Results 1 to 5 of 5

Thread: i'm gone lost my mind ...(Kaspersky)

  1. #1
    Euclides
    Guest

    i'm gone lost my mind ...(Kaspersky)

    OS:WinXP
    more than 6 days i'm working on this project. and still i can't found "The Problem"
    i want to write just a very simple exe packer.
    my packer works very good but "Kaspersky Ant-Virus" occurr "Suspicious code alert"

    Why why why stupid antivirus doing this to me ?

    it was another stange thing.
    when i was added a new and totaly empty section an existing file,it was occurred the same error "Suspicious code"
    hey there is no code !
    how could be some thing "Suspicious" if there is no exist

    the same "stupid program" occurr NOTHING when files packed with y0da's cryptor.

    i have soruce of y0da's cryptor but i'm still desperate straits

    -HELP ! HELP !
    -Is anybody hear my scream ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Howdy,

    You have answered your own question.
    Think about this, What makes code look suspicious ?
    You cannot add empty sections. Kas looks at this and see's a problem.
    What is the problem ? >>there is nothing there<< Must be bad !!!

    Since most people run a anti-V, you need to find out what bad code you have written.

    As I think about this, remember how many people/companies tell you to shut off your ant-V before running their utils ??
    Look into this. You will probably find out what is causing you these problems.

    Woodmann

  3. #3
    lifewire
    Guest
    did you set the entryrva in the pe header to your new created section? that is suspicious too. especially when your new created section is the last section and has notcode and writable flags.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    lifewire,

    using apvx, from z0mbie, unpack the .avc till you find the w32 heuristics obj.

    then disasm with IDA

    ancev

  5. #5
    lifewire
    Guest
    yes ancev, i knew that, very nice also the special .obj's per virus name can be very interesting
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Kaspersky - fake av.
    By Indy in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: December 31st, 2013, 14:49
  2. Replies: 8
    Last Post: May 5th, 2011, 08:53
  3. New interesting Kris Kaspersky books...
    By gadget in forum Off Topic
    Replies: 2
    Last Post: February 8th, 2003, 13:21
  4. lost W32Dasm file
    By UrgeOverKill in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: November 14th, 2001, 12:35
  5. lost on unpacking, need hints
    By UnpAckEr_SplAj in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: July 11th, 2001, 16:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •