Anyone got GAV's unpackers?

From the last solid release of Gladiator Anti-Virus?

Or the last full zip of the GAV program itself?

I want to take them and stick them in TDS-3 - they were the most comprehensive set of un-packers I've ever seen in one place and worked a treat.

(Lost my copy of GAV when my HD went down - but I was a contributor to the program while it was around). Pete

 

I have the last version( i believe ) backed up on HD. Its 3.75Mb.... too big for my lil hotmail acct. Where can I upload it for you?

jrsjkd

BTW, if you need it bad, gotta get to me by the end of today since I leave for vaction in Maui early tues morning.

 

Hi Pete,

I really doubt whether that will help you (but of course I can be wrong).

TDS-3 needs its own way to add un-packers.
You can read more about it at the Help-file, chapter:
"Unpack Compressed EXEs".

In the past there were a few threads about it in general at the private forum.
We are not allowed to quote from or give links to the private forum here.
If you like, you could do a search at the private board (I don't have the links to these old threads).

(Anyhow, be prepared to spend a lot of time on this. )

 

Let me explain.

When I had GAV and would run it, its' unpackers would "open" a lot more things than would normally get opened by any of my other programs.

The reason I know this is because NOD32, especially, would come up with new alerts (AMON follows along with other scanners - you can watch it as the other program scans - it scans the same files simultaneously that the other program does, because those files are being opened).

I believe the same holds true when you run a GAV scan when TDS-3 is running with exe.prot enabled.

Of course, it (GAV's un-packers) would also cause a little flakiness sometimes (for instance a program or two might pop open even though you didn't call it up), but I can live with that.

I just thought it was neat that it allowed access to the "guts" of programs ordinarily not scanned because of the way they were packed.

The fact that GAV isn't supported anymore (no updates) doesn't matter - it still scans everything, and it's that scanning with the multiple unpackers that allows the other defensive programs that are running concurrently access to the otherwise un-packed files.

jrsjkd - Thanks for the offer and check your PM's here. We're talking about the original ZIP installation file for the last beta version, right?

Jan - Yes, thank you, sir, I know I can probably accomplish as much that way (and perhaps should, for the learning experience if nothing else). And if this doesn't work out, it's probably exactly what I'll do.

Unless, of course, TDS-4 is coming with a lot more unpackers built-in from the get-go. Pete

 

Splitted out of NOD32 V2 Thread Heuristics/Unpack

Posted by Gladiator_AV:

KAV has here a BIG ADVANCE against all other opponents.
KAV has also excelent Installer Packages (Wiseinstaller, Installshield) scanning. No other Scanner has this (except KAV based engines)

Posted by Shooter:

Michael, I agree.. KAV does has the best unpackers at this point... That's not even debatable as far as I'm concerned.


http://www.dslreports.com/forum/remark,7121059~mode=flat?hilite=GAV+unpack


http://www.dslreports.com/forum/remark,6915605~mode=flat

 

Exactly! Pete

*Darn - that was two years ago

**Thanks for moving the thread to somewhere more appropriate - I was pretty wasted by the time I posted it last night! Pete

 

Whoa! No "stealing" in any way shape or form here, thank you!

My request here is merely for a copy of a now un-supported program I purchased via "donation" that I lost through a HD crash.

Just wanted to keep that straight. Pete

 

Can someone please tell me where my post has gone?

I seems to me that someone assumed that there was anything wrong with my post. I am puzzled since my post was 100% o.k. Legit. Legal. Everything. No copyright violation. Nothing.

Please explain.

 

I dunno, rat-pack, I never got to see it. Either register and PM me and tell me what you posted or contact me at one of the points on my profile. Pete

 

The post explained how legit owners of Kaspersky can prevent the scanner from locking and deleting the files which have been unpacked by the unpacking engine. It is legally permissible to prevent Kaspersky from deleting the unpacked files since the necessary trick does not involve reverse engineering of any kind.

The benefit of this procedure is that the unpacked files can be scanned with a different scanner like TDS or ewido. This will result in increased security because hackers start to immunize their malware against Kaspersky.

In principle, Kaspersky should voluntarily provide such unpacking option to its customers.

 

@Paul

Since this is your forum I will comply. But I am almost certain that there is a big misunderstanding on your side. We are NOT talking about any sort of cracking or the use of pirated software here. KAV will remain completely untouched.

Sure. The KAV guys may not like it because it's a little bit embarassing that users don't trust their signatures anymore. But they have absolutely no right in the world to prohibit me or anyone else from doing this.

Therefore, I am really puzzled why you act in this way and (at the same time) acknowledge the result being beneficial to the user. The appropriate way would be asking me to explain the trick in more detail (via PM) so that you can decide whether it's legit or not.

 

Anyone ever heard of "thread hi-jacking" ?

Not cool.

Paul, if need be, you have my permission to delete the entire thread (I'm the one that started it after all). Pete

 

@Spy

O.k. I don't like thread hi-jacking either. Sorry. I thought you may be interested in the KAV UP as well.

I will start a new topic (@ dslreports).

Moreover, I suggest to be careful in respect of the GAV UP. I believe to remember a story which says that the GAV scanner may be exploited so that will act as a "virus distribution machine". I am not sure whether this relates to the scan engine or, more likely, the unpacking engine. I believe the UP used unpacking with the help of breakpoints (?) But again. I am not 100% sure.

 

when you're talking about gav unpackers also remember the vulnerability andreas haak found in the unpacking engine, i think it was posted here @wilders too..

i have many versions of gaav, including many beta engines

 

And what was wrong with GAV antivirus? Why can't I download it now?

 

I am the GAV knowledgable one and when you posted this same request in the Gladiator Open Forum I moved your post out of that open forum for the same reason. This Board will now have all kinds of off the wall comments and post all because you wanted a copy. i also told you there we would help you out on that since it was you.. as a favor and that is happening.

Why you thought it best then to also post the request in other forums..is your business..but since google is the friend of many forums..now your post here is also going to draw many more reuests for the same..forcing the Wilder's forum to be a clearing house for a need you had which could have been at best a private request..
If you think about it Pete had I left your post in the open forum..by now 20 or more people would also be asking for a copy and why they can not get one.

I can tell them 5 or more reason why they would not even want it at this point..and the reason you presented for wanting it again will in the end cause more problems than it is worth having installed..unless you are still only interested in telling all the current AV/AT vendors that GAV upacked such and such..then their Program missed it..I am not into that kind of stuff..but if you are looking for some unpackers then head over to xtools or google and you can have a ball.

You did not do Wilders any favors making that post.

 

Code:

GAV no longer exists - development as well as downloads have been ended by the developer.

regards.

paul 

Why? It seems to be a good antivirus. (I downloaded some older version)

 

You are welcome