unpacking errors.

Hi Folks.

Lately when i scan with Nod32 i get 2 unpacking errors.

One is,

My Recieved Files\Installs\regseeker.zip>ZIP>DCSMUTEX.DLL>PECompact v1.68-unpack error

and,

Wormguard\wguninst.dll>PECompact v1.67-unpack error.

I have had both these apps. for a long time and never noticed this before when i scanned.

I also have 4 other locked files but that is self explanatory so i don't concern myself with that.

Are those unpacking errors anything to be concerned about?

If so how do i go about fixing it?

thanks.


snowbound

 

Sounds like we now know what NOD32's Generic unpacking engine is!

http://www.collakesoftware.com/

No idea why your getting the error though, but thanks tipoff on it, was wondering what unpacker they used.

 

PECompact is not the NOD32 unpacking engine - PECompact is an exe packer.

This message probably indicates that NOD32 identified that these file are packed with PECompact v1.68 but failed to unpack it.
Maybe it was packed using a different/modified version of PECompact.

Since both of these files (wguninst.dl & DCSMUTEX.DLL) are from DiamondCS - maybe Gavin or Wayne have something to tell us

 

PE-Pack licenses an unpacker too, which is why I suspected they used it based on those errors. But hey, who knows until NOD32 responds.

 

Collake Software doesn't license any kind of unpacker as it goes against one of the main reasons of using PeCompact. anyway i agree with Gpdev you should wait for Gavin's comment on this. though i don't think they used any modified PeCompact as this is illegal. probably the Eset guys updated the PeCompact unpacker which wasn't backward compatible.

 

Or maybe NOD sees it as PE unpacker but it is not, could be a DCS proprietary packer with similarities.

We'll have to await DCS's response

Just guessing - Pilli

 

Its a custom version of the packer, you should simply ignore the unpack error since you know these files are clean

Modifying the header AFTER a file has been patched is a common problem these days, so that unpackers dont work anymore. This is an area for the NOD32 team to keep an eye on, I'd guess up to 50% of malware I see these days has been header-patched (AV's detect them as PE_Patch)

 

Thanks for that Gavin.

Iam not very knowledgable when it comes to these kinds of things.

Since u say it is nothing to worry about that is what i will do.


snowbound