Nod32 sayes that my Dll contains a virus but It doesn't

Discussion in 'ESET NOD32 Antivirus' started by tarek dahb, Mar 13, 2010.

Thread Status:
Not open for further replies.
  1. tarek dahb

    tarek dahb Registered Member

    Joined:
    Mar 13, 2010
    Posts:
    4
    Hello

    This Dll does not contain any virus or trojan at all.
    GoldenOSD.dll
    -goldendvb.webs.com/GoldenOSD/GoldenOSD_2.55.zip-
    But Nod32 sayes that probably a variant of Win32/Genetik
    All the other antivirus say it dosen't contain any virus!
    ~VirusTotal link removed per Policy~
    How can you be sure of that?
    1st
    unpack GoldenOSD.dll using UPXShell, the new file size will be about 1.5 MB.
    2nd
    Resacn again with NOD32, Result is no virus at all.
    3rd
    pack it again with UPXShell, file size will be about 450 KB.
    Rescan again with nod32, Result probably a trojan.

    Can you fix this please?
     
    Last edited by a moderator: Mar 13, 2010
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
  3. tarek dahb

    tarek dahb Registered Member

    Joined:
    Mar 13, 2010
    Posts:
    4
    Thank you Mr ronjor
    I will report it.

    thanks again
    Regards
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Thank you Mr tarek dahb. :)
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
  6. tarek dahb

    tarek dahb Registered Member

    Joined:
    Mar 13, 2010
    Posts:
    4
    Hello Mr. Brummelchen

    Yes I tried upxshell with all options.

    Tried upx with these options compress better, compress faster and force compression of suspicious files.
    Sorry I didn't mention that the file was packed with UPX.

    Tried ASProtect, the result was ok with nod32 and the well known antivirus as well;
    But it was terrible with 6 other antivirus.
    So I preferred to use upx or upxshell

    Here is a link to last version which was packed and ok with nod32
    hxxp://goldendvb.webs.com/GoldenOSD/GoldenOSD_2.49.zip

    Thanks in advance
    Regards
     
    Last edited: Mar 14, 2010
  7. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Using of the run-time packers has more disadvantages than benefits.
    Packed files takes longer time to start because they must be unpacked 2 times. First time by anti-virus and second time prior to running. The OS Loader generally cannot progressively load a packed executable. Situation is very bad with heavily packed executables.
    In the case an executable contains a suspicious looking code adding a run-time packer may cause to evaluate it more strictly.
    The packed executable is distributed in a ZIP archive. It is packed 2 times. I expect if you put an uncompressed DLL there, the size of the ZIP archive will be very similar.
     
  8. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    depends - for older machines its a bit difficult to judge - faster loading from
    slower hdd and less ram due that doubled file in ram. or slower loading with
    less ram use. on newer machines (4-6 years) there is not really a difference.
    in the beginning of usb-sticks faster and less bytes loading was recommended too,
    but nowerdays? actual a protection is IMO only useful for commercial software.
    and some really brand new products for 32&64 bits in one file compression
    is not possible or only with special runtime packers. (see Defraggler/CCleaner)
     
  9. tarek dahb

    tarek dahb Registered Member

    Joined:
    Mar 13, 2010
    Posts:
    4
    Thank you very much:-*
    I check it today, and every thing is ok now:thumb:
    Many thanks to all NOD32 team work.

    Best regards
     
Thread Status:
Not open for further replies.