subject:"Re\: Infected\? \(was\:4.0.34.16\)"

Re: Infected? (was:4.0.34.16)

2008-10-20 Thread Alain de Gevigney

Hello MAU,

 On  Mon, 20 Oct 2008 at 12:25:34 [GMT +0200] (which was 12:25 where I live) 
you wrote:

 The Bat! 4.0.34.16 (ALPHA) is available at

 When downloading completes I get a warning from NOD32 antivirus saying 
 that it is probably a modified variant of Win32/Packed.Themida.

Same here, I extract and retest it, no more warning.
NOD32 version 3537 (20081020) NT

 Any ideas or suggestions?

Ignore it ?


-- 
Regards, Alain
:aggy:
:flag-france:


  
 The Bat! 4.0.34.16 (ALPHA)
 Windows XP 5.1 Build 2600 Service Pack 3



 Current beta is 4.0.34.16 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Infected? (was:4.0.34.16)

2008-10-20 Thread Mackley

I've scan it with Agnitum Outpost Security Suite Pro 2009 (with
integrated antivirus/antimalware): no reports.

I've uploaded thebat.exe on VirusTotal and I get:

Win32.Malware.gen!92 (suspicious) by SecureWeb-Gateway
Sus/ComPack by Sophos
W32/Behav-Heuristic-064 by TheHacker

NOD32 with 3537 virus definitions = no results.


Maybe it's only an anti-crack protection with encryption, so I think
it's a false positive.

I'll install it

-- 

Mackley
  Italy


 Current beta is 4.0.34.16 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Infected? (was:4.0.34.16)

2008-10-20 Thread MAU

Hello Alain,

 Any ideas or suggestions?

 Ignore it ?

I think I will not ignore it, at least for the moment.

-- 
Best regards,

Miguel A. Urech (El Escorial - Spain)
Using The Bat! v4.0.34.15 (ALPHA) on Windows XP 5.1 Service Pack 3




 Current beta is 4.0.34.16 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Infected? (was:4.0.34.16)

2008-10-20 Thread Marek Mikus

Hello all,
Monday, October 20, 2008, MAU wrote:

 I think I will not ignore it, at least for the moment.

thebat.exe is protected against cracking and seems NOD32 detects this, even
I have ESET Smart Security virusbase 3537 and have no warning about exe.

-- 

Bye

Marek Mikus
Czech support of The Bat!
http://www.thebat.cz

Using the best The Bat! 4.0.34.13
under Windows XP 5.1 Build 2600 Service Pack 3
with MyMacros,XMP,AnotherMacros, AntispamSniper v 3.0.1.2
Notebook Toshiba, Core2 Duo 1.83 GHz, 4 GB RAM


 




 Current beta is 4.0.34.16 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Infected? (was:4.0.34.16)

2008-10-20 Thread MAU

Hello Mackley,

 Maybe it's only an anti-crack protection with encryption, so I think
 it's a false positive.

It probably is but, since it is the first time I get such (or similar) 
warning), I'd like to hear what RIT guys have to say about it.

-- 
Best regards,

Miguel A. Urech (El Escorial - Spain)
Using The Bat! v4.0.34.15 (ALPHA) on Windows XP 5.1 Service Pack 3




 Current beta is 4.0.34.16 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Infected? (was:4.0.34.16)

2008-10-20 Thread MAU

Hello MAU,

 When downloading completes I get a warning from NOD32 antivirus saying 
 that it is probably a modified variant of Win32/Packed.Themida.

This thread may be of interest:

http://www.wilderssecurity.com/showthread.php?t=184840

-- 
Best regards,

Miguel A. Urech (El Escorial - Spain)
Using The Bat! v4.0.34.15 (ALPHA) on Windows XP 5.1 Service Pack 3




 Current beta is 4.0.34.16 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Infected? (was:4.0.34.16)

2008-10-20 Thread MAU

Hello Marek,

 I think I will not ignore it, at least for the moment.

 thebat.exe is protected against cracking and seems NOD32 detects this, even
 I have ESET Smart Security virusbase 3537 and have no warning about exe.

In my first message I said when downloading completes. So, what NOD32
is analysing with module IMON (for POP3 and HTTP) is the HTTP download
of the rar file, and it gives the warning because I have the ThreatSense
option Potentially undesirable applications (translated from Spanish)
selected.

This is the warning I get:

Time: 20/10/2008 15:49:59
Module: IMON
Object: Compressed archive
Name: http://www.ritlabs.com/download/files3/the_bat/beta/tb403416.rar
Warning: Probably a modified variant of Win32/Packed.Themida

If I deselect the above mentioned option, I don't get the warning. It is 
the first time I get any warning when downloading a tb.rar file, so 
there must be something new and unique to this one. I get the warning 
with virusbases 3537 and 3538. But then, if I scan thebat.exe, I get no 
warning. So, go figure!

-- 
Best regards,

Miguel A. Urech (El Escorial - Spain)
Using The Bat! v4.0.34.16 (ALPHA) on Windows XP 5.1 Service Pack 3




 Current beta is 4.0.34.16 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Re: Infected? (was:4.0.34.16)

Re: Infected? (was:4.0.34.16)

Re: Infected? (was:4.0.34.16)

Re: Infected? (was:4.0.34.16)

Re: Infected? (was:4.0.34.16)

Re: Infected? (was:4.0.34.16)

Re: Infected? (was:4.0.34.16)

7 matches

Site Navigation

Mail list logo

Footer information