From the NSIS Forum:
lkj (Igor Pavlov)
[NSIS].nsi script extracting will be disabled in next version of 7-zip.

Read the thread "7zip now allows to extract installers"

Hi, I'm using Universal Extractor for some time now. It works quite good, except for WISE installshield installation packages. Most of time the extract window just hangs.

EDIT:

I found out you are using version 1.03b of i6comp to decompress InstallShield packages dated Jan-10-2002.

However when reading release info of i6comp 1.03b:


Morlac is main developer, however somone else patched this version with a single bugfix. No program improvements in 1.03b

Now the hanging issue. I did not experience this issue with i6comp v0.20 I use on my system. It is able to decompress nearly all InstallShield packages available.

When reading the release info of i6comp v0.20:


A new revision of i6comp. Look also at the changelog:


I would like to also be able to extract compressed exe-types like:

- UPX
- Aspack (look for AsPackDie 1.4.1)

As InnoSetup developer tells:

thanks. i really like this program.
please continue with your excellant work.

--nitro--
I just dumped flstudio 608 (NSIS setup) for the 1st time...very nice.
I had about given up. ...& thx very much for info. on 7zip status and that it now works w/NSIS.

****!! nsi scripot extraction feature is going to be removed.

Thanks for the heads up on this, ggf31416. I've been following this pretty closely, though I haven't had time to reply in the last few days. There's also a thread about this on 7-Zip's forum:
http://sourceforge.net/forum/forum.php?thr...&forum_id=45797

The bottom line is that a vocal minority on Winamp.com's forums are making a huge deal out of a non-issue. Even on their own forum, most of the posts have been along the lines of, "NSIS is an open-source installer. It shouldn't be relied upon for foolproof protection of sensitive data." Those sentiments hit the nail on the head. This issue is no different than when innounp was first released, and did the same thing for Inno Setup installers. Want to know what happened? Nothing. Except Inno Setup installer users had more options available to them. To be completely honest, innounp is one of the reasons I myself use Inno Setup for all of my installers - I LIKE the fact that my users have this capability, if they so choose. As an NSIS installer user (for Gaim, FileZilla, and many others), I HATE the fact that I cannot extract files from the installer without installing it, adding who knows what to my registry, copy the files out of the installed directory, uninstall it, then deal with anything it may have left behind. It's a pain in the rear, and I'm sure many people on this forum would agree with me (especially considering NSIS has been the number one request for Universal Extractor).

So, I'll continue to follow this and see what develops. Hopefully this will all blow over, proper support will be enabled in 7-zip, and we can all live happily ever after.


hp38guser, I need more details here. Wise and InstallShield are two different packaging systems. There's no such thing as a "WISE installshield installation package". Can you be more specific about what you're trying to extract? Direct download links help.


I don't follow you here. Are you saying that version 0.20 of i6comp is more reliable than 1.03b? Was there another release somewhere that I missed? Can you provide a link to the specific version you're discussing?


This has been requested before, but I haven't added it because, frankly, I don't see the it as a good fit for Universal Extractor. UniExtract is a general purpose extractor/unpacker. It's not meant to be a decompiler, unless that may be needed is part of the extraction process.

Can you provide a little more information on why you'd like this added? How would it benefit you, and other users? I'm not asking for a detailed jusification or anything, just trying to get a better understanding of how it'd be used.

Thanks.

Well the WISE package problem seems to be solved with v1.2.1 of Universal Extractor.

About Exe decompressors. It might be political, but I just want control over my system. Some software what tries to hide itself from the system by compressing itself is not what should happen. Also if you want to rip some bitmaps or icons from such a package it may become handy.

I'm not talking about decrypting.

Don't forget replacement of system dll's - thats the No. 1 source of problems in Windows. Although the situation has improved, I still can't be sure that some inexperienced/overzealous author has got it right.

GL

I saw you are using 7z.exe which is using lots of .dll files. You could instead use a single-file command line program 7za.exe (same author) which about 40% smaller and could be found at Sourceforge.

Added:
Maby 7za.exe is only for 7z files and not for others like iso, z, ...? If so my proposal is no good.

7za is only for 7z, zip, tar, gz, bz2 and z.

Afaik 7za handles as many types as 7z+dlls.
However it might not always have been true. I read this file was not updated on sourceforge until recently. :don'treallyknow:


Also, there is a new major version of PeID available.


And another thanks for this app.

Nitro322, many thanks for this great application, have been using it for almost a half year now...

I see you're point. I'll look into this again when I start working on a new version.


Camarade_Tux, I believe that ggf31416 is correct in that 7za.exe support significantly fewer formats than 7z.exe. In fact, when I first added 7-zip to Universal Extractor, I started with 7za. However, I couldn't get it to work with many of the supposedly supported formats, which eventually led me to using 7z.exe with all of the DLLs.

I believe that the update you mentioned was simply to bring it in sync with the latest version of 7-Zip. However, just to be sure I'll go ahead and check it out again on during my next dev cycle. Believe me, I'm all for making this as small as possible. :-)


Excellent! I'll definitely use this new version, which should hopefully improve my .exe filetype detection. Being able to accurately determine the archive/installer type is the single most important piece of the puzzle, so this should help improve things quite a bit.


You're more than welcome. Glad to hear it's getting a lot of use. :-)

I'll let everyone know when I start working on a new version, but at this point it's still likely a few weeks away. Real work keeps getting in the way.

Hi Nitro,

It will be good if you can also extract the embeded directory with your soft.
Somes infos from the compile.bin file are interesting to repack the application; I use a disasm soft.

I found an unpacker explorer tool (IsUnp10setup.exe) which show all the structure and files inside the application; nice if you can implemente this kind of tools inside your!!

Last request, you or somebody else can explain me the structure of a NSI file with comparison with Inno structure; I don't understand nothing with "$R0", "$PluginDir"... (see below).

Many thanks again for this nice application.

Click to view attachment

I don't quite follow you here. IS Unpacker Explorer, as far as I'm aware, is a frontend to innounp.exe. All it does is provide the ability to unpack Inno Setup installers with innounp using a GUI interface. The end result should be the exact same as Universal Extractor, since I'm also using innounp to unpack Inno Setup installers. What exactly are you requesting?


I'm not really sure what they mean myself, as I also use Inno Setup for all my packaging needs. Even more confusing is that each NSIS installer I've unpacked seems to be slightly different. For example, compare the directories shown in your image (which looks like the DivX Player installer) to the directories extracted from the Gaim installer:

$_OUTDIR
$1
$PLUGINSDIR
$R0
$SYSDIR

DivX doesn't use $_OUTDIR, it uses $0 instead of $1, and it has a bunch of DivX-specific folders that Gaim lacks. I don't get it either. :-)

if archive types are associated with uniext they all belong to the same file type group "Universal Extractor Archive" in windows xp explorer if you group the entrys as on the pic:



i dont like it that mozilla-xpi-extensions, isos, jar-files and also rars, and zips are in one group cause they have all other functions. can you split it to "Universal Extractor XPI Archive", "Universal Extractor 7Z Archive" and so on?

Yes It is!

Just, I want to say is Universal Extractor don't extract the "Embeded" dir.

In this directory you will find the pics but also sometimes if the author had done some script, a compiled file.

Thanks.

Ok, I gotcha now. I'll have to investigate this for the next version. I'm not opposed to it, just have never realized it could be done.

Thanks for the suggestion.


Hmm... I've actually never seen this "view" in Windows Explorer before. Interesting. :-)

I don't know how difficult this would be, but I'll look into it for the next version.

Indeed, in fact 7za only supports 4 formats (written in 7zip's help).

This is cool! Thanks!

Thanks for this great application!

If development is still ongoing, may I ask about adding support for Setup Factory installers?
There's a Setup Factory unpacker here

You're welcome.


Someone else had requested this as well. I'll look into it for the next release (still probably a few weeks out), but if I recall correctly I believe that the Setup Factory unpacker you linked to only supports older versions of the product. I'll have to do some testing, of course, but if you happen to know of a specific .exe that it will unpack it'd be a huge help of you could send me a link to it.

Today AVG Free with the last updates shows UniExtract.exe as "Trojan Horse Generic.VFI"

http://virusscan.jotti.org/ reports:

File: UniExtract.exe
Status: INFECTED/MALWARE
MD5 59ce357c2d9d4300b130d13ed991e2ab
Packers detected: UPX

Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic.VFI
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Obviously it's a False Positive

I have the latest version of UniversalExtractor installed on my jump drive. I had my drive connected to my PC all day yesterday with no problems. I leave at 1630.

I come in this morning (to work) and eTrust Antivirus reports:
-------------
The Win32/Ardamax.C!Trojan was detected in N:\UNIVERSAL EXTRACTOR\BIN\UNIEXTRACT.EXE.
Machine: CE****, User: ***CIC\john.doe <-- My PC name and username here
File Status: File was cured; system cure performed.
-------------
eTrust Product Version: 7.1.501
Engine Information:
InoculateIT w/ Signature Version: 23.72.35 Last update 06/12/2006 2116
Vet w/ Signature Version: 12.6.2253 Last update: 06/13/2006 0505

Hope you can get this straightened out with the AV folks. Let me know if I can do anything to help.

Great program, and thanks!

You should try to download UniExtract again, unpack it (no more UPX) and scan it with your AV.
Download upx from here : http://upx.sourceforge.net/
The unpack switch is "-d".

I'm sorry, but your steps were not entirely clear. I followed them the best I could. The eTrust AV's real time scanning monitor deletes the file every time it appears ANYWHERE on my PC.

I think contact may need to made by the developer to the AV companies having them re-check their virus definitions and stop reporting this false positive.

Try this : http://rapidshare.de/files/22974307/uniext...t_noupx.7z.html
(simply unpacked uniextract.exe)

Downloaded and extracted the file from RapidShare as instructed. I appreciate all the effort, but eTrust still detects it as a trojan and deletes it.

With the same error ?

Yes, same error. Tried again this morning using both the downloaded file from the website (uniextract121_noinst.rar) and the file you uploaded for me (uniextract121_noinst_noupx.7z) and tried to extract the file from the archive to my HDD. eTrust picks it up and deletes uniextract.exe just as it goes to the temp file for copying to the destination folder.

I tried to send the file to Computer Associates via their virus submittal program to have them take a look at it and maybe reevaluate their virus scanning engine, but I can't even extract the file long enough to archive and email it. Maybe I'll just send the whole installation archive...?

I reported the false positive to AVG yesterday. It's fixed with the lastest updates (Some minutes ago).

Thanks for the virus reports. A couple people had e-mailed me about it as well, but I've been rather busy for the last week and haven't had time to work on this myself.

This has actually happened a few times in the past; not specifically to UniExtract.exe, but rather all AutoIT scripts. As Camarade_Tux pointed out, this is generally because AutoIT uses UPX to compress it's executables. UPX is also used by a lot of malware for the same purposes, so A/V vendors sometimes get a little too aggressive on there updates and end up treating ALL UPX executables as malware. I personally encountered this with AVG about a year ago, and after it deleted every AutoIT script on my system I very quickly uninstalled it and have never used it again.

ggf31416, big thanks for reporting this to AVG and getting it taken care of.

Email from eTrust 25 minutes after I submitted the .rar archive downloaded from the website for their review:

Detection of 'Win32/Ardamax.C!Trojan' is a confirmed False Alarm and its removal will be added to today's signature release 23.72.39

Regards,

CA eTrust Antivirus Research and Response Group

Thanks for everyone's help! And thanks again for this excellent software nitro322. It has saved me many an unnecessary install. I found it especially useful on my home PC last night extract needed files from installations to update my BartPE installation.

Um same here with F-Prot Anti Virus:

Some AV softwares are so paranoid.

Even NIS2006 detect my SFX files as trojan!

I don't think paranoid is the correct word, maybe 'stupid'.
Or do these antivirus software like false alarms?

Could you try my "repack" ?
http://rapidshare.de/files/22974307/uniext...t_noupx.7z.html

Also, scanned with NOD32, all options enabled, advanced heuristics (the thing that is not enabled because it is too CPU hungry ), and nothing. At least this scanner is OK.

Same thing Camarade_Tux.

Does it still say
?

Well, the problem is of course the "HEURISTIC" engine.
http://whatis.techtarget.com/definition/0,...i212246,00.html


Life is tough.

You cannot expect to increase the probability of stopping a new virus, for which there is NO signature/experience, WITHOUT risking to increase the probability of false alarms.

Decisions, always decisions.....

jaclaz

Actually, this false positive (at least with AVG Free) was not caused by the heuristics. Even with the heuristics turned off the executable was misidentified as an trojan.

Yeah oddly it sure does!

http://www.virustotal.com reports:

AntiVir no virus found
Authentium W32/Trojan.CXS
Avast no virus found
AVG no virus found
BitDefender no virus found
CAT-QuickHeal no virus found
ClamAV no virus found
DrWeb no virus found
eTrust-InoculateIT no virus found
eTrust-Vet no virus found
Ewido no virus found
Fortinet suspicious
F-Prot destructive program named W32/Trojan.CXS
Ikarus no virus found
Kaspersky no virus found
McAfee no virus found
Microsoft no virus found
NOD32v2 no virus found
Norman no virus found
Panda no virus found
Sophos no virus found
Symantec no virus found
TheHacker no virus found
UNA Trojan.Win32.Autoit
VBA32 no virus found
VirusBuster no virus found

Note: Authentium and F-PROT use the same engine

Edit: Removed link to full results (because they are not longer available).

Good idea.

But, this : "UNA Trojan.Win32.Autoit" makes me think many AVs just classify all AutoIt scripts as dangerous. One should try with a script such as : "MsgBox, hello world!". :/

lol FALSE POSITIVE....get a good AV....I use Kaspersky...and no 'UPX' problem or reported trojan....NICE PROGRAM

[sarcasm]The most dangerous virus of the World!!![/sarcasm]



Fortinet suspicious
Panda Suspicious file
TheHacker Trojan/Clicker.Small.ht
UNA Backdoor.Rbot
Others Antivirus no virus found

I wonder what would happen with something like
n=3
VirusFound : IloveYou.Tchernobyl ?

Thanks ggf31416 we know what AV should not be trusted.

From http://virusscan.jotti.org/
Statistics: Last file scanned at least one scanner reported something about: LoveToBootv6.zip, detected by:

Scanner Malware name
AntiVir Trojan/Flood.VB.BN
ArcaVir Trojan.Flooder.Yahoo.Vb.N
Avast Win32:Trojan-gen. {VB}
AVG Antivirus Flooder.RT
BitDefender Backdoor.Genlot.AJL
ClamAV X
Dr.Web Tool.Yabot
F-Prot Antivirus security risk or a "backdoor" program
Fortinet HackerTool/Generic
Kaspersky Anti-Virus IM-Flooder.Win32.VB.bn
NOD32 Win32/Flooder.VB.BN
Norman Virus Control W32/VBFlood.KX
UNA X
VirusBuster X
VBA32 IM-Flooder.Win32.VB.bn

Every antivirus misses some sample, but UNA seems be the only one that misses everything. However is surprisingly good detecting the EICAR test file.

By the way see http://www.antisource.com/article.php/una-antivirus-ruse

Edit: The Linux version of UNA doesn't work or the antivirus is useless:

Statistics: Last file scanned at least one scanner reported something about: AutoTrain.exe, detected by:
Scanner Malware name
AntiVir Trojan/Spy.SCKeyLo.o.17
ArcaVir Trojan.Sckeylog
Avast Win32:SCkeylog-B
AVG Antivirus PSW.Sclog.D
BitDefender Win32.Repor.A
ClamAV Trojan.Spy.SCKeylog-2
Dr.Web Trojan.SCKeyLog.20
F-Prot Antivirus W32/SCkeylogger.D@pws
Fortinet W32/Sckeylog.O!tr
Kaspersky Anti-Virus Trojan-Spy.Win32.SCKeyLog.o
NOD32 Win32/Spy.SCKeyLog.O
Norman Virus Control W32/SCKeylog.E
UNA X
VirusBuster Trojan.Gogel.A
VBA32 Trojan-Spy.Win32.SCKeyLog.o

I try to extract the contents of a data2.cab, but keeps telling me that "It can't open data2.hdr". Any help with this?
Anywho, this is a grat tool. Thanks!


Peace out!

I don't think it's possible to extract file from data2.cab directly. However, I believe that files stored in data2.cab are also included if you extract data1.cab. This has been my experience, anyway. I guess as with anything your mileage may vary.

I can tell you that UniExtract uses i6comp.exe on the backend to extract files from InstallShield cabs. If you don't seem to get all of the files by extracting from data1.cab like I suggested, maybe you can search for i6comp on Google for more information.