I guess you guys know Unlocker (http://ccollomb.free.fr/unlocker/). In older versions of this program the author packed the exe with [x]MEW11 and UPack (http://dwing.go.nease.net) but now he had to release the program unpacked.
{QUOTE->
Unlocker 1.6.1 - 10/05/2005

- Filtered modules locked by processes to only list DLLs
- Unlocker.exe is not packed anymore. Since even MEW was reported as a false positives with poor products such as Norman anti-virus and BOClean anti-trojan. Sad but true.
<-QUOTE}
I know that it is not necessary to pack the program to distribute it, but the funny thing is AVs detecting files packed with MEW11 and UPack as virus.

For example, i packed notepad.exe with MEW11 and UPack and submitted to VirusTotal and here are the (FPs) results:


MEW11

Fortinet 2.27.0.0 05.18.2005 suspicious
Ikarus 2.32 05.18.2005 Backdoor.Win32.Wootbot.AM
Norman 5.70.10 05.16.2005 W32/MEWpacked.gen
Sybari 7.5.1314 05.18.2005 W32/MEWpacked.ge



UPack

Fortinet 2.27.0.0 05.18.2005 suspicious


McAfee reported files packed with UPack as virus since version 0.10. Guess they "finally" fixed after some months.

My question is why does this happen?

I don't know what the author of this program thinks but any program packed with MEW would be suspicious to me too. I'll take it as a big plus if such a file is reported by an antivirus.



tECHNODROME

Just because virus author compress their virus with MEW that doesn't mean that MEW can not be used to pack normal programs.

And i think it is not a very professional atitude to flag all files packed with MEW as virus instead of unpacking and analysing the unpacked file.

I bet there is a better way to compress your program by not using common malware compression methods.

NVC reports it as packed and not necessary infected. In cases like this, further investigation is recommended. Such a report is very valuable to user who cares about security.



tECHNODROME