[ggf31416]

jaclaz, on Jun 18 2006, 12:48 PM, said:

Well, the problem is of course the "HEURISTIC" engine.

Actually, this false positive (at least with AVG Free) was not caused by the heuristics. Even with the heuristics turned off the executable was misidentified as an trojan.

This post has been edited by ggf31416: 18 June 2006 - 01:54 PM

[war59312]

Camarade_Tux, on Jun 17 2006, 11:33 AM, said:

Does it still say

Quote

(UPX)

?

Yeah oddly it sure does!

[ggf31416]

http://www.virustotal.com reports:

AntiVir no virus found
Authentium W32/Trojan.CXS
Avast no virus found
AVG no virus found
BitDefender no virus found
CAT-QuickHeal no virus found
ClamAV no virus found
DrWeb no virus found
eTrust-InoculateIT no virus found
eTrust-Vet no virus found
Ewido no virus found
Fortinet suspicious
F-Prot destructive program named W32/Trojan.CXS
Ikarus no virus found
Kaspersky no virus found
McAfee no virus found
Microsoft no virus found
NOD32v2 no virus found
Norman no virus found
Panda no virus found
Sophos no virus found
Symantec no virus found
TheHacker no virus found
UNA Trojan.Win32.Autoit
VBA32 no virus found
VirusBuster no virus found

Note: Authentium and F-PROT use the same engine

Edit: Removed link to full results (because they are not longer available).

This post has been edited by ggf31416: 24 June 2006 - 05:32 AM

[Camarade_Tux]

Good idea.

But, this : "UNA Trojan.Win32.Autoit" makes me think many AVs just classify all AutoIt scripts as dangerous. One should try with a script such as : "MsgBox, hello world!". :/

[jroc]

lol FALSE POSITIVE....get a good AV....I use Kaspersky...and no 'UPX' problem or reported trojan....NICE PROGRAM

[ggf31416]

Camarade_Tux, on Jun 23 2006, 11:31 AM, said:

Good idea.

But, this : "UNA Trojan.Win32.Autoit" makes me think many AVs just classify all AutoIt scripts as dangerous. One should try with a script such as : "MsgBox, hello world!". :/

[sarcasm]The most dangerous virus of the World!!![/sarcasm]

MsgBox(0, "My First Script!", "Hello World!")

Fortinet suspicious
Panda Suspicious file
TheHacker Trojan/Clicker.Small.ht
UNA Backdoor.Rbot
Others Antivirus no virus found

[Camarade_Tux]

I wonder what would happen with something like
n=3
VirusFound : IloveYou.Tchernobyl ?

Thanks ggf31416 we know what AV should not be trusted.

[ggf31416]

Camarade_Tux, on Jun 24 2006, 07:24 AM, said:

I wonder what would happen with something like
n=3
VirusFound : IloveYou.Tchernobyl ?

From http://virusscan.jotti.org/
Statistics: Last file scanned at least one scanner reported something about: LoveToBootv6.zip, detected by:

Scanner Malware name
AntiVir Trojan/Flood.VB.BN
ArcaVir Trojan.Flooder.Yahoo.Vb.N
Avast Win32:Trojan-gen. {VB}
AVG Antivirus Flooder.RT
BitDefender Backdoor.Genlot.AJL
ClamAV X
Dr.Web Tool.Yabot
F-Prot Antivirus security risk or a "backdoor" program
Fortinet HackerTool/Generic
Kaspersky Anti-Virus IM-Flooder.Win32.VB.bn
NOD32 Win32/Flooder.VB.BN
Norman Virus Control W32/VBFlood.KX
UNA X
VirusBuster X
VBA32 IM-Flooder.Win32.VB.bn

Every antivirus misses some sample, but UNA seems be the only one that misses everything. However is surprisingly good detecting the EICAR test file.

By the way see http://www.antisourc...-antivirus-ruse

Edit: The Linux version of UNA doesn't work or the antivirus is useless:

Statistics: Last file scanned at least one scanner reported something about: AutoTrain.exe, detected by:
Scanner Malware name
AntiVir Trojan/Spy.SCKeyLo.o.17
ArcaVir Trojan.Sckeylog
Avast Win32:SCkeylog-B
AVG Antivirus PSW.Sclog.D
BitDefender Win32.Repor.A
ClamAV Trojan.Spy.SCKeylog-2
Dr.Web Trojan.SCKeyLog.20
F-Prot Antivirus W32/SCkeylogger.D@pws
Fortinet W32/Sckeylog.O!tr
Kaspersky Anti-Virus Trojan-Spy.Win32.SCKeyLog.o
NOD32 Win32/Spy.SCKeyLog.O
Norman Virus Control W32/SCKeylog.E
UNA X
VirusBuster Trojan.Gogel.A
VBA32 Trojan-Spy.Win32.SCKeyLog.o

This post has been edited by ggf31416: 24 June 2006 - 07:00 AM

[gebeleizis]

I try to extract the contents of a data2.cab, but keeps telling me that "It can't open data2.hdr". Any help with this?
Anywho, this is a grat tool. Thanks!


Peace out!

[nitro322]

gebeleizis, on Jun 24 2006, 04:23 PM, said:

I try to extract the contents of a data2.cab, but keeps telling me that "It can't open data2.hdr". Any help with this?

I don't think it's possible to extract file from data2.cab directly. However, I believe that files stored in data2.cab are also included if you extract data1.cab. This has been my experience, anyway. I guess as with anything your mileage may vary.

I can tell you that UniExtract uses i6comp.exe on the backend to extract files from InstallShield cabs. If you don't seem to get all of the files by extracting from data1.cab like I suggested, maybe you can search for i6comp on Google for more information.

This post has been edited by nitro322: 24 June 2006 - 07:14 PM

[ggf31416]

How about add support for Zip archives that use the Bzip2 compression method?
7-zip support it (but Info-zip not).

[nitro322]

ggf31416, on Jun 25 2006, 08:28 AM, said:

How about add support for Zip archives that use the Bzip2 compression method?
7-zip support it (but Info-zip not).

Can you post a link to such a file? I'd be happy to look into it.

[ggf31416]

nitro322, on Jun 26 2006, 10:21 AM, said:

Can you post a link to such a file? I'd be happy to look into it.

Using 7-zip (every version since 2003-04-19 - 2.30b30), Select some files, click Add, choose Format: Zip and Method: Bzip2. Almost the same for WinZip 10. Also you can use PKZIP.

If you want a zip file using Store, Deflate, Deflate64 and Bzip2 (Created with KZIP, 7-zip and ZIPMIX): Test File

This post has been edited by ggf31416: 26 June 2006 - 09:29 AM

[clauderenaud]

Universal Extractor problem


Hi All,

I recently discovered, downloaded and installed Universal Extractor, a very powerful program!
But for the moment, I use the 1.2.1 release and have little problems with it.
When, for example, I try to do some UniExtract operations on the UniExtract121.Exe file whatever the uniextract to option I choose from the contextual menu
all my files end in the {app} directory in the root of the curent drive ...
and with an error !!!

And I am unable to unpack the skypesetup.Exe file which is a normal innosetup package ...

Note : I installed UniExtract from the installer choosing the default options.

clauderenaud, on Jun 29 2006, 09:28 PM, said:

Universal Extractor problem


Hi All,

I recently discovered, downloaded and installed Universal Extractor, a very powerful program!
But for the moment, I use the 1.2.1 release and have little problems with it.
When, for example, I try to do some UniExtract operations on the UniExtract121.Exe file whatever the uniextract to option I choose from the contextual menu
all my files end in the {app} directory in the root of the curent drive ...
and with an error !!!

And I am unable to unpack the skypesetup.Exe file which is a normal innosetup package ...

Note : I installed UniExtract from the installer choosing the default options.

A bit more information ...

I found the solution of the uniextract misworking.
It was apparently because my default command processor was not cmd.Exe but 4nt.Exe (from Jp Software available at http://www.jpsoft.com).
So a question :
why does Universal Extractor not work properly when cmd.Exe is not the default command processor (in the comspec variable) ?
Is it because cmd.Exe is hard coded in independant programs uniextract uses to unpack/uncompress files ?
IS there a workaround ?

And unfortunately, I did not succeed in resolving my skypesetup.Exe extraction problem.
Each time I try to do so, here is the error message (from uniextract.txt) I receive :
"; Version detected: 5004
Signature: Inno Setup Setup Data (5.0.4skp)
Error (EOutOfMemory) "Out of memory" at address 004029F4"



Excuse me !!!

I inadvertantly posted questions dedicated to the forum in the "Universal Extractor 1.2 Released" news.
Could it be possible to delete those comments please ?

[clauderenaud]

I found the solution concerning my default command processor issue (it just needs some tweaking).

About skypesetup.exe no more news.
Apparently this setup package is a signed one and I wondered if it is not the cause of the unpack problem ...
Even in command line with the innosetup unpacker I have the same result ...

[medzik]

Hello, your tool is just great! The WISE unpacking is true maestry! I have one simple suggestion:
You could add a /E [location] console switch for unknown setup files (for example McAfee one) to extract file; see for yourself here (definitions file: http://download.mcaf...Dat.asp?real=0).

Best greetz & thanks!

[ggf31416]

Another False Positive: Now Antivir detects IsXunpack.exe as "TR/Crypt.F.Gen"

Complete scanning result of "IsXunpack.exe", received in VirusTotal at 07.03.2006, 05:47:55 (CET).
AntiVir TR/Crypt.F.Gen
CAT-QuickHeal (Suspicious) - DNAScan
Fortinet suspicious
Panda Suspicious file

The other 22 antivirus no virus found

For comparison purposes a file compressed with Upack...
Complete scanning result of "7zSD.upack", received in VirusTotal at 07.03.2006, 05:52:33 (CET).
CAT-QuickHeal (Suspicious) - DNAScan
Fortinet suspicious

...and a file compressed with UPX
Complete scanning result of "7z.upx", received in VirusTotal at 07.03.2006, 05:54:38 (CET).
Panda Suspicious file

For some reason the Antivir team think that IsXunpack.exe is a real virus
http://portablefreew...topic.php?p=976

This post has been edited by ggf31416: 02 July 2006 - 10:43 PM

[war59312]

Yeah and the worst thing is I am warned about it after every reboot. Getting annoying. Just wish they would fix their **** detections.

[ggf31416]

war59312, on Jul 4 2006, 08:57 PM, said:

Yeah and the worst thing is I am warned about it after every reboot. Getting annoying. Just wish they would fix their **** detections.

What's antivirus are you using?

If you are using AntiVir you can exclude files from the Resident Guard:
Extras -> Configuration -> Guard (Expert Mode must be enabled) -> Scan -> Click the + -> Exception -> Files objects to be omitted for the Guard

[Clippit]

I like Universal Extractor very much.
I produced a simplified Chinese version, and I hope it can be the Official Simplified Chinese version ^o^