Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: NoWhereMan on January 15, 2006, 05:00:24 PM

Title: UPX false positives
Post by: NoWhereMan on January 15, 2006, 05:00:24 PM
Hi,

I really love Avast Home Edition, and I always suggest it to all of my friends. It's installed on the totality of my pcs, and has completely replaced any yellow (*erm*) Internet Security (*cough* ;D) suite.

Today I was scanning my sistem and I found it was reporting many trojans; first I removed them; then I discovered they were just UPX packed executables.

Can I suggest the team, as UPX is afaik opensource, to implement an autounpack-feature, so that the engine can read the unpacked executable sign?
 
I used to work with Multimedia Builder ( www.mediachance.com ) a multimedia authoring tool: the player is UPXed; today the scanner was reporting all of my compiled files as trojans  :P

In order to make this piece of software even better, the best of the best in malware retrieving and removing, and a must-have to everybody, I hope you'll be able to do something about this.

best wishes,

NoWhereMan
Title: Re: UPX false positives
Post by: CharleyO on January 15, 2006, 05:03:40 PM
***

Welcome to the forums, NoWhereMan!    :)

Hopefully, one of the Avast team members can help you solve that problem soon.    :)


***
Title: Re: UPX false positives
Post by: NoWhereMan on January 15, 2006, 05:10:51 PM
thanx :)
Title: Re: UPX false positives
Post by: igor on January 15, 2006, 05:18:29 PM
Such an unpacker is, of course, implemented - but it has nothing to do with the false positive presence or absence.
What is the exact name of the virus reported, and what is the exact filename? Can you submit the file to virus@avast.com, preferably packed by ZIP or RAR, protected with a password?
Title: Re: UPX false positives
Post by: NoWhereMan on January 15, 2006, 05:47:47 PM
Maybe the file I have is compiled with an older version of the player; sending