DigeratiPrime Posted June 16, 2006 Posted June 16, 2006 I don't think paranoid is the correct word, maybe 'stupid'. Or do these antivirus software like false alarms?
Camarade_Tux Posted June 17, 2006 Posted June 17, 2006 (edited) Um same here with F-Prot Anti Virus:Could you try my "repack" ?http://rapidshare.de/files/22974307/uniext...t_noupx.7z.htmlAlso, scanned with NOD32, all options enabled, advanced heuristics (the thing that is not enabled because it is too CPU hungry ), and nothing. At least this scanner is OK. Edited June 17, 2006 by Camarade_Tux
jaclaz Posted June 18, 2006 Posted June 18, 2006 (edited) I don't think paranoid is the correct word, maybe 'stupid'. Or do these antivirus software like false alarms?Well, the problem is of course the "HEURISTIC" engine.http://whatis.techtarget.com/definition/0,...i212246,00.htmlLife is tough.You cannot expect to increase the probability of stopping a new virus, for which there is NO signature/experience, WITHOUT risking to increase the probability of false alarms.Decisions, always decisions.....jaclaz Edited June 18, 2006 by jaclaz
ggf31416 Posted June 18, 2006 Posted June 18, 2006 (edited) Well, the problem is of course the "HEURISTIC" engine.Actually, this false positive (at least with AVG Free) was not caused by the heuristics. Even with the heuristics turned off the executable was misidentified as an trojan. Edited June 18, 2006 by ggf31416
ggf31416 Posted June 23, 2006 Posted June 23, 2006 (edited) http://www.virustotal.com reports:AntiVir no virus foundAuthentium W32/Trojan.CXSAvast no virus foundAVG no virus foundBitDefender no virus foundCAT-QuickHeal no virus foundClamAV no virus foundDrWeb no virus foundeTrust-InoculateIT no virus foundeTrust-Vet no virus foundEwido no virus foundFortinet suspiciousF-Prot destructive program named W32/Trojan.CXSIkarus no virus foundKaspersky no virus foundMcAfee no virus foundMicrosoft no virus foundNOD32v2 no virus foundNorman no virus foundPanda no virus foundSophos no virus foundSymantec no virus foundTheHacker no virus foundUNA Trojan.Win32.AutoitVBA32 no virus foundVirusBuster no virus foundNote: Authentium and F-PROT use the same engineEdit: Removed link to full results (because they are not longer available). Edited June 24, 2006 by ggf31416
Camarade_Tux Posted June 23, 2006 Posted June 23, 2006 Good idea.But, this : "UNA Trojan.Win32.Autoit" makes me think many AVs just classify all AutoIt scripts as dangerous. One should try with a script such as : "MsgBox, hello world!". :/
jroc Posted June 23, 2006 Posted June 23, 2006 lol FALSE POSITIVE....get a good AV....I use Kaspersky...and no 'UPX' problem or reported trojan....NICE PROGRAM
ggf31416 Posted June 24, 2006 Posted June 24, 2006 Good idea.But, this : "UNA Trojan.Win32.Autoit" makes me think many AVs just classify all AutoIt scripts as dangerous. One should try with a script such as : "MsgBox, hello world!". :/[sarcasm]The most dangerous virus of the World!!![/sarcasm] MsgBox(0, "My First Script!", "Hello World!")Fortinet suspiciousPanda Suspicious fileTheHacker Trojan/Clicker.Small.htUNA Backdoor.RbotOthers Antivirus no virus found
Camarade_Tux Posted June 24, 2006 Posted June 24, 2006 I wonder what would happen with something liken=3VirusFound : IloveYou.Tchernobyl ? Thanks ggf31416 we know what AV should not be trusted. B)
ggf31416 Posted June 24, 2006 Posted June 24, 2006 (edited) I wonder what would happen with something liken=3VirusFound : IloveYou.Tchernobyl ? From http://virusscan.jotti.org/Statistics: Last file scanned at least one scanner reported something about: LoveToBootv6.zip, detected by:Scanner Malware nameAntiVir Trojan/Flood.VB.BNArcaVir Trojan.Flooder.Yahoo.Vb.NAvast Win32:Trojan-gen. {VB}AVG Antivirus Flooder.RTBitDefender Backdoor.Genlot.AJLClamAV XDr.Web Tool.YabotF-Prot Antivirus security risk or a "backdoor" programFortinet HackerTool/GenericKaspersky Anti-Virus IM-Flooder.Win32.VB.bnNOD32 Win32/Flooder.VB.BNNorman Virus Control W32/VBFlood.KXUNA XVirusBuster XVBA32 IM-Flooder.Win32.VB.bnEvery antivirus misses some sample, but UNA seems be the only one that misses everything. However is surprisingly good detecting the EICAR test file. By the way see http://www.antisource.com/article.php/una-antivirus-ruseEdit: The Linux version of UNA doesn't work or the antivirus is useless:Statistics: Last file scanned at least one scanner reported something about: AutoTrain.exe, detected by:Scanner Malware nameAntiVir Trojan/Spy.SCKeyLo.o.17ArcaVir Trojan.SckeylogAvast Win32:SCkeylog-BAVG Antivirus PSW.Sclog.DBitDefender Win32.Repor.AClamAV Trojan.Spy.SCKeylog-2Dr.Web Trojan.SCKeyLog.20F-Prot Antivirus W32/SCkeylogger.D@pwsFortinet W32/Sckeylog.O!trKaspersky Anti-Virus Trojan-Spy.Win32.SCKeyLog.oNOD32 Win32/Spy.SCKeyLog.ONorman Virus Control W32/SCKeylog.EUNA XVirusBuster Trojan.Gogel.AVBA32 Trojan-Spy.Win32.SCKeyLog.o Edited June 24, 2006 by ggf31416
gebeleizis Posted June 24, 2006 Posted June 24, 2006 I try to extract the contents of a data2.cab, but keeps telling me that "It can't open data2.hdr". Any help with this?Anywho, this is a grat tool. Thanks! Peace out!
nitro322 Posted June 25, 2006 Author Posted June 25, 2006 (edited) I try to extract the contents of a data2.cab, but keeps telling me that "It can't open data2.hdr". Any help with this?I don't think it's possible to extract file from data2.cab directly. However, I believe that files stored in data2.cab are also included if you extract data1.cab. This has been my experience, anyway. I guess as with anything your mileage may vary.I can tell you that UniExtract uses i6comp.exe on the backend to extract files from InstallShield cabs. If you don't seem to get all of the files by extracting from data1.cab like I suggested, maybe you can search for i6comp on Google for more information. Edited June 25, 2006 by nitro322
Recommended Posts