Mesaje recente

Members
Stats
  • Total Posts: 17,786
  • Total Topics: 1,234
  • Online today: 320
  • Online ever: 320
  • (Today at 19:51)
Users Online
Users: 0
Guests: 290
Total: 290

nelamurire win32/Packed.Themida

Started by add_1981, 19 January 2008, 13:11

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

add_1981

salutari!
Sper ca nu am postat gresit  :D .
Ieri am downloadat o aplicatie la care NOD32 s-a facut rosu si a zis ca e "probably a variant of Win32/Packed.Themida application" si l-a trimis in carantina.
Am "googlit" problema si am descoperit ca "Themida" e un soft de protectie anti-hack, anti-crack...
Am pus aplicatia respectiva pe 'virustotal' la scanat - doar 3 programe (printre care si NOD) l-au vazut cu problema Themida; restul Kav, AVG etc nu au zis nimic.
Am downloadat aplicatia respectiva din mai multe locatii, dar NOD tot zice ca e infectata.

Pana la urma respectiva aplicatie este infectata sau doar protejata de Themida?

Chipicao

http://www.wilderssecurity.com/showthread.php?t=184840
QuoteI'm a developer in Oreans Technologies and we have developed Themida to protect applications against cracking.
(...)
We know that there are lots of malware protected with Themida (unfortunately), but there is no reason to suppose that all software protected with Themida is malware. An ellegant solution would be to really inspect the file on memory and detect if the file is malware or not, and not just detecting as malware when packed with Themida.

Pe de o parte poate fi o greseala a lui NOD, pe de alta parte poate fi un malware protejat cu Themida. :unsure: Despre ce aplicatie e vorba? eu zic sa incerci s-o downloadezi din alta parte si vezi daca NOD detecteaza iar.

Verifica cu mai mult iantivirusi, poti uploada fisierul pe http://www.virustotal.com/
μή μου τούς κύκλους τάραττε

add_1981

voi face un log de HijackThis inainte si unul dupa instalarea aplicatiei si o sa vad daca apare ceva in rau plus...

Foxter

Sau instalezi Arovax Shield.  O sa sara in sus daca face ceva suspect programul.
True Knights stand tall / Their shields defend the people / Their swords strike and avenge / The honor of all.

add_1981

Multumesc pt link. Am pus Arovax si nu a zis nimic cand am instalat si pornit aplicatia.
Partea ciudata e ca nici NOD-ul meu, nici cel de pe www.virustotal.com nu au mai zis nimic de infectie.
Poate pentru ca atunci cand era in carantina i-am dat "submit for analysis" ?

Chipicao

Poate s-au trezit cei de la NOD si au lansat un update intre timp...
μή μου τούς κύκλους τάραττε