[WT-support] AVG and Themida

Steve Wilson, G3VMW steve at g3vmw.demon.co.uk
Tue Nov 3 00:56:02 CET 2009 

In message <mailman.1605.1257203475.1610.support at win-test.com>, 
support-request at win-test.com writes
>On Mon, Nov 2, 2009 at 1:39 PM, Steve Wilson, G3VMW <steve at g3vmw.demon.co.uk
>> wrote:
>
>> However, one major additional complication with both wt.exe and
>> wt_dev.exe for WT 4.2 was that even when I told AVG 9 to ignore the
>> perceived virus threat, neither file would run on my Win XP PC. They
>> both flagged a windows error suggesting I didn't have the permissions to
>> run the file(s).
>>
>
>AVG does that.  It somehow marks the file as "not executable".  You might be
>able to fix that manually by adding an AVG exception as described by LA8AW
>today, or by uninstall and reinstall, or by removing it from quarantine or
>by selecting the "Properties" of the wt.exe file and making sure it is not
>marked "Execute = Deny".  Deleting AVG will also restore normal operation of
>WT.EXE
>
>This link<https://www.virustotal.com/analisis/ac6b83c7dbb93960166b7ec8848f270103cd355375b9a334993066d5b698a16f-1256057346>from
>http://www.VirusTotal.com shows that 7 out of 41 anti-virus scanners,
>including AVG, are mistakenly flagging WT 4.2 as a Virus due to the new
>packing algorithm being used.
>
>Here's an old thread<http://www.wilderssecurity.com/showthread.php?t=184840>describing
>the problem.
>
>73,
>Bob, N6TV

Bob,

Thanks for your prompt, informative reply and the interesting links. I 
wasn't aware that AVG marked suspect files non-executable despite you 
telling the program to ignore the virus warning! I guess a safe option 
though?

I take the reflector messages in digest form so I've only just seen 
LA8AW's AVG exception posting, which I will try. AVG 9.0 has a slightly 
different user interface, but I've found the relevant exception areas 
and will report back.

One thing more and this concerns Themida, which I've checked on. Does 
the description of Themida below tie in with recent WT developments?

If so, it seems to be something deliberately introduced into Win-Test to 
prevent the program from being cracked by software hackers? That being 
the case, it seems that AVG isn't reporting anything incorrectly?

Themida
-------
Powerful Windows Software Protector. Designed for software developers 
who wish to protect their applications against advanced reverse 
engineering and software cracking. SecureEngine??® is an innovating and 
revolutionary technology for protecting Microsoft Windows applications 
against modern cracking. Its architecture and design is a completely new 
idea, never seen before on the security-world. SecureEngine??® has been 
designed with a different approach to avoid this common scenario. Its 
code is running on the same level with the operating system (kernel) 
with all privileges enabled. That allows executing any kind of 
protection technique without being restricted by the operative system. 
On the other hand, current cracker tools are unable to detect, study and 
attack protection routines that have designed and implemented to run in 
the same level (kernel). This innovative technology is compatible with 
all popular Windows versions, 98, ME, 2000, XP and 2003.

------

And this...

Themida is an application that protects and hides the nature of trojan 
infections. While Themida itself is not a trojan or a virus, etc.

Have I understood this correctly and Win-Test has been given the Themida 
treatment?

Kind regards

-- 
Steve Wilson, G3VMW
Bramham, Wetherby, West Yorkshire

More information about the Support mailing list