Been working with Velvet most of the day on "the evil key-virus thingamajig".
Tried as I might, I couldn't get rid of the positive, and then I tried something completely insane.(after having built three different wallets)
I renamed the coin into 331337-qt and replaced any instances of 1337 in the source code with 331337.(which included the name of the registry keys written by the wallet) and recompiled the source into a qt wallet.
opened the wallet, so it wrote it's registry key and then ran malwarebytes
Guess what?........no more positive in malwarebyte.
Same wallet, same code, different name........
So, I guess that means they were flagging a simple string (1337) key label without regard to the contents of the key, which were harmless and the same as any other windows wallet registry key.
Thus it's TRUELY a false positive.
Just as a sidenote, the wallet I compiled from the github source code is 700kb+/- smaller than the wallet offered megadownloads.nz.
I don't know and can't say exactly what that 700kb is.
it might be simple differences between the two build environments,(libraries and compiler optimzation, etc,etc) but 700kb seems like an awful lot of difference.
So I can't say either pro or con with any degree of confidence whether that 700kb was a woolie-booger or not......by I do know my wallets clean.
Velvet has a copy of the new wallet I compiled, He'll probably run it through it's paces for a bit to test all the functionality, and then release it.
It still throws the false positive because it's still named 1337-qt and it still writes the 1337 registry key.....but now at least he and I know it's a false positive without any doubt.
P.S. if anyone wants to follow in my footsteps to confirm my findings......by all means, have at it, and report back.
Hey Bob
that is correct the Problem /false Positiv was just triggered by the Name 1337 inside the reg. key
this was allright cleared in the oginal ann thread. //if i remind correct :-)
that 700kb lost size on the wallet sounds interesting maybe you are right and it has something to do with the used enviroment.
25 BOOST_LIB_SUFFIX=-mgw48-mt-s-1_55
26 BOOST_INCLUDE_PATH=C:/deps/boost_1_55_0
27 BOOST_LIB_PATH=C:/deps/boost_1_55_0/stage/lib
28 BDB_INCLUDE_PATH=C:/deps/db-4.8.30.NC/build_unix
29 BDB_LIB_PATH=C:/deps/db-4.8.30.NC/build_unix
30 OPENSSL_INCLUDE_PATH=C:/deps/openssl-1.0.1h/include
31 OPENSSL_LIB_PATH=C:/deps/openssl-1.0.1h
32 MINIUPNPC_INCLUDE_PATH=C:/deps/
33 MINIUPNPC_LIB_PATH=C:/deps/miniupnpc
34 QRENCODE_INCLUDE_PATH=C:/deps/qrencode-3.4.3
35 QRENCODE_LIB_PATH=C:/deps/qrencode-3.4.3/.libs
this are the selected Versions when i compile 1337-qt Build on Windows. Qt 5.2.0 //
so far. good to hear that everything works fine :-)
CBlock::SetBestChainInner Good blackcoin arch
ComputeMinWork Good arch
SendMessages Good NEBUCHADNEZZAR
CTransaction::FetchInputs Good shrmcoin
CTransaction::CheckTransaction Good blackcoin arch
CWalletTx::AcceptWalletTransaction Good blackcoin arch
GetNextTargetRequired Most similar shrmcoin, diff=4, codehash=639fa24760ed58774619; Manually inspected, Good
CTransaction::ConnectInputs Good arch
GetTransaction Good shrmcoin
ComputeMinStake Good arch
CBlock::AcceptBlock Good shrmcoin
ProcessMessage Most similar shrmcoin, diff=12, codehash=cbd818eb6d10fc961e90; Manually inspected, Good
CBlock::CheckBlock Good shrmcoin
CTxOut CTransaction::GetOutputFor Good blackcoin arch
CTransaction::DisconnectInputs Good blackcoin arch
ProcessBlock Good shrmcoin
CMerkleTx::GetBlocksToMaturity Good shrmcoin
CBlockIndex::IsSuperMajority Good dash blackcoin arch
CBlock::SignBlock Good shrmcoin
CMerkleTx::AcceptToMemoryPool Good shrmcoin
CheckProofOfWork Good arch
CBlockIndex::GetBlockTrust Good blackcoin arch
CBlock::CheckBlockSignature Good arch
CTransaction::GetValueIn Good blackcoin arch
ProcessMessages Good NEBUCHADNEZZAR
CBlock::ConnectBlock Good shrmcoin
Not found funcs ['AcceptToMemoryPool', 'GetProofOfStakeLimit']
GetProofOfWorkReward Manually checked Good
GetProofOfStakeReward Manually checked Good
What is this? And how to read this info?
As you know, most of the coins have very similar code bases. But any little bug could potentialy damage the whole blockchain. To avoid this, people started to check the code both manually and automatically. As I know ocminer automatically checks code for already known bugs, so his checks couldn't find new bugs. Earlz checks code manually, but he also could miss something, because codebase is very huge. I chose different way. I wrote the script which compare code in one coin with code in other already inspected coins. So if you see something like "Good blackcoin arch " it means that i already inspected this code before in blackcoin's and arch's source, and I think that it's safe. When my script finds new code it asks me to check it manually and tells me which codebases is most similar, so 'CBlock::ConnectBlock Most similar blackcoin, diff=5, codehash=1a0a6fb0d9bc6aefff4e' means that most similar code of CBlock::ConnectBlock have seen in blackcoin and there is 5 places where something was changed.
Currently i check only most important functions in main.cpp.
Thank you for the Review ^^