About fake virus detection of your packed/protected software
Posted: Wed May 25, 2005 1:21 am
It's a problem related to all packers/protectors. Virii authors use this kind of programs to hide their viruses, trojans etc.; because antivirus software makers find the virus and don't know that it was protected or packed, it will assume that the virus signature it's in fact some packed data inside the shell with which the packer envelope the application;
The problems with fake alarms comes few weeks after releasing the packer; soon, virii authors use the packer and release a new packed version of the virus; in time...as the anivirus companies find the packers with which the virus was packed/protected it will develop methodes to detect packed files from packed viruses.
You and your clients must use the newest signature database for the antivirus they use.
You must notice the antivirus company which made your antivirus if your packed/protected software is detected as a virus.
Check your packed exe here http://www.virustotal.com to see if it's detected as a virus;
greatz
CGSoftLabs
The problems with fake alarms comes few weeks after releasing the packer; soon, virii authors use the packer and release a new packed version of the virus; in time...as the anivirus companies find the packers with which the virus was packed/protected it will develop methodes to detect packed files from packed viruses.
You and your clients must use the newest signature database for the antivirus they use.
You must notice the antivirus company which made your antivirus if your packed/protected software is detected as a virus.
Check your packed exe here http://www.virustotal.com to see if it's detected as a virus;
greatz
CGSoftLabs