Dakmp 0 Posted February 13, 2021 Posted February 13, 2021 (edited) want to know if it is a virus or not. For me works to do the job. VAG-K+CAN Commander.zip Edited February 13, 2021 by Dakmp
Dakmp 0 Posted February 13, 2021 Author Posted February 13, 2021 New file VAG-K_CAN_Commander_1[X].4.zip
itman 1,801 Posted February 13, 2021 Posted February 13, 2021 (edited) If you have doubts about Eset's detection, submit the downloaded .zip file here: https://www.virustotal.com/gui/ Multiple AV solutions will scan it and render their verdicts. Edited February 13, 2021 by itman
Administrators Marcos 5,453 Posted February 13, 2021 Administrators Posted February 13, 2021 The detection is correct. 47/71 detections: https://www.virustotal.com/gui/file/ea69c09b51fda25107d9926d7d033f4e25f5374ec0dd2b1bc4a9867a7b19b932/detection
Dakmp 0 Posted February 14, 2021 Author Posted February 14, 2021 The results Eset show are very different on VirusTotal and when it's installed on my pc. The version of Eset Internet Security on VirusTotal looks unrelated or unofficial.
Dakmp 0 Posted February 14, 2021 Author Posted February 14, 2021 (edited) Apparently Themida is a anti-cheating protector, not a virus. Can you shed some light on the matter? https://www.wilderssecurity.com/threads/win32-packed-themida.184840/ I don't want Eset taking control of my computer just because. Edited February 14, 2021 by Dakmp
itman 1,801 Posted February 14, 2021 Posted February 14, 2021 Here's a thread from 2007 on the Themida issue: https://www.wilderssecurity.com/threads/win32-packed-themida.184840/ . It starts with this comment: Quote I'm a developer in Oreans Technologies and we have developed Themida to protect applications against cracking. We are receiving many complain from our clients saying that NOD32 reports their applications as potential thread (Win32/Packed.Themida) Yesterday, we contacted ESET about this issue and today we just got an email saying the following: and ends with this comment from Eset: Quote Important information for developers of the legitimate applications who intend to use Themida or similar protectors:http://www.avertlabs.com/research/blog/index.php/2009/05/28/who-digs-the-elephant-trap/ quote "If you feel that you really must use an obfuscating protector at least digitally sign your files." The anti-malware companies expect the developers which use the abused protectors to properly identify their files. The properly filled VERSION INFO and a valid DIGITAL SIGNATURE are required. It's your choice to use or not use this app. If you want to use it and accept the risk of doing so, create an Eset real-time exclusion for the Eset detection for the app.
Administrators Marcos 5,453 Posted February 14, 2021 Administrators Posted February 14, 2021 In this case the detection is not due to Themida packer per se. The above complaint from Oreans was addressed years ago and applications protected with Themida are not detected as malware.
Dakmp 0 Posted February 21, 2021 Author Posted February 21, 2021 So it's because is not digitally signed when Themida is in place?
Administrators Marcos 5,453 Posted February 21, 2021 Administrators Posted February 21, 2021 It's protected by Themida using a leaked license.
Recommended Posts