Path: csiph.com!weretis.net!feeder4.news.weretis.net!feeder5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: Greg <greg@alicie.com>
Newsgroups: it.comp.lang.visual-basic
Subject: Re: Prog VB6 e antivirus
Date: Sat, 20 May 2017 15:18:42 +0200
Organization: solani.org
Lines: 15
Message-ID: <ofpfno$m5n$1@solani.org>
References: <ofpe5g$l4s$1@solani.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-15"; format=flowed
Content-Transfer-Encoding: 8bit
X-Trace: solani.org 1495286328 22711 eJwFwYkBwCAIA8CVjCWxjMMj+4/gHT9BdUyUcThT1B1L7iwWDYwO31gZv+/rqxrFQbfgeewBLmoRiQ== (20 May 2017 13:18:48 GMT)
X-Complaints-To: abuse@news.solani.org
NNTP-Posting-Date: Sat, 20 May 2017 13:18:48 +0000 (UTC)
X-User-ID: eJwFwYEBwCAIA7CXZEBbzlEc/59gkg5DM5CInJxZd8fR0kdyCHS7l7osTXENI2IreX43K38OAxAv
X-NNTP-Posting-Host: eJwNx9EVADEEBMCWRCwv5bDov4S7+RtcP84whxsWm2Wg/MNBQWnblisjL6sxvN5UDcU8ZQg/IM4RUA==
Cancel-Lock: sha1:o+sUTFJwkBJCBGGQMUiBfLcD8+8=
X-Newsreader: MesNews/1.08.06.00-it
Xref: csiph.com it.comp.lang.visual-basic:18989

Il 20/05/2017 14:51:54 Greg ha scritto:
> Ho un programmino che all'improvviso è diventato pericoloso per Avast e ZoneAlarm
>
> Sembrebbe che ci sia una funzione Api che lo insospetisce ma io non ho usato quella funzione: SetWindowsHook Window.
>
> "The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to 
> monitor the system for certain types of events. These events are associated either with a specific thread or with all 
> threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API 
> function.

Il vurus che viene rilevato è: HEUR:Trojan.Win32.Generic
Che tipo di codice deve cercare nel sorgente? Per poterlo riscrivere e modificare? Grazie

-- 
Greg