Anyone got GAV's unpackers?

Discussion in 'other anti-virus software' started by spy1, Mar 21, 2004.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    From the last solid release of Gladiator Anti-Virus?

    Or the last full zip of the GAV program itself?

    I want to take them and stick them in TDS-3 - they were the most comprehensive set of un-packers I've ever seen in one place and worked a treat.

    (Lost my copy of GAV when my HD went down - but I was a contributor to the program while it was around). Pete
     
  2. jrsjkd

    jrsjkd Registered Member

    Joined:
    Feb 10, 2003
    Posts:
    3
    Location:
    LA
    I have the last version( i believe ) backed up on HD. Its 3.75Mb.... too big for my lil hotmail acct. Where can I upload it for you?

    jrsjkd

    BTW, if you need it bad, gotta get to me by the end of today since I leave for vaction in Maui early tues morning.
     
  3. FanJ

    FanJ Guest

    Hi Pete,

    I really doubt whether that will help you (but of course I can be wrong).

    TDS-3 needs its own way to add un-packers.
    You can read more about it at the Help-file, chapter:
    "Unpack Compressed EXEs".

    In the past there were a few threads about it in general at the private forum.
    We are not allowed to quote from or give links to the private forum here.
    If you like, you could do a search at the private board (I don't have the links to these old threads).

    (Anyhow, be prepared to spend a lot of time on this. ;) )
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Let me explain.

    When I had GAV and would run it, its' unpackers would "open" a lot more things than would normally get opened by any of my other programs.

    The reason I know this is because NOD32, especially, would come up with new alerts (AMON follows along with other scanners - you can watch it as the other program scans - it scans the same files simultaneously that the other program does, because those files are being opened).

    I believe the same holds true when you run a GAV scan when TDS-3 is running with exe.prot enabled.

    Of course, it (GAV's un-packers) would also cause a little flakiness sometimes (for instance a program or two might pop open even though you didn't call it up), but I can live with that.

    I just thought it was neat that it allowed access to the "guts" of programs ordinarily not scanned because of the way they were packed.

    The fact that GAV isn't supported anymore (no updates) doesn't matter - it still scans everything, and it's that scanning with the multiple unpackers that allows the other defensive programs that are running concurrently access to the otherwise un-packed files.

    jrsjkd - Thanks for the offer and check your PM's here. We're talking about the original ZIP installation file for the last beta version, right?

    Jan - Yes, thank you, sir, I know I can probably accomplish as much that way (and perhaps should, for the learning experience if nothing else). And if this doesn't work out, it's probably exactly what I'll do.

    Unless, of course, TDS-4 is coming with a lot more unpackers built-in from the get-go. Pete
     
  5. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Splitted out of NOD32 V2 Thread Heuristics/Unpack

    Posted by Gladiator_AV:

    KAV has here a BIG ADVANCE against all other opponents.
    KAV has also excelent Installer Packages (Wiseinstaller, Installshield) scanning. No other Scanner has this (except KAV based engines)

    Posted by Shooter:

    Michael, I agree.. KAV does has the best unpackers at this point... That's not even debatable as far as I'm concerned.


    http://www.dslreports.com/forum/remark,7121059~mode=flat?hilite=GAV+unpack


    http://www.dslreports.com/forum/remark,6915605~mode=flat
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Exactly! Pete

    *Darn - that was two years agoo_O

    **Thanks for moving the thread to somewhere more appropriate - I was pretty wasted by the time I posted it last night! Pete
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Whoa! No "stealing" in any way shape or form here, thank you!

    My request here is merely for a copy of a now un-supported program I purchased via "donation" that I lost through a HD crash.

    Just wanted to keep that straight. Pete
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    post in violation with our TOS removed - paul
     
  9. rat-pack

    rat-pack Guest

    Can someone please tell me where my post has gone?

    I seems to me that someone assumed that there was anything wrong with my post. I am puzzled since my post was 100% o.k. Legit. Legal. Everything. No copyright violation. Nothing.

    Please explain.
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I dunno, rat-pack, I never got to see it. Either register and PM me and tell me what you posted or contact me at one of the points on my profile. Pete
     
  11. chameleon1

    chameleon1 Guest

    The post explained how legit owners of Kaspersky can prevent the scanner from locking and deleting the files which have been unpacked by the unpacking engine. It is legally permissible to prevent Kaspersky from deleting the unpacked files since the necessary trick does not involve reverse engineering of any kind.

    The benefit of this procedure is that the unpacked files can be scanned with a different scanner like TDS or ewido. This will result in increased security because hackers start to immunize their malware against Kaspersky.

    In principle, Kaspersky should voluntarily provide such unpacking option to its customers.
     
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Legit KAV license owners are not the issue here.

    The result isn't questioned either - the principle is.

    No discussion as for registered KAV license owners; drop Eugene Kaspersky an email on this matter. In case other software becomes involved - as is the case in this thread - we are not talking chances on this board. In case Kaspersky publicly states there's no problem in the contents from your removed post, we won't have any problem in putting it up again either.

    regards,

    paul
     
  13. chameleon1

    chameleon1 Guest

    @Paul

    Since this is your forum I will comply. But I am almost certain that there is a big misunderstanding on your side. We are NOT talking about any sort of cracking or the use of pirated software here. KAV will remain completely untouched.

    Sure. The KAV guys may not like it because it's a little bit embarassing that users don't trust their signatures anymore. But they have absolutely no right in the world to prohibit me or anyone else from doing this.

    Therefore, I am really puzzled why you act in this way and (at the same time) acknowledge the result being beneficial to the user. The appropriate way would be asking me to explain the trick in more detail (via PM) so that you can decide whether it's legit or not.
     
  14. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Anyone ever heard of "thread hi-jacking" ?

    Not cool.

    Paul, if need be, you have my permission to delete the entire thread (I'm the one that started it after all). Pete
     
  15. chameleon1

    chameleon1 Guest

    @Spy

    O.k. I don't like thread hi-jacking either. Sorry. I thought you may be interested in the KAV UP as well.

    I will start a new topic (@ dslreports).

    Moreover, I suggest to be careful in respect of the GAV UP. I believe to remember a story which says that the GAV scanner may be exploited so that will act as a "virus distribution machine". I am not sure whether this relates to the scan engine or, more likely, the unpacking engine. I believe the UP used unpacking with the help of breakpoints (?) But again. I am not 100% sure.
     
  16. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    I'm aware KAV will remain untouched. The (legal) question is related to:

    I'm not that sure about your last sentence quited above - that's why I stated we do not take chances over on this board.

    Legal aspects and usefulnes to the user are in essence two different things.

    Well, let's have it ;)

    regards.

    paul
     
  17. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Apologies, Pete. At times threads take a different turn as is the case here.

    regards.

    paul
     
  18. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    when you're talking about gav unpackers also remember the vulnerability andreas haak found in the unpacking engine, i think it was posted here @wilders too..

    i have many versions of gaav, including many beta engines
     
  19. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    And what was wrong with GAV antivirus? Why can't I download it now?
     
  20. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    GAV no longer exists - development as well as downloads have been ended by the developer.

    regards.

    paul
     
  21. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    I am the GAV knowledgable one :D and when you posted this same request in the Gladiator Open Forum I moved your post out of that open forum for the same reason. This Board will now have all kinds of off the wall comments and post all because you wanted a copy. i also told you there we would help you out on that since it was you.. as a favor and that is happening.

    Why you thought it best then to also post the request in other forums..is your business..but since google is the friend of many forums..now your post here is also going to draw many more reuests for the same..forcing the Wilder's forum to be a clearing house for a need you had which could have been at best a private request..
    If you think about it Pete had I left your post in the open forum..by now 20 or more people would also be asking for a copy and why they can not get one.

    I can tell them 5 or more reason why they would not even want it at this point..and the reason you presented for wanting it again will in the end cause more problems than it is worth having installed..unless you are still only interested in telling all the current AV/AT vendors that GAV upacked such and such..then their Program missed it..I am not into that kind of stuff..but if you are looking for some unpackers then head over to xtools or google and you can have a ball.

    You did not do Wilders any favors making that post.
     
  22. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    John,

    As for GAV: if my memory serves me well, Michael is the first and foremost GAV knowledgeable ;)

    As for your comment, ending in:

    No offense intended - but that's up to us to decide. Thanks for expressing your personal opinion.

    regards.

    paul
     
  23. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    Code:
    GAV no longer exists - development as well as downloads have been ended by the developer.
    
    regards.
    
    paul 
    Why? It seems to be a good antivirus. (I downloaded some older version)
     
  24. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    kloshar,

    I - in fact no one - can provide all relevant info about this - apart from the software developer himself.

    regards.

    paul
     
  25. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    You are welcome :)
     
Loading...
Thread Status:
Not open for further replies.