Hi. I have problem with Avast 8.0.1483.
I'm using trainer created by CheatEngine6.2 and Avast shows message about virus:
"Win32:Evo-gen [Susp]"
- first problem:I tried to add this EXE to exclude list:
*\Trainer.exe
*\Trainer.exe|[Embedded_R#DECOMPRESSOR]
But still, I can not launch trainer. Avast just ignore my exclude list.
- second problemCurrently, all CE6.2 trainers are made like this:
- files: .cetrainer, few .dll, one .exe , are compressed with zlib into ARCHIVE
- and there is DECOMPRESSOR file (standalonephase2.dat file inside installed cheatengine dir) - this file, when launched, will decompress ARCHIVE and execute final EXE
- ARCHIVE and DECOMPRESSOR are embedded into final EXE (standalonephase1.dat file)
So, standalonephase1.dat file with changed icon, name and with embedded ARCHIVE and DECOMPRESSOR is final product. For example as gameName_trainer.exe
On end-user side, it looks like this:
1) When user launch gameName_trainer.exe, embedded data:ARCHIVE and DECOMPRESSOR, are saved inside temp dir (F:\temp\cetrainers\CET28.tmp\),
ARCHIVE as CET_Archive.dat and
DECOMPRESSOR as gameName_trainer.exe (yes, the same name)
2) then DECOMPRESSOR (gameName_trainer.exe) decompresses CET_Archive.dat into "extracted" folder
3) inside "extracted" there are: .dll, .lua and exe file (with the same name: gameName_trainer.exe)
But, AVAST treats DECOMPRESSOR as malware. You could say: "you downloaded trainer from untrusted site". Well, I made that trainer and I know what it is exactly doing. And CheatEngine is an "open source GPL" application.
I even tried to compile DECOMPRESSOR myself with current Lazarus version 1.0.8. The same result.
Here is DECOMPRESSOR:
http://code.google.com/p/cheat-engine/source/browse/trunk/Cheat+Engine/sfx/level2as you see, here
http://code.google.com/p/cheat-engine/source/browse/trunk/Cheat+Engine/sfx/level2/main.pasThere is nothing suspicious.
Thanks for any help.