Jump to content

Universal Extractor

nitro322

By nitro322
in Universal Extractor

 Share

Recommended Posts


Camarade_Tux

Camarade_Tux

Posted
Posted (edited)
Um same here with F-Prot Anti Virus:

virus1ob.th.png

Could you try my "repack" ?

http://rapidshare.de/files/22974307/uniext...t_noupx.7z.html

Also, scanned with NOD32, all options enabled, advanced heuristics (the thing that is not enabled because it is too CPU hungry ;) ), and nothing. At least this scanner is OK.

Edited by Camarade_Tux
Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted (edited)
I don't think paranoid is the correct word, maybe 'stupid'.

Or do these antivirus software like false alarms?

Well, the problem is of course the "HEURISTIC" engine.

http://whatis.techtarget.com/definition/0,...i212246,00.html

Life is tough.

You cannot expect to increase the probability of stopping a new virus, for which there is NO signature/experience, WITHOUT risking to increase the probability of false alarms.

Decisions, always decisions.....;)

jaclaz

Edited by jaclaz
Link to comment
Share on other sites
ggf31416

ggf31416

Posted
Posted (edited)
Well, the problem is of course the "HEURISTIC" engine.

Actually, this false positive (at least with AVG Free) was not caused by the heuristics. Even with the heuristics turned off the executable was misidentified as an trojan.

Edited by ggf31416
Link to comment
Share on other sites
ggf31416

ggf31416

Posted
Posted (edited)

http://www.virustotal.com reports:

AntiVir no virus found

Authentium W32/Trojan.CXS

Avast no virus found

AVG no virus found

BitDefender no virus found

CAT-QuickHeal no virus found

ClamAV no virus found

DrWeb no virus found

eTrust-InoculateIT no virus found

eTrust-Vet no virus found

Ewido no virus found

Fortinet suspicious

F-Prot destructive program named W32/Trojan.CXS

Ikarus no virus found

Kaspersky no virus found

McAfee no virus found

Microsoft no virus found

NOD32v2 no virus found

Norman no virus found

Panda no virus found

Sophos no virus found

Symantec no virus found

TheHacker no virus found

UNA Trojan.Win32.Autoit

VBA32 no virus found

VirusBuster no virus found

Note: Authentium and F-PROT use the same engine

Edit: Removed link to full results (because they are not longer available).

Edited by ggf31416
Link to comment
Share on other sites
ggf31416

ggf31416

Posted
Posted
Good idea.

But, this : "UNA Trojan.Win32.Autoit" makes me think many AVs just classify all AutoIt scripts as dangerous. One should try with a script such as : "MsgBox, hello world!". :/

[sarcasm]The most dangerous virus of the World!!![/sarcasm] :lol::lol::lol:

MsgBox(0, "My First Script!", "Hello World!")

Fortinet suspicious

Panda Suspicious file

TheHacker Trojan/Clicker.Small.ht

UNA Backdoor.Rbot

Others Antivirus no virus found

Link to comment
Share on other sites
ggf31416

ggf31416

Posted
Posted (edited)
I wonder what would happen with something like

n=3

VirusFound : IloveYou.Tchernobyl ? :D

From http://virusscan.jotti.org/

Statistics: Last file scanned at least one scanner reported something about: LoveToBootv6.zip, detected by:

Scanner Malware name

AntiVir Trojan/Flood.VB.BN

ArcaVir Trojan.Flooder.Yahoo.Vb.N

Avast Win32:Trojan-gen. {VB}

AVG Antivirus Flooder.RT

BitDefender Backdoor.Genlot.AJL

ClamAV X

Dr.Web Tool.Yabot

F-Prot Antivirus security risk or a "backdoor" program

Fortinet HackerTool/Generic

Kaspersky Anti-Virus IM-Flooder.Win32.VB.bn

NOD32 Win32/Flooder.VB.BN

Norman Virus Control W32/VBFlood.KX

UNA X

VirusBuster X

VBA32 IM-Flooder.Win32.VB.bn

Every antivirus misses some sample, but UNA seems be the only one that misses everything. However is surprisingly good detecting the EICAR test file. :lol:

By the way see http://www.antisource.com/article.php/una-antivirus-ruse

Edit: The Linux version of UNA doesn't work or the antivirus is useless:

Statistics: Last file scanned at least one scanner reported something about: AutoTrain.exe, detected by:

Scanner Malware name

AntiVir Trojan/Spy.SCKeyLo.o.17

ArcaVir Trojan.Sckeylog

Avast Win32:SCkeylog-B

AVG Antivirus PSW.Sclog.D

BitDefender Win32.Repor.A

ClamAV Trojan.Spy.SCKeylog-2

Dr.Web Trojan.SCKeyLog.20

F-Prot Antivirus W32/SCkeylogger.D@pws

Fortinet W32/Sckeylog.O!tr

Kaspersky Anti-Virus Trojan-Spy.Win32.SCKeyLog.o

NOD32 Win32/Spy.SCKeyLog.O

Norman Virus Control W32/SCKeylog.E

UNA X

VirusBuster Trojan.Gogel.A

VBA32 Trojan-Spy.Win32.SCKeyLog.o

Edited by ggf31416
Link to comment
Share on other sites
nitro322

nitro322

Posted
  • Author
Posted (edited)
I try to extract the contents of a data2.cab, but keeps telling me that "It can't open data2.hdr". Any help with this?

I don't think it's possible to extract file from data2.cab directly. However, I believe that files stored in data2.cab are also included if you extract data1.cab. This has been my experience, anyway. I guess as with anything your mileage may vary.

I can tell you that UniExtract uses i6comp.exe on the backend to extract files from InstallShield cabs. If you don't seem to get all of the files by extracting from data1.cab like I suggested, maybe you can search for i6comp on Google for more information.

Edited by nitro322
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...