Author Topic: UPX false positives  (Read 4229 times)

0 Members and 1 Guest are viewing this topic.

Offline NoWhereMan

  • Newbie
  • *
  • Posts: 3
UPX false positives
« on: January 15, 2006, 05:00:24 PM »
Hi,

I really love Avast Home Edition, and I always suggest it to all of my friends. It's installed on the totality of my pcs, and has completely replaced any yellow (*erm*) Internet Security (*cough* ;D) suite.

Today I was scanning my sistem and I found it was reporting many trojans; first I removed them; then I discovered they were just UPX packed executables.

Can I suggest the team, as UPX is afaik opensource, to implement an autounpack-feature, so that the engine can read the unpacked executable sign?
 
I used to work with Multimedia Builder ( www.mediachance.com ) a multimedia authoring tool: the player is UPXed; today the scanner was reporting all of my compiled files as trojans  :P

In order to make this piece of software even better, the best of the best in malware retrieving and removing, and a must-have to everybody, I hope you'll be able to do something about this.

best wishes,

NoWhereMan

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: UPX false positives
« Reply #1 on: January 15, 2006, 05:03:40 PM »
***

Welcome to the forums, NoWhereMan!    :)

Hopefully, one of the Avast team members can help you solve that problem soon.    :)


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline NoWhereMan

  • Newbie
  • *
  • Posts: 3
Re: UPX false positives
« Reply #2 on: January 15, 2006, 05:10:51 PM »
thanx :)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11802
    • AVAST Software
Re: UPX false positives
« Reply #3 on: January 15, 2006, 05:18:29 PM »
Such an unpacker is, of course, implemented - but it has nothing to do with the false positive presence or absence.
What is the exact name of the virus reported, and what is the exact filename? Can you submit the file to virus@avast.com, preferably packed by ZIP or RAR, protected with a password?

Offline NoWhereMan

  • Newbie
  • *
  • Posts: 3
Re: UPX false positives
« Reply #4 on: January 15, 2006, 05:47:47 PM »
Maybe the file I have is compiled with an older version of the player; sending