kjempen Posted June 7, 2006 Posted June 7, 2006 Thanks for this great application!If development is still ongoing, may I ask about adding support for Setup Factory installers?There's a Setup Factory unpacker here
nitro322 Posted June 11, 2006 Author Posted June 11, 2006 Thanks for this great application!You're welcome.If development is still ongoing, may I ask about adding support for Setup Factory installers?There's a Setup Factory unpacker hereSomeone else had requested this as well. I'll look into it for the next release (still probably a few weeks out), but if I recall correctly I believe that the Setup Factory unpacker you linked to only supports older versions of the product. I'll have to do some testing, of course, but if you happen to know of a specific .exe that it will unpack it'd be a huge help of you could send me a link to it.
ggf31416 Posted June 12, 2006 Posted June 12, 2006 (edited) Today AVG Free with the last updates shows UniExtract.exe as "Trojan Horse Generic.VFI"http://virusscan.jotti.org/ reports:File: UniExtract.exeStatus: INFECTED/MALWAREMD5 59ce357c2d9d4300b130d13ed991e2abPackers detected: UPXScanner resultsAntiVir Found nothingArcaVir Found nothingAvast Found nothingAVG Antivirus Found Generic.VFIBitDefender Found nothingClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingFortinet Found nothingKaspersky Anti-Virus Found nothingNOD32 Found nothingNorman Virus Control Found nothingUNA Found nothingVirusBuster Found nothingVBA32 Found nothingObviously it's a False Positive Edited June 12, 2006 by ggf31416
mr_stubble Posted June 13, 2006 Posted June 13, 2006 I have the latest version of UniversalExtractor installed on my jump drive. I had my drive connected to my PC all day yesterday with no problems. I leave at 1630.I come in this morning (to work) and eTrust Antivirus reports:-------------The Win32/Ardamax.C!Trojan was detected in N:\UNIVERSAL EXTRACTOR\BIN\UNIEXTRACT.EXE.Machine: CE****, User: ***CIC\john.doe <-- My PC name and username hereFile Status: File was cured; system cure performed.-------------eTrust Product Version: 7.1.501Engine Information:InoculateIT w/ Signature Version: 23.72.35 Last update 06/12/2006 2116Vet w/ Signature Version: 12.6.2253 Last update: 06/13/2006 0505Hope you can get this straightened out with the AV folks. Let me know if I can do anything to help.Great program, and thanks!
Camarade_Tux Posted June 13, 2006 Posted June 13, 2006 You should try to download UniExtract again, unpack it (no more UPX) and scan it with your AV.Download upx from here : http://upx.sourceforge.net/The unpack switch is "-d".
mr_stubble Posted June 13, 2006 Posted June 13, 2006 I'm sorry, but your steps were not entirely clear. I followed them the best I could. The eTrust AV's real time scanning monitor deletes the file every time it appears ANYWHERE on my PC.I think contact may need to made by the developer to the AV companies having them re-check their virus definitions and stop reporting this false positive.
Camarade_Tux Posted June 13, 2006 Posted June 13, 2006 Try this : http://rapidshare.de/files/22974307/uniext...t_noupx.7z.html(simply unpacked uniextract.exe)
mr_stubble Posted June 13, 2006 Posted June 13, 2006 Downloaded and extracted the file from RapidShare as instructed. I appreciate all the effort, but eTrust still detects it as a trojan and deletes it.
mr_stubble Posted June 14, 2006 Posted June 14, 2006 Yes, same error. Tried again this morning using both the downloaded file from the website (uniextract121_noinst.rar) and the file you uploaded for me (uniextract121_noinst_noupx.7z) and tried to extract the file from the archive to my HDD. eTrust picks it up and deletes uniextract.exe just as it goes to the temp file for copying to the destination folder.I tried to send the file to Computer Associates via their virus submittal program to have them take a look at it and maybe reevaluate their virus scanning engine, but I can't even extract the file long enough to archive and email it. Maybe I'll just send the whole installation archive...?
ggf31416 Posted June 14, 2006 Posted June 14, 2006 I reported the false positive to AVG yesterday. It's fixed with the lastest updates (Some minutes ago).
nitro322 Posted June 15, 2006 Author Posted June 15, 2006 Thanks for the virus reports. A couple people had e-mailed me about it as well, but I've been rather busy for the last week and haven't had time to work on this myself.This has actually happened a few times in the past; not specifically to UniExtract.exe, but rather all AutoIT scripts. As Camarade_Tux pointed out, this is generally because AutoIT uses UPX to compress it's executables. UPX is also used by a lot of malware for the same purposes, so A/V vendors sometimes get a little too aggressive on there updates and end up treating ALL UPX executables as malware. I personally encountered this with AVG about a year ago, and after it deleted every AutoIT script on my system I very quickly uninstalled it and have never used it again.ggf31416, big thanks for reporting this to AVG and getting it taken care of.
mr_stubble Posted June 15, 2006 Posted June 15, 2006 Email from eTrust 25 minutes after I submitted the .rar archive downloaded from the website for their review:Detection of 'Win32/Ardamax.C!Trojan' is a confirmed False Alarm and its removal will be added to today's signature release 23.72.39Regards,CA eTrust Antivirus Research and Response GroupThanks for everyone's help! And thanks again for this excellent software nitro322. It has saved me many an unnecessary install. I found it especially useful on my home PC last night extract needed files from installations to update my BartPE installation.
totoymola Posted June 16, 2006 Posted June 16, 2006 (edited) Some AV softwares are so paranoid. Even NIS2006 detect my SFX files as trojan! Edited June 16, 2006 by totoymola
Recommended Posts