Dakmp 0 Posted February 13, 2021 Share Posted February 13, 2021 (edited) want to know if it is a virus or not. For me works to do the job. VAG-K+CAN Commander.zip Edited February 13, 2021 by Dakmp Link to comment Share on other sites More sharing options...
Dakmp 0 Posted February 13, 2021 Author Share Posted February 13, 2021 New file VAG-K_CAN_Commander_1[X].4.zip Link to comment Share on other sites More sharing options...
itman 1,538 Posted February 13, 2021 Share Posted February 13, 2021 (edited) If you have doubts about Eset's detection, submit the downloaded .zip file here: https://www.virustotal.com/gui/ Multiple AV solutions will scan it and render their verdicts. Edited February 13, 2021 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 4,694 Posted February 13, 2021 Administrators Share Posted February 13, 2021 The detection is correct. 47/71 detections: https://www.virustotal.com/gui/file/ea69c09b51fda25107d9926d7d033f4e25f5374ec0dd2b1bc4a9867a7b19b932/detection Link to comment Share on other sites More sharing options...
Dakmp 0 Posted February 14, 2021 Author Share Posted February 14, 2021 The results Eset show are very different on VirusTotal and when it's installed on my pc. The version of Eset Internet Security on VirusTotal looks unrelated or unofficial. Link to comment Share on other sites More sharing options...
Dakmp 0 Posted February 14, 2021 Author Share Posted February 14, 2021 (edited) Apparently Themida is a anti-cheating protector, not a virus. Can you shed some light on the matter? https://www.wilderssecurity.com/threads/win32-packed-themida.184840/ I don't want Eset taking control of my computer just because. Edited February 14, 2021 by Dakmp Link to comment Share on other sites More sharing options...
itman 1,538 Posted February 14, 2021 Share Posted February 14, 2021 Here's a thread from 2007 on the Themida issue: https://www.wilderssecurity.com/threads/win32-packed-themida.184840/ . It starts with this comment: Quote I'm a developer in Oreans Technologies and we have developed Themida to protect applications against cracking. We are receiving many complain from our clients saying that NOD32 reports their applications as potential thread (Win32/Packed.Themida) Yesterday, we contacted ESET about this issue and today we just got an email saying the following: and ends with this comment from Eset: Quote Important information for developers of the legitimate applications who intend to use Themida or similar protectors:http://www.avertlabs.com/research/blog/index.php/2009/05/28/who-digs-the-elephant-trap/ quote "If you feel that you really must use an obfuscating protector at least digitally sign your files." The anti-malware companies expect the developers which use the abused protectors to properly identify their files. The properly filled VERSION INFO and a valid DIGITAL SIGNATURE are required. It's your choice to use or not use this app. If you want to use it and accept the risk of doing so, create an Eset real-time exclusion for the Eset detection for the app. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,694 Posted February 14, 2021 Administrators Share Posted February 14, 2021 In this case the detection is not due to Themida packer per se. The above complaint from Oreans was addressed years ago and applications protected with Themida are not detected as malware. Link to comment Share on other sites More sharing options...
Dakmp 0 Posted February 21, 2021 Author Share Posted February 21, 2021 So it's because is not digitally signed when Themida is in place? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,694 Posted February 21, 2021 Administrators Share Posted February 21, 2021 It's protected by Themida using a leaked license. Link to comment Share on other sites More sharing options...
Recommended Posts