Hi,
I was recently informed that the latest version of Avast anti-virus was turning up a warning/suspiciion about the 40H programs. This was NOT corroborated by AVG and many other A/V programs.
However I investigated it further and found out that a compacting program that I have been using (exe32pack.exe) for many years without prior incident, was the cause of the problem. I removed it, and recompiled all 80 programs. The new executables have all passed analysis by all the 50+ A/V programs on virustotal.com (an excellent site).
The download site is
http://www.hoflink.com/~npollock/chess.html
-Norm
An important message to users of 40H utility tools
Moderators: hgm, Rebel, chrisw
-
- Posts: 1056
- Joined: Thu Mar 09, 2006 4:15 pm
- Location: Long Island, NY, USA
-
- Posts: 1091
- Joined: Wed Jul 23, 2014 4:30 pm
- Location: Bretagne
Re: An important message to users of 40H utility tools
Hi,
Many thanks for your tools !
Avira anti virus was always warning me with the previous version of 40H and put all the files in quarantine. (this was still true few weeks ago).
Now I'm with Trend Micro internet security, and I downloaded the new version of 40H utility tools.
I launched a scan and no problem was detected with the new anti virus.
So, many thanks !
Many thanks for your tools !
Avira anti virus was always warning me with the previous version of 40H and put all the files in quarantine. (this was still true few weeks ago).
Now I'm with Trend Micro internet security, and I downloaded the new version of 40H utility tools.
I launched a scan and no problem was detected with the new anti virus.
So, many thanks !
Brittany from the sky :
https://youtu.be/nR9eU_tVbxE
https://youtu.be/nR9eU_tVbxE
-
- Posts: 4833
- Joined: Sun Aug 10, 2008 3:15 pm
- Location: Philippines
Re: An important message to users of 40H utility tools
Thanks.
I can't access the link so far.
I can't access the link so far.
-
- Posts: 1056
- Joined: Thu Mar 09, 2006 4:15 pm
- Location: Long Island, NY, USA
Re: An important message to users of 40H utility tools
Based on virustotal.com two days ago, only about 1 in 11 anti-virus programs consider "exe32pack.exe" to be a potential threat. It supposedly could be used to clandestinely hide a virus/malware. And as mentioned with Avira, Avast also puts threats into quarantine.
Check out virustotal.com . Every download should be analyzed there before use. If this incident teaches us one thing, it is that you should not just go by 1, 2 or 3 anti-virus programs, it is better to go by 50+.
The compacting program was used to compact each executable from 5M to 1M. When first used, hard drives had much smaller capacity so that was a factor. Now I'm assuming everyone has at least a 500G drive and file size is not an issue.
Ironically, the 5M executable loads and executes faster because the 1M had to also unpack itself before execution. Another irony is that the "7z" files used to download are 60% smaller even though the individual files are 500% bigger.
Check out virustotal.com . Every download should be analyzed there before use. If this incident teaches us one thing, it is that you should not just go by 1, 2 or 3 anti-virus programs, it is better to go by 50+.
The compacting program was used to compact each executable from 5M to 1M. When first used, hard drives had much smaller capacity so that was a factor. Now I'm assuming everyone has at least a 500G drive and file size is not an issue.
Ironically, the 5M executable loads and executes faster because the 1M had to also unpack itself before execution. Another irony is that the "7z" files used to download are 60% smaller even though the individual files are 500% bigger.
-
- Posts: 2559
- Joined: Fri Nov 26, 2010 2:00 pm
- Location: Czech Republic
- Full name: Martin Sedlak
Re: An important message to users of 40H utility tools
This is the reason why I stopped using executable compressors a long time ago.Norm Pollock wrote:Based on virustotal.com two days ago, only about 1 in 11 anti-virus programs consider "exe32pack.exe" to be a potential threat. It supposedly could be used to clandestinely hide a virus/malware. And as mentioned with Avira, Avast also puts threats into quarantine.
Unfortunately packers are very popular among idiots who write malware.
AV vendors have to maximize true positive/false positive ratio, they also need to scan fast, this is why I guess they detect by signature in this case.
Even when using heuristics it's impossible to emulate several layers of "protection" in time budget (you can't spend a minute scanning a single executable), also it's possible to fool emulators.
This is why it becomes more and more popular to use behavioral analysis as well which can bypass any such protection.
The drawback is that this dynamic analysis only triggers when you run the process and when it does something suspicious.
-
- Posts: 268
- Joined: Sun Apr 24, 2011 12:33 am
Re: An important message to users of 40H utility tools
First time I read about exe32pack.exe, searching with google, I can't find the official website, also it seems an old program
If you want to use an excutable packer, I recommend UPX --> http://upx.sourceforge.net/ it's open source, I dont know if AV detect as virus but it does the job compressing the .exe files
If you want to use an excutable packer, I recommend UPX --> http://upx.sourceforge.net/ it's open source, I dont know if AV detect as virus but it does the job compressing the .exe files
-
- Posts: 593
- Joined: Sat Aug 20, 2011 9:43 am
Re: An important message to users of 40H utility tools
UPX also triggers anti-virus programs. Komodo was using upx during it's recent 9.3 release and a number of people wrote saying it caused their anti-virus program to reject the file.tttony wrote:First time I read about exe32pack.exe, searching with google, I can't find the official website, also it seems an old program
If you want to use an excutable packer, I recommend UPX --> http://upx.sourceforge.net/ it's open source, I dont know if AV detect as virus but it does the job compressing the .exe files