[WT-support] AVG and Themida

Steef PA2A pa2a at xs4all.nl
Wed Nov 4 01:10:28 CET 2009 

Steve,

I did a scan of the 4.2.0.exe of 14 Mbytes and no problem is shown after 
scanning with the 41 scanners. I can 't see your result anymore but I saw 
last morning the 7 alarms. Here is the link of my scan result:
https://www.virustotal.com/nl/analisis/7f4a1e7700faa0cec39a07b426ea313a613cdeef8e1c1aa9a323df29c8adf18c-1257292818

      Antivirus Versie Laatst geüpdatet Resultaat
      a-squared 4.5.0.41 2009.11.03 -
      AhnLab-V3 5.0.0.2 2009.11.03 -
      AntiVir 7.9.1.53 2009.11.03 -
      Antiy-AVL 2.0.3.7 2009.11.03 -
      Authentium 5.1.2.4 2009.11.03 -
      Avast 4.8.1351.0 2009.11.03 -
      AVG 8.5.0.423 2009.11.03 -
      BitDefender 7.2 2009.11.03 -
      CAT-QuickHeal 10.00 2009.11.03 -
      ClamAV 0.94.1 2009.11.04 -
      Comodo 2832 2009.11.04 -
      DrWeb 5.0.0.12182 2009.11.03 -
      eSafe 7.0.17.0 2009.11.03 -
      eTrust-Vet 35.1.7100 2009.11.03 -
      F-Prot 4.5.1.85 2009.11.03 -
      F-Secure 9.0.15370.0 2009.10.30 -
      Fortinet 3.120.0.0 2009.11.03 -
      GData 19 2009.11.03 -
      Ikarus T3.1.1.72.0 2009.11.03 -
      Jiangmin 11.0.800 2009.11.03 -
      K7AntiVirus 7.10.887 2009.11.03 -
      Kaspersky 7.0.0.125 2009.11.03 -
      McAfee 5791 2009.11.03 -
      McAfee+Artemis 5791 2009.11.03 -
      McAfee-GW-Edition 6.8.5 2009.11.03 -
      Microsoft 1.5202 2009.11.04 -
      NOD32 4570 2009.11.03 -
      Norman 6.03.02 2009.11.03 -
      nProtect 2009.1.8.0 2009.11.03 -
      Panda 10.0.2.2 2009.11.03 -
      PCTools 7.0.3.5 2009.11.03 -
      Prevx 3.0 2009.11.04 -
      Rising 21.54.14.00 2009.11.03 -
      Sophos 4.47.0 2009.11.04 -
      Sunbelt 3.2.1858.2 2009.11.03 -
      Symantec 1.4.4.12 2009.11.04 -
      TheHacker 6.5.0.2.059 2009.11.03 -
      TrendMicro 8.950.0.1094 2009.11.03 -
      VBA32 3.12.10.11 2009.11.03 -
      ViRobot 2009.11.3.2019 2009.11.03 -
      VirusBuster 4.6.5.0 2009.11.03 -
      Extra informatie
      File size: 14640592 bytes
      MD5...: 07151df3af4426d51dd514c308d68d6b


----- Original Message ----- 
From: "Steve Wilson, G3VMW" <steve at g3vmw.demon.co.uk>
To: <support at win-test.com>
Sent: Tuesday, November 03, 2009 12:56 AM
Subject: [WT-support] AVG and Themida


> In message <mailman.1605.1257203475.1610.support at win-test.com>,
> support-request at win-test.com writes
>>On Mon, Nov 2, 2009 at 1:39 PM, Steve Wilson, G3VMW 
>><steve at g3vmw.demon.co.uk
>>> wrote:
>>
>>> However, one major additional complication with both wt.exe and
>>> wt_dev.exe for WT 4.2 was that even when I told AVG 9 to ignore the
>>> perceived virus threat, neither file would run on my Win XP PC. They
>>> both flagged a windows error suggesting I didn't have the permissions to
>>> run the file(s).
>>>
>>
>>AVG does that.  It somehow marks the file as "not executable".  You might 
>>be
>>able to fix that manually by adding an AVG exception as described by LA8AW
>>today, or by uninstall and reinstall, or by removing it from quarantine or
>>by selecting the "Properties" of the wt.exe file and making sure it is not
>>marked "Execute = Deny".  Deleting AVG will also restore normal operation 
>>of
>>WT.EXE
>>
>>This 
>>link<https://www.virustotal.com/analisis/ac6b83c7dbb93960166b7ec8848f270103cd355375b9a334993066d5b698a16f-1256057346>from
>>http://www.VirusTotal.com shows that 7 out of 41 anti-virus scanners,
>>including AVG, are mistakenly flagging WT 4.2 as a Virus due to the new
>>packing algorithm being used.
>>
>>Here's an old 
>>thread<http://www.wilderssecurity.com/showthread.php?t=184840>describing
>>the problem.
>>
>>73,
>>Bob, N6TV
>
> Bob,
>
> Thanks for your prompt, informative reply and the interesting links. I
> wasn't aware that AVG marked suspect files non-executable despite you
> telling the program to ignore the virus warning! I guess a safe option
> though?
>
> I take the reflector messages in digest form so I've only just seen
> LA8AW's AVG exception posting, which I will try. AVG 9.0 has a slightly
> different user interface, but I've found the relevant exception areas
> and will report back.
>
> One thing more and this concerns Themida, which I've checked on. Does
> the description of Themida below tie in with recent WT developments?
>
> If so, it seems to be something deliberately introduced into Win-Test to
> prevent the program from being cracked by software hackers? That being
> the case, it seems that AVG isn't reporting anything incorrectly?
>
> Themida
> -------
> Powerful Windows Software Protector. Designed for software developers
> who wish to protect their applications against advanced reverse
> engineering and software cracking. SecureEngine??® is an innovating and
> revolutionary technology for protecting Microsoft Windows applications
> against modern cracking. Its architecture and design is a completely new
> idea, never seen before on the security-world. SecureEngine??® has been
> designed with a different approach to avoid this common scenario. Its
> code is running on the same level with the operating system (kernel)
> with all privileges enabled. That allows executing any kind of
> protection technique without being restricted by the operative system.
> On the other hand, current cracker tools are unable to detect, study and
> attack protection routines that have designed and implemented to run in
> the same level (kernel). This innovative technology is compatible with
> all popular Windows versions, 98, ME, 2000, XP and 2003.
>
> ------
>
> And this...
>
> Themida is an application that protects and hides the nature of trojan
> infections. While Themida itself is not a trojan or a virus, etc.
>
> Have I understood this correctly and Win-Test has been given the Themida
> treatment?
>
> Kind regards
>
> -- 
> Steve Wilson, G3VMW
> Bramham, Wetherby, West Yorkshire
> _______________________________________________
> Support mailing list
> Support at win-test.com
> http://www.f5mzn.org/cgi-bin/mailman/listinfo/support
>
>

More information about the Support mailing list