Universal Extractor

[kjempen]

Thanks for this great application!

If development is still ongoing, may I ask about adding support for Setup Factory installers?

There's a Setup Factory unpacker here

[nitro322]

Thanks for this great application!

You're welcome.

If development is still ongoing, may I ask about adding support for Setup Factory installers?

There's a Setup Factory unpacker here

Someone else had requested this as well. I'll look into it for the next release (still probably a few weeks out), but if I recall correctly I believe that the Setup Factory unpacker you linked to only supports older versions of the product. I'll have to do some testing, of course, but if you happen to know of a specific .exe that it will unpack it'd be a huge help of you could send me a link to it.

[ggf31416]

Today AVG Free with the last updates shows UniExtract.exe as "Trojan Horse Generic.VFI"

http://virusscan.jotti.org/ reports:

File: UniExtract.exe

Status: INFECTED/MALWARE

MD5 59ce357c2d9d4300b130d13ed991e2ab

Packers detected: UPX

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found Generic.VFI

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Obviously it's a False Positive

Edited June 12, 2006 by ggf31416

[mr_stubble]

I have the latest version of UniversalExtractor installed on my jump drive. I had my drive connected to my PC all day yesterday with no problems. I leave at 1630.

I come in this morning (to work) and eTrust Antivirus reports:

-------------

The Win32/Ardamax.C!Trojan was detected in N:\UNIVERSAL EXTRACTOR\BIN\UNIEXTRACT.EXE.

Machine: CE****, User: ***CIC\john.doe <-- My PC name and username here

File Status: File was cured; system cure performed.

-------------

eTrust Product Version: 7.1.501

Engine Information:

InoculateIT w/ Signature Version: 23.72.35 Last update 06/12/2006 2116

Vet w/ Signature Version: 12.6.2253 Last update: 06/13/2006 0505

Hope you can get this straightened out with the AV folks. Let me know if I can do anything to help.

Great program, and thanks!

[Camarade_Tux]

You should try to download UniExtract again, unpack it (no more UPX) and scan it with your AV.

Download upx from here : http://upx.sourceforge.net/

The unpack switch is "-d".

[mr_stubble]

I'm sorry, but your steps were not entirely clear. I followed them the best I could. The eTrust AV's real time scanning monitor deletes the file every time it appears ANYWHERE on my PC.

I think contact may need to made by the developer to the AV companies having them re-check their virus definitions and stop reporting this false positive.

[Camarade_Tux]

Try this : http://rapidshare.de/files/22974307/uniext...t_noupx.7z.html

(simply unpacked uniextract.exe)

[mr_stubble]

Downloaded and extracted the file from RapidShare as instructed. I appreciate all the effort, but eTrust still detects it as a trojan and deletes it.

[Camarade_Tux]

With the same error ?

[mr_stubble]

Yes, same error. Tried again this morning using both the downloaded file from the website (uniextract121_noinst.rar) and the file you uploaded for me (uniextract121_noinst_noupx.7z) and tried to extract the file from the archive to my HDD. eTrust picks it up and deletes uniextract.exe just as it goes to the temp file for copying to the destination folder.

I tried to send the file to Computer Associates via their virus submittal program to have them take a look at it and maybe reevaluate their virus scanning engine, but I can't even extract the file long enough to archive and email it. Maybe I'll just send the whole installation archive...?

[ggf31416]

I reported the false positive to AVG yesterday. It's fixed with the lastest updates (Some minutes ago).

[nitro322]

Thanks for the virus reports. A couple people had e-mailed me about it as well, but I've been rather busy for the last week and haven't had time to work on this myself.

This has actually happened a few times in the past; not specifically to UniExtract.exe, but rather all AutoIT scripts. As Camarade_Tux pointed out, this is generally because AutoIT uses UPX to compress it's executables. UPX is also used by a lot of malware for the same purposes, so A/V vendors sometimes get a little too aggressive on there updates and end up treating ALL UPX executables as malware. I personally encountered this with AVG about a year ago, and after it deleted every AutoIT script on my system I very quickly uninstalled it and have never used it again.

ggf31416, big thanks for reporting this to AVG and getting it taken care of.

[mr_stubble]

Email from eTrust 25 minutes after I submitted the .rar archive downloaded from the website for their review:

Detection of 'Win32/Ardamax.C!Trojan' is a confirmed False Alarm and its removal will be added to today's signature release 23.72.39

Regards,

CA eTrust Antivirus Research and Response Group

Thanks for everyone's help! And thanks again for this excellent software nitro322. It has saved me many an unnecessary install. I found it especially useful on my home PC last night extract needed files from installations to update my BartPE installation.

[war59312]

Um same here with F-Prot Anti Virus:

[totoymola]

Some AV softwares are so paranoid.

Even NIS2006 detect my SFX files as trojan!

Edited June 16, 2006 by totoymola