Re: Infected? (was:4.0.34.16)
Hello Marek, >> I think I will not ignore it, at least for the moment. > > thebat.exe is protected against cracking and seems NOD32 detects this, even > I have ESET Smart Security virusbase 3537 and have no warning about exe. In my first message I said "when downloading completes". So, what NOD32 is analysing with module IMON (for POP3 and HTTP) is the HTTP download of the rar file, and it gives the warning because I have the ThreatSense option "Potentially undesirable applications" (translated from Spanish) selected. This is the warning I get: Time: 20/10/2008 15:49:59 Module: IMON Object: Compressed archive Name: http://www.ritlabs.com/download/files3/the_bat/beta/tb403416.rar Warning: Probably a modified variant of Win32/Packed.Themida If I deselect the above mentioned option, I don't get the warning. It is the first time I get any warning when downloading a tb.rar file, so there must be something new and unique to this one. I get the warning with virusbases 3537 and 3538. But then, if I scan thebat.exe, I get no warning. So, go figure! -- Best regards, Miguel A. Urech (El Escorial - Spain) Using The Bat! v4.0.34.16 (ALPHA) on Windows XP 5.1 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello all, Monday, October 20, 2008, MAU wrote: > I think I will not ignore it, at least for the moment. thebat.exe is protected against cracking and seems NOD32 detects this, even I have ESET Smart Security virusbase 3537 and have no warning about exe. -- Bye Marek Mikus Czech support of The Bat! http://www.thebat.cz Using the best The Bat! 4.0.34.13 under Windows XP 5.1 Build 2600 Service Pack 3 with MyMacros,XMP,AnotherMacros, AntispamSniper v 3.0.1.2 Notebook Toshiba, Core2 Duo 1.83 GHz, 4 GB RAM Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello Mackley, > Maybe it's only an anti-crack protection with encryption, so I think > it's a false positive. It probably is but, since it is the first time I get such (or similar) warning), I'd like to hear what RIT guys have to say about it. -- Best regards, Miguel A. Urech (El Escorial - Spain) Using The Bat! v4.0.34.15 (ALPHA) on Windows XP 5.1 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello Alain, >> Any ideas or suggestions? > > Ignore it ? I think I will not ignore it, at least for the moment. -- Best regards, Miguel A. Urech (El Escorial - Spain) Using The Bat! v4.0.34.15 (ALPHA) on Windows XP 5.1 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
I've scan it with Agnitum Outpost Security Suite Pro 2009 (with integrated antivirus/antimalware): no reports. I've uploaded thebat.exe on VirusTotal and I get: "Win32.Malware.gen!92 (suspicious)" by SecureWeb-Gateway "Sus/ComPack" by Sophos "W32/Behav-Heuristic-064" by TheHacker NOD32 with "3537" virus definitions = no results. Maybe it's only an anti-crack protection with encryption, so I think it's a false positive. I'll install it -- Mackley Italy Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello MAU, On Mon, 20 Oct 2008 at 12:25:34 [GMT +0200] (which was 12:25 where I live) you wrote: >> The Bat! 4.0.34.16 (ALPHA) is available at > When downloading completes I get a warning from NOD32 antivirus saying > that "it is probably a modified variant of Win32/Packed.Themida". Same here, I extract and retest it, no more warning. NOD32 version 3537 (20081020) NT > Any ideas or suggestions? Ignore it ? -- Regards, Alain :aggy: :flag-france: The Bat! 4.0.34.16 (ALPHA) Windows XP 5.1 Build 2600 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Infected? (was:4.0.34.16)
Hello MAU, > When downloading completes I get a warning from NOD32 antivirus saying > that "it is probably a modified variant of Win32/Packed.Themida". This thread may be of interest: http://www.wilderssecurity.com/showthread.php?t=184840 -- Best regards, Miguel A. Urech (El Escorial - Spain) Using The Bat! v4.0.34.15 (ALPHA) on Windows XP 5.1 Service Pack 3 Current beta is 4.0.34.16 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html