[Lazarus] virus note about 0.9.28.2 package?

José Mejuto joshyfun at gmail.com
Fri May 28 18:46:06 CEST 2010


Hello Lazarus-List,

Friday, May 28, 2010, 6:09:36 PM, you wrote:

>> FMdC>  On Thu, May 27, 2010 at 11:29 PM, José
>> Mejuto<joshyfun at gmail.com>  wrote:
>>>> Get the MD5, SHA1 or SHA256 signature and check in
>>>> http://www.virustotal.com Most popular files have been already
>>>> checked. They currently run 39 AV engines.
>> FMdC>  Information:
>> FMdC>  No results found for that hash.
>>
>> :( Right, max. file size is 20 MB, so nobody can send the whole
>> packet. The only one solution is to send it recompressed in ZIP
>> removing .pas, .inc and other non-virus wise files.
wk> i tried to touch on this with my comment about scanners that check _all_ files
wk> and find strings in them that match their sigs... my example was strings in
wk> emails...

Yes, you are right. Anyway in order to stay in the safe side I had
compressed a zip with all "executable" files, like bat, exe, dll,
etc.. in a single ZIP file and I'm currently submitting it to
virustotal... I have to way a few minutes to get the results (my
upload is quite slow)... Problem is that the "suspicious" does not
show the offending file/s but seems that they are the UPX packed ones.

[Sorry spanish text]
-----------------------------------------------------------------
Análisis del archivo lz.zip recibido el 2010.05.28 16:35:06 (UTC)
Resultado: 3/39 (7.7%)

Motor antivirus         Versión         Última actualización    Resultado
a-squared               4.5.0.50        2010.05.10      -
AhnLab-V3               2010.05.28.01   2010.05.28      -
AntiVir                 8.2.1.242       2010.05.28      -
Antiy-AVL               2.0.3.7         2010.05.26      -
Authentium              5.2.0.5         2010.05.28      -
Avast                   4.8.1351.0      2010.05.28      -
Avast5                  5.0.332.0       2010.05.28      -
AVG                     9.0.0.787       2010.05.28      -
BitDefender             7.2             2010.05.28      -
CAT-QuickHeal           10.00           2010.05.28      (Suspicious) - DNAScan
ClamAV                  0.96.0.3-git    2010.05.28      -
Comodo                  4942            2010.05.25      -
DrWeb                   5.0.2.03300     2010.05.28      -
eTrust-Vet              35.2.7516       2010.05.28      -
F-Prot                  4.6.0.103       2010.05.28      -
F-Secure                9.0.15370.0     2010.05.28      -
Fortinet                4.1.133.0       2010.05.28      -
GData                   21              2010.05.28      -
Ikarus                  T3.1.1.84.0     2010.05.28      -
Jiangmin                13.0.900        2010.05.28      -
Kaspersky               7.0.0.125       2010.05.28      -
McAfee                  5.400.0.1158    2010.05.28      -
McAfee-GW-Edition       2010.1          2010.05.28      -
Microsoft               1.5802          2010.05.28      -
NOD32                   5154            2010.05.28      -
Norman                  6.04.12         2010.05.27      -
nProtect                2010-05-28.01   2010.05.28      -
Panda                   10.0.2.7        2010.05.28      Suspicious file
PCTools                 7.0.3.5         2010.05.28      -
Rising                  22.49.04.04     2010.05.28      -
Sophos                  4.53.0          2010.05.28      -
Sunbelt                 6369            2010.05.28      -
Symantec                20101.1.0.89    2010.05.28      -
TheHacker               6.5.2.0.288     2010.05.27      -
TrendMicro              9.120.0.1004    2010.05.28      PAK_Generic.001
TrendMicro-HouseCall    9.120.0.1004    2010.05.28      -
VBA32                   3.12.12.5       2010.05.28      -
ViRobot                 2010.5.20.2326  2010.05.28      -
VirusBuster             5.0.27.0        2010.05.28      -

-- 
Best regards,
 José





More information about the Lazarus mailing list