plcforum.uz.ua
http://plcforum.uz.ua/

[?]: anonym.to or false virus detection
http://plcforum.uz.ua/viewtopic.php?f=2&t=15971
Page 1 of 1

Author:  rpelle [ Sun Jul 17, 2011 7:12 pm ]
Post subject:  [?]: anonym.to or false virus detection

Hi, i'm new to this great forum.
I've checked the pda pack here http://anonym.to/?http://www.virustotal.com to check the presence of viruses.
I'm alerted about viruses in these files:
* IbaAnalyzer-5.18.0 error 217 hotfix.exe
* ibaAnalyzer_e217_eDataExtractor_hotfix.exe
* ibapda.v6.24.6-unleashed-features.exe

:?:

-------------
A suggestion: to avoid external sites to discover this forum i suggest to use this service:
http://anonym.to/
without that, it is easy for the external sites to discover from where arrive their visitors...
example:
i don't link this http://www.virustotal.com
but i link this:
http://anonym.to/?http://www.virustotal.com

in this way, the website "virustotal" can't discover that their visitors arrives from this forum

Author:  Linkinx64 [ Mon Jul 18, 2011 9:21 am ]
Post subject:  Re: [?]: anonym.to

rpelle wrote:
I'm alerted about viruses in these files:
* IbaAnalyzer-5.18.0 error 217 hotfix.exe
* ibaAnalyzer_e217_eDataExtractor_hotfix.exe
* ibapda.v6.24.6-unleashed-features.exe

These files are created with Diablo2002 Universal Patcher = packer.
Files made with this tool are detecting as malicious by some antiviruses.
Truth is that it is a file packer.
Quote:
Features

* multiple file patcher
* programmable patch procedure
* offset patcher
* search and replace patcher
* text patcher
* registry patcher
* loader generator
* compare files (RawOffset and VirtualAddress) with different filesize
* attach files to patcher
* get filepaths from registry
* CRC32/MD5 and filesize checks
* patching packed files
* compress patcher with your favorite packer << this option are detecting as malicious by some antiviruses.
* save/load projects
* use custom skin in your patcher
* add music (Tracker Modules: xm,mod,it,s3m,mtm,umx,v2m,ahx,sid) to patcher
* multilanguage support
* and many more...

Author:  rpelle [ Tue Jul 19, 2011 2:01 pm ]
Post subject:  virus in the patch

Is it possible to use a different patcher so we can test your patch without problems due to antivirus?

Author:  Linkinx64 [ Tue Jul 19, 2011 2:52 pm ]
Post subject:  Re: [?]: anonym.to

I'm not planning to change patchtool at the moment. I'm satisfied with its functionality and do not see any malicious code inside of exe-files done with this tool. But if you can provide more evidences (rather than virus-checking with score 15/43) - I'll think about.

Patches provided "as is" and anyone use it for their own risk.

As an option you can run patches on virtual PC, patch dll in there and then bring patched dll on host OS.

P.S. At the first time the PDA Pack was delivered with .dll for manual replacement, later I've removed it in order to shrink archive size.

Author:  rpelle [ Tue Jul 19, 2011 3:33 pm ]
Post subject:  Re: [?]: anonym.to or false virus detection

thank you for your reply, i've used the manual procedure (replace the DLL) for the pda and it is perfect, but it is not possible with the hotfix of ibaanalyzer.

can you tell me the file that hotfix ibaanalyzer target?

thank you very much

Author:  Linkinx64 [ Tue Jul 19, 2011 5:07 pm ]
Post subject:  Re: [?]: anonym.to or false virus detection

Image

Default destination : C:\Program Files\iba\ibaAnalyzer

P.S. If you not use the Data Extractor feature and no data collected with previous cracked iba release (e.g. v6.18.2) - you don't have to fix ibaAnalyzer 5.18.0.

Page 1 of 1 All times are UTC + 3 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/