Re: Infected? (was:4.0.34.16)
Hello MAU, On Mon, 20 Oct 2008 at 12:25:34 [GMT +0200] (which was 12:25 where I live) you wrote: The Bat! 4.0.34.16 (ALPHA) is available at When downloading completes I get a warning from NOD32 antivirus saying that it is probably a modified variant of Win32/Packed.Themida. Same here, I extract and retest it, no more warning. NOD32 version 3537 (20081020) NT Any ideas or suggestions? Ignore it ? -- Regards, Alain :aggy: :flag-france: The Bat! 4.0.34.16 (ALPHA) Windows XP 5.1 Build 2600 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
I've scan it with Agnitum Outpost Security Suite Pro 2009 (with integrated antivirus/antimalware): no reports. I've uploaded thebat.exe on VirusTotal and I get: Win32.Malware.gen!92 (suspicious) by SecureWeb-Gateway Sus/ComPack by Sophos W32/Behav-Heuristic-064 by TheHacker NOD32 with 3537 virus definitions = no results. Maybe it's only an anti-crack protection with encryption, so I think it's a false positive. I'll install it -- Mackley Italy Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello Alain, Any ideas or suggestions? Ignore it ? I think I will not ignore it, at least for the moment. -- Best regards, Miguel A. Urech (El Escorial - Spain) Using The Bat! v4.0.34.15 (ALPHA) on Windows XP 5.1 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello all, Monday, October 20, 2008, MAU wrote: I think I will not ignore it, at least for the moment. thebat.exe is protected against cracking and seems NOD32 detects this, even I have ESET Smart Security virusbase 3537 and have no warning about exe. -- Bye Marek Mikus Czech support of The Bat! http://www.thebat.cz Using the best The Bat! 4.0.34.13 under Windows XP 5.1 Build 2600 Service Pack 3 with MyMacros,XMP,AnotherMacros, AntispamSniper v 3.0.1.2 Notebook Toshiba, Core2 Duo 1.83 GHz, 4 GB RAM Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello Mackley, Maybe it's only an anti-crack protection with encryption, so I think it's a false positive. It probably is but, since it is the first time I get such (or similar) warning), I'd like to hear what RIT guys have to say about it. -- Best regards, Miguel A. Urech (El Escorial - Spain) Using The Bat! v4.0.34.15 (ALPHA) on Windows XP 5.1 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello MAU, When downloading completes I get a warning from NOD32 antivirus saying that it is probably a modified variant of Win32/Packed.Themida. This thread may be of interest: http://www.wilderssecurity.com/showthread.php?t=184840 -- Best regards, Miguel A. Urech (El Escorial - Spain) Using The Bat! v4.0.34.15 (ALPHA) on Windows XP 5.1 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello Marek, I think I will not ignore it, at least for the moment. thebat.exe is protected against cracking and seems NOD32 detects this, even I have ESET Smart Security virusbase 3537 and have no warning about exe. In my first message I said when downloading completes. So, what NOD32 is analysing with module IMON (for POP3 and HTTP) is the HTTP download of the rar file, and it gives the warning because I have the ThreatSense option Potentially undesirable applications (translated from Spanish) selected. This is the warning I get: Time: 20/10/2008 15:49:59 Module: IMON Object: Compressed archive Name: http://www.ritlabs.com/download/files3/the_bat/beta/tb403416.rar Warning: Probably a modified variant of Win32/Packed.Themida If I deselect the above mentioned option, I don't get the warning. It is the first time I get any warning when downloading a tb.rar file, so there must be something new and unique to this one. I get the warning with virusbases 3537 and 3538. But then, if I scan thebat.exe, I get no warning. So, go figure! -- Best regards, Miguel A. Urech (El Escorial - Spain) Using The Bat! v4.0.34.16 (ALPHA) on Windows XP 5.1 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html