[?]: anonym.to or false virus detection

O форуме и файлообменниках.
Правила (или почему могут забанить)
Post Reply
rpelle
Posts: 4
Joined: Sun Jul 17, 2011 1:29 pm

[?]: anonym.to or false virus detection

Post by rpelle » Sun Jul 17, 2011 4:12 pm

Hi, i'm new to this great forum.
I've checked the pda pack here http://anonym.to/?http://www.virustotal.com to check the presence of viruses.
I'm alerted about viruses in these files:
* IbaAnalyzer-5.18.0 error 217 hotfix.exe
* ibaAnalyzer_e217_eDataExtractor_hotfix.exe
* ibapda.v6.24.6-unleashed-features.exe

:?:

-------------
A suggestion: to avoid external sites to discover this forum i suggest to use this service:
http://anonym.to/
without that, it is easy for the external sites to discover from where arrive their visitors...
example:
i don't link this http://www.virustotal.com
but i link this:
http://anonym.to/?http://www.virustotal.com

in this way, the website "virustotal" can't discover that their visitors arrives from this forum

Linkinx64
Posts: 894
Joined: Sun Apr 11, 2010 3:00 am
Location: Russia

Re: [?]: anonym.to

Post by Linkinx64 » Mon Jul 18, 2011 6:21 am

rpelle wrote:I'm alerted about viruses in these files:
* IbaAnalyzer-5.18.0 error 217 hotfix.exe
* ibaAnalyzer_e217_eDataExtractor_hotfix.exe
* ibapda.v6.24.6-unleashed-features.exe
These files are created with Diablo2002 Universal Patcher = packer.
Files made with this tool are detecting as malicious by some antiviruses.
Truth is that it is a file packer.
Features

* multiple file patcher
* programmable patch procedure
* offset patcher
* search and replace patcher
* text patcher
* registry patcher
* loader generator
* compare files (RawOffset and VirtualAddress) with different filesize
* attach files to patcher
* get filepaths from registry
* CRC32/MD5 and filesize checks
* patching packed files
* compress patcher with your favorite packer << this option are detecting as malicious by some antiviruses.
* save/load projects
* use custom skin in your patcher
* add music (Tracker Modules: xm,mod,it,s3m,mtm,umx,v2m,ahx,sid) to patcher
* multilanguage support
* and many more...

rpelle
Posts: 4
Joined: Sun Jul 17, 2011 1:29 pm

virus in the patch

Post by rpelle » Tue Jul 19, 2011 11:01 am

Is it possible to use a different patcher so we can test your patch without problems due to antivirus?

Linkinx64
Posts: 894
Joined: Sun Apr 11, 2010 3:00 am
Location: Russia

Re: [?]: anonym.to

Post by Linkinx64 » Tue Jul 19, 2011 11:52 am

I'm not planning to change patchtool at the moment. I'm satisfied with its functionality and do not see any malicious code inside of exe-files done with this tool. But if you can provide more evidences (rather than virus-checking with score 15/43) - I'll think about.

Patches provided "as is" and anyone use it for their own risk.

As an option you can run patches on virtual PC, patch dll in there and then bring patched dll on host OS.

P.S. At the first time the PDA Pack was delivered with .dll for manual replacement, later I've removed it in order to shrink archive size.

rpelle
Posts: 4
Joined: Sun Jul 17, 2011 1:29 pm

Re: [?]: anonym.to or false virus detection

Post by rpelle » Tue Jul 19, 2011 12:33 pm

thank you for your reply, i've used the manual procedure (replace the DLL) for the pda and it is perfect, but it is not possible with the hotfix of ibaanalyzer.

can you tell me the file that hotfix ibaanalyzer target?

thank you very much

Linkinx64
Posts: 894
Joined: Sun Apr 11, 2010 3:00 am
Location: Russia

Re: [?]: anonym.to or false virus detection

Post by Linkinx64 » Tue Jul 19, 2011 2:07 pm

Image

Default destination : C:\Program Files\iba\ibaAnalyzer

P.S. If you not use the Data Extractor feature and no data collected with previous cracked iba release (e.g. v6.18.2) - you don't have to fix ibaAnalyzer 5.18.0.

Post Reply