., no automatic actions.  I'll be able to figure out if the file
belongs to an app or to the OS and then investigate what that file
should really contain to determine if it was a false positive.  I've hit
far more false positives in a variety of AV programs than I have ever
discovered for infections on my host.  Letting the AV program
automatically dump files into its quarantine area (which means not even
the OS can get at it) could result in a dead OS or app.

Quarantining is usually an automatic action performed by the AV program.
I don't believe in allowing automatic quarantines; however, that also
means the user needs some education regarding their OS and have some
inititative to investigate the claim of an infection.

The online scanner make a good backup to get more opinions regarding the
good/bad status of a file.  However, since only an on-demand scan is
performed against the uploaded file, only the current signatures can be
tested against the uploaded file.  None of the heuristics can be used
against the behavior of the functions performed by execution of the file
or any libraries it happened to call.  So the online scanners are only
good for a signature test against known malware.  Zero-day malware won't
be caught that way.

Re: Is Hybrid PhysX mod v1.03 a virus?



Quoted text here. Click to load it

All good points.



Re: Is Hybrid PhysX mod v1.03 a virus?



Man-wai Chang wrote:

Quoted text here. Click to load it

Many games use nVidia's PhysX SDK to eliminate having the game coders
from having to write all the physics engine routines, like how bodies
fall down stairs or clothes flap in the breeze.  This is similar to how
Microsoft produced DirectX to provide consistency and ease of coding for
multimedia-enabled apps.

http://www.nvidia.com/object/physx_new.html
http://physxinfo.com /

But you already knew all of this.  So what is your question *NOW* about
PhysX?

Re: Is Hybrid PhysX mod v1.03 a virus?



Quoted text here. Click to load it

I was/am just not sure whether Avira was trying to protect Nvidia's
interests... :)

--
   @~@   Might, Courage, Vision, SINCERITY.
  / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10)  Linux 2.6.34
   ^ ^   18:20:01 up 13 days 21:31 2 users load average: 0.00 0.00 0.00
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺!
請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Re: Is Hybrid PhysX mod v1.03 a virus?



Man-wai Chang wrote:

Quoted text here. Click to load it

Avira, as well as other anti-virus vendors, don't want their products
generating ANY false positives regardless of whose software is installed
on your host.  I'm not sure that any AV product hasn't had false
positives in the past and why you have to do some investigation when any
malware gets reported on your host.  For example, I've had false alerts
on the .vhd files for virtual machines where they contained a pristine
install of Windows XP.  Somewhere in the huge file was a string of bytes
that happened to match on a malware signature.  

Avira may have falsely alerted on PhysX in the past but it is likely
that it didn't false alert before that, happened to include a signature
that matched on a byte string after some update to Avira's signatures,
and then users reported the false positive and Avira updated the
signature database or extended the signature to ensure it looked at more
bytes than before so it wouldn't match on the PhysX file anymore.  If it
is a *false* alert then it usually does get fixed but can be several
updates later.  Some false positives never get fixed by some AV vendors,
like many continually alert on Nirsoft's utilities on your host.

Site Timeline