amaranti Posted June 7, 2012 Share Posted June 7, 2012 (edited) HiFor an average computer user like me itś nearly impossible to know what is what so I decided to try and ask the experienced.If I understood it right, a packer is often recognized by virus-detectors as a malware although its not definitive the case. I wanted to install a software, 2 of itś files were defined by clamAv as a PUA.Win32.Packer.Upolyx-5 / PUA.Win32.Packer.Anti-4. Is it really a malware, is there a way I can find it out? probably I sound naive but how do you estimate the chance that these packer is really infected?ThanksAmaranti Edited June 7, 2012 by amaranti Link to comment Share on other sites More sharing options...
Nacho_dj Posted June 8, 2012 Share Posted June 8, 2012 Try at least with another AV if possible to confirm there is a malware inside your files. There is the possibility of a false positive.Anyway, there are good tools to detect lots of packers, like ProtectionId, RDG Packer Detector, PEiD... it would be a good idea trying also these tools on your files to get a more complete information.Good luckNacho_dj Link to comment Share on other sites More sharing options...
chickenbutt Posted June 8, 2012 Share Posted June 8, 2012 AVs are signature engines, some with ineffective real-time monitoring(HIPS). This is likely a false-positive, but you won't know till you analyze it through RCE or sandbox differentials. Link to comment Share on other sites More sharing options...
amaranti Posted June 8, 2012 Author Share Posted June 8, 2012 Thanks for your answers! ClamAv was the only AV , out of 42, in Virustotal´s website wich reported a malware.I run PEiD and it detected: UPX 0.80 - 1.24 DLL -> Markus & LaszloSo I still don´t know if it´s safe or not, what would you do in such a case? somehow I have to further analyze it, or simply trust and install it... (or start studying your tutorials here...) Link to comment Share on other sites More sharing options...
kao Posted June 8, 2012 Share Posted June 8, 2012 So I still don´t know if it´s safe or not, what would you do in such a case?If in doubt - run it in a Sandboxie or inside virtual machine like VMWare."PUA" means Potentially Unwanted Application. Something that standard office user never needs on his computer. It does not mean that software is malicious."Win32.Packer" means that antivirus detected a suspicious packer that is rarely (or never) used in proper commercial software. It does not mean that software is malicious.Last but not least - if only one AV is detecting it on VirusTotal, it's a pretty good sign indicator of False Positive. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now