Page 1 of 1

[?]: anonym.to or false virus detection

Posted: Sun Jul 17, 2011 4:12 pm
by rpelle
Hi, i'm new to this great forum.
I've checked the pda pack here http://anonym.to/?http://www.virustotal.com to check the presence of viruses.
I'm alerted about viruses in these files:
* IbaAnalyzer-5.18.0 error 217 hotfix.exe
* ibaAnalyzer_e217_eDataExtractor_hotfix.exe
* ibapda.v6.24.6-unleashed-features.exe

:?:

-------------
A suggestion: to avoid external sites to discover this forum i suggest to use this service:
http://anonym.to/
without that, it is easy for the external sites to discover from where arrive their visitors...
example:
i don't link this http://www.virustotal.com
but i link this:
http://anonym.to/?http://www.virustotal.com

in this way, the website "virustotal" can't discover that their visitors arrives from this forum

Re: [?]: anonym.to

Posted: Mon Jul 18, 2011 6:21 am
by Linkinx64
rpelle wrote:I'm alerted about viruses in these files:
* IbaAnalyzer-5.18.0 error 217 hotfix.exe
* ibaAnalyzer_e217_eDataExtractor_hotfix.exe
* ibapda.v6.24.6-unleashed-features.exe
These files are created with Diablo2002 Universal Patcher = packer.
Files made with this tool are detecting as malicious by some antiviruses.
Truth is that it is a file packer.
Features

* multiple file patcher
* programmable patch procedure
* offset patcher
* search and replace patcher
* text patcher
* registry patcher
* loader generator
* compare files (RawOffset and VirtualAddress) with different filesize
* attach files to patcher
* get filepaths from registry
* CRC32/MD5 and filesize checks
* patching packed files
* compress patcher with your favorite packer << this option are detecting as malicious by some antiviruses.
* save/load projects
* use custom skin in your patcher
* add music (Tracker Modules: xm,mod,it,s3m,mtm,umx,v2m,ahx,sid) to patcher
* multilanguage support
* and many more...

virus in the patch

Posted: Tue Jul 19, 2011 11:01 am
by rpelle
Is it possible to use a different patcher so we can test your patch without problems due to antivirus?

Re: [?]: anonym.to

Posted: Tue Jul 19, 2011 11:52 am
by Linkinx64
I'm not planning to change patchtool at the moment. I'm satisfied with its functionality and do not see any malicious code inside of exe-files done with this tool. But if you can provide more evidences (rather than virus-checking with score 15/43) - I'll think about.

Patches provided "as is" and anyone use it for their own risk.

As an option you can run patches on virtual PC, patch dll in there and then bring patched dll on host OS.

P.S. At the first time the PDA Pack was delivered with .dll for manual replacement, later I've removed it in order to shrink archive size.

Re: [?]: anonym.to or false virus detection

Posted: Tue Jul 19, 2011 12:33 pm
by rpelle
thank you for your reply, i've used the manual procedure (replace the DLL) for the pda and it is perfect, but it is not possible with the hotfix of ibaanalyzer.

can you tell me the file that hotfix ibaanalyzer target?

thank you very much

Re: [?]: anonym.to or false virus detection

Posted: Tue Jul 19, 2011 2:07 pm
by Linkinx64
Image

Default destination : C:\Program Files\iba\ibaAnalyzer

P.S. If you not use the Data Extractor feature and no data collected with previous cracked iba release (e.g. v6.18.2) - you don't have to fix ibaAnalyzer 5.18.0.