[?]: anonym.to or false virus detection

O форуме и файлообменниках.
Правила (или почему могут забанить)
rpelle
Posts: 4
Joined: Sun Jul 17, 2011 1:29 pm

[?]: anonym.to or false virus detection

Post by rpelle »

Hi, i'm new to this great forum.
I've checked the pda pack here http://anonym.to/?http://www.virustotal.com to check the presence of viruses.
I'm alerted about viruses in these files:
* IbaAnalyzer-5.18.0 error 217 hotfix.exe
* ibaAnalyzer_e217_eDataExtractor_hotfix.exe
* ibapda.v6.24.6-unleashed-features.exe

:?:

-------------
A suggestion: to avoid external sites to discover this forum i suggest to use this service:
http://anonym.to/
without that, it is easy for the external sites to discover from where arrive their visitors...
example:
i don't link this http://www.virustotal.com
but i link this:
http://anonym.to/?http://www.virustotal.com

in this way, the website "virustotal" can't discover that their visitors arrives from this forum
Linkinx64
Posts: 894
Joined: Sun Apr 11, 2010 3:00 am
Location: Russia

Re: [?]: anonym.to

Post by Linkinx64 »

rpelle wrote:I'm alerted about viruses in these files:
* IbaAnalyzer-5.18.0 error 217 hotfix.exe
* ibaAnalyzer_e217_eDataExtractor_hotfix.exe
* ibapda.v6.24.6-unleashed-features.exe
These files are created with Diablo2002 Universal Patcher = packer.
Files made with this tool are detecting as malicious by some antiviruses.
Truth is that it is a file packer.
Features

* multiple file patcher
* programmable patch procedure
* offset patcher
* search and replace patcher
* text patcher
* registry patcher
* loader generator
* compare files (RawOffset and VirtualAddress) with different filesize
* attach files to patcher
* get filepaths from registry
* CRC32/MD5 and filesize checks
* patching packed files
* compress patcher with your favorite packer << this option are detecting as malicious by some antiviruses.
* save/load projects
* use custom skin in your patcher
* add music (Tracker Modules: xm,mod,it,s3m,mtm,umx,v2m,ahx,sid) to patcher
* multilanguage support
* and many more...
rpelle
Posts: 4
Joined: Sun Jul 17, 2011 1:29 pm

virus in the patch

Post by rpelle »

Is it possible to use a different patcher so we can test your patch without problems due to antivirus?
Linkinx64
Posts: 894
Joined: Sun Apr 11, 2010 3:00 am
Location: Russia

Re: [?]: anonym.to

Post by Linkinx64 »

I'm not planning to change patchtool at the moment. I'm satisfied with its functionality and do not see any malicious code inside of exe-files done with this tool. But if you can provide more evidences (rather than virus-checking with score 15/43) - I'll think about.

Patches provided "as is" and anyone use it for their own risk.

As an option you can run patches on virtual PC, patch dll in there and then bring patched dll on host OS.

P.S. At the first time the PDA Pack was delivered with .dll for manual replacement, later I've removed it in order to shrink archive size.
rpelle
Posts: 4
Joined: Sun Jul 17, 2011 1:29 pm

Re: [?]: anonym.to or false virus detection

Post by rpelle »

thank you for your reply, i've used the manual procedure (replace the DLL) for the pda and it is perfect, but it is not possible with the hotfix of ibaanalyzer.

can you tell me the file that hotfix ibaanalyzer target?

thank you very much
Linkinx64
Posts: 894
Joined: Sun Apr 11, 2010 3:00 am
Location: Russia

Re: [?]: anonym.to or false virus detection

Post by Linkinx64 »

Image

Default destination : C:\Program Files\iba\ibaAnalyzer

P.S. If you not use the Data Extractor feature and no data collected with previous cracked iba release (e.g. v6.18.2) - you don't have to fix ibaAnalyzer 5.18.0.