Nod32 sayes that my Dll contains a virus but It doesn't

Hello

This Dll does not contain any virus or trojan at all.
GoldenOSD.dll
-goldendvb.webs.com/GoldenOSD/GoldenOSD_2.55.zip-
But Nod32 sayes that probably a variant of Win32/Genetik
All the other antivirus say it dosen't contain any virus!
~VirusTotal link removed per Policy~
How can you be sure of that?
1st
unpack GoldenOSD.dll using UPXShell, the new file size will be about 1.5 MB.
2nd
Resacn again with NOD32, Result is no virus at all.
3rd
pack it again with UPXShell, file size will be about 450 KB.
Rescan again with nod32, Result probably a trojan.

Can you fix this please?

 

Thank you Mr ronjor
I will report it.

thanks again
Regards

 

Have you tried several settings of upx?

This upxshell? seems rather old...
http://upxshell.sourceforge.net/

try the latest upx itself (command console!) and try some other compression rates - might fix the problem!
http://upx.sourceforge.net/

 

Hello Mr. Brummelchen

Yes I tried upxshell with all options.

Tried upx with these options compress better, compress faster and force compression of suspicious files.
Sorry I didn't mention that the file was packed with UPX.

Tried ASProtect, the result was ok with nod32 and the well known antivirus as well;
But it was terrible with 6 other antivirus.
So I preferred to use upx or upxshell

Here is a link to last version which was packed and ok with nod32
hxxp://goldendvb.webs.com/GoldenOSD/GoldenOSD_2.49.zip

Thanks in advance
Regards

 

Using of the run-time packers has more disadvantages than benefits.
Packed files takes longer time to start because they must be unpacked 2 times. First time by anti-virus and second time prior to running. The OS Loader generally cannot progressively load a packed executable. Situation is very bad with heavily packed executables.
In the case an executable contains a suspicious looking code adding a run-time packer may cause to evaluate it more strictly.
The packed executable is distributed in a ZIP archive. It is packed 2 times. I expect if you put an uncompressed DLL there, the size of the ZIP archive will be very similar.

 

depends - for older machines its a bit difficult to judge - faster loading from
slower hdd and less ram due that doubled file in ram. or slower loading with
less ram use. on newer machines (4-6 years) there is not really a difference.
in the beginning of usb-sticks faster and less bytes loading was recommended too,
but nowerdays? actual a protection is IMO only useful for commercial software.
and some really brand new products for 32&64 bits in one file compression
is not possible or only with special runtime packers. (see Defraggler/CCleaner)

 

Thank you very much
I check it today, and every thing is ok now
Many thanks to all NOD32 team work.

Best regards