Jump to content

Recommended Posts

  • Dakmp changed the title to VAG K+CAN Commander detected as virus
Posted (edited)

If you have doubts about Eset's detection, submit the downloaded .zip file here: https://www.virustotal.com/gui/

Multiple AV solutions will scan it and render their verdicts.

Edited by itman
Posted

The results Eset show are very different on VirusTotal and when it's installed on my pc. The version of Eset Internet Security on VirusTotal looks unrelated or unofficial.

Posted

Here's a thread from 2007 on the Themida issue: https://www.wilderssecurity.com/threads/win32-packed-themida.184840/ . It starts with this comment:

Quote

I'm a developer in Oreans Technologies and we have developed Themida to protect applications against cracking. We are receiving many complain from our clients saying that NOD32 reports their applications as potential thread (Win32/Packed.Themida)

Yesterday, we contacted ESET about this issue and today we just got an email saying the following:

and ends with this comment from Eset:

Quote

Important information for developers of the legitimate applications who intend to use Themida or similar protectors:
http://www.avertlabs.com/research/blog/index.php/2009/05/28/who-digs-the-elephant-trap/
quote "If you feel that you really must use an obfuscating protector at least digitally sign your files."

The anti-malware companies expect the developers which use the abused protectors to properly identify their files. The properly filled VERSION INFO and a valid DIGITAL SIGNATURE are required.

It's your choice to use or not use this app. If you want to use it and accept the risk of doing so, create an Eset real-time exclusion for the Eset detection for the app.
 
  • Administrators
Posted

In this case the detection is not due to Themida packer per se. The above complaint from Oreans was addressed years ago and applications protected with Themida are not detected as malware.

Posted

So it's because is not digitally signed when Themida is in place?

  • Administrators
Posted

It's protected by Themida using a leaked license.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...