17 February 2008

About Packer.XComp.A false positive as Virus listed in AntiVirus Databases

Hello it's me again Packer.XComp.A, BitDefender was give me this Name on 13. Feb. 2008 and mark me to be a Virus his Friend Ikarus was follow a few days later. I am one year old, my true name is XComp/XPack I'm a freeware PE32-imagefile packer/rebuilder please analyze me again and pack random Files.exe

Im a FREEWARE EXE PACKER my Name is Xcomp I am 1 Year old and this is the story how BitDefender via VirusTotal called me to be a Virus with the name Packer.XComp.A on 13 Feb 2008.rar
If I am a Virus your name is Johann the butler and your analysis is wrong.
I'm here: soft-lab.de/JoKo/ExePack.htm
Don't touch me if you belief I am dangerous or want any outgoing or incoming network connections. I don't want anything online cause I'm done to make big files smaller. Maybe my heuristic is a little bit high but not more as UPX in version > 1.9
Someone did some terrible tests with me. Believe it or not but they was unpack some files done with PECompact using the option to injected/select a dll and some other packers (my Memory requirement are not very high so I forgot if there was commercial Packers between). A pe explorer tool show after unpacking: "Warning! Import section follows the Resource section." After that I have compressed the unpacked files and ignored the warning "this file is already packed with PECompact,... and others", there was some rests inside left by unpacking. Later some wrong signatures with other packer names was come to my packed output files (it' wasn't me) and finally got submitted to VirusTotal. What was follow you can figure out. The AV results played crazy by every different signature shown a different result.
At this time no one was known or read the news by VirusTotal by them blog page, that they possible forward all files and results (experimenting include). That was the end as my signature as packer/compressor was end up in the list of viruses. I'm sorry for that tests but that was not me as packer alone.
I did my job to pack the files as little tool XComp.
I was a subject to test AntiVirus Software but they forgot to care about anonymity.

Maybe you can now imaginate why I am in the positive Virus Database by packer name Packer.XComp.A even if I do not have or produce any kinds of viruses as packer/compressor freeware tool. I think I am wrong on place there.


Post a Comment

We would appreciate if you as readers of our blog, show us some feedback by signing up to this site with Friend Connect.
This will encourage us to publish updates in the future.


Dentoo.info - Hosting - Offering seedboxes and seedbox solutions


MoDs - BRD Push 2 Check Projects News all on one Page
Subscribe to rss feed! Powered By Blogger Creative Commons —
 Attribution-Noncommercial-No Derivative Works 1.0 Generic
GFC Accessibly Test

Site Stats Public Google Analytics stats

We respect your privacy. Your email address will never be shared with others.

My IP Address