HeurAdMLB virus?

I have a customer who said Norton AntiVirus reported the current release of my app as being infected with HeurAdMLB. He says Malwarebytes reports his system is clean, and my app is codesigned, so I seriously doubt it’s infected.

Has anyone else heard of this happening?

according to Google there is no information about that “virus” at all

Interesting. Maybe Norton’s just trying to sell an upgrade…:wink:

Thanks!

‘Heuristic’ virus detection means your app contains code that resembles code in another app that did something naughty.
For some time, after a virus was written using RealBasic, many RB Windows apps were considered suspicious simply because they were installed with the same framework and other DLL files.

https://submit.symantec.com/false_positive/

I once had my AES plugin class being detected to be a virus. The virus had the same code sequences inside,
I changed an array from byte to int and the code changed and the problem went away.

Norton is well known for false-positive alerts… yesterday I was forced to create an account at their Safe Web Platform in order to trigger a re-evaluation cause they blacklisted a domain. Nobody else did this. Disgusting. To me Norton acts in many ways like malware.

That's because it's the anti-malware companies that make malware. It helps sell their worthless product.

[quote=316728:@Tim Parnell]
That’s because it’s the anti-malware companies that make malware. It helps sell their worthless product.
[/quote]
Not as conspiracy-theory-rich as you might think. A specific organization back in the early 2000’s inadvertently released a new spate of worms by releasing a proof-of-concept worm to show how their tool could find and stop it. The resulting worms created by script-kiddies by simply modifying a few key bits resulted in a slew of problems in the world that only that company’s tool could defeat for over 8 months. It was so messed up that then President G.W. Bush actually got involved at the executive order level to look into weaponizing the processes …

Its actually Heur.AdvML.B

https://www.symantec.com/security_response/writeup.jsp?docid=2016-051811-2400-99
https://community.norton.com/en/forums/heuradvmlb-detected-false-positive-or-not