Jump to content

Demo Considered Malware Cos Of Packer


spencers

Recommended Posts

Can't get log file to post :(

This superb, award-winning Farbrausch demo is flagged as malware (Malware Packer Krunchy)

............

So sad to see Anti-Malware go the way of so many other AVs i.e. using perfectly legitimate exe packers as an indication of malware.

Check out this awesome demo and see how fundamentally wrong it is for anti-malware to be flagging it up just because of packer used.

I won't be recommending Anti-Malware to my clients (as I have done over the last few years) now things have taken such an erroneous turn for the worst.

Looks like we're heading down the AVG and Avast! stupidly overzealous path... shame.

I MEAN HOW LAZY IS IT, TO ASSUME MALWARE JUST BECAUSE OF AN EXE PACKER? LAME...

fr-041_debris.rar

Link to post
Share on other sites

  • 2 years later...

There was more to this than just the packer, you can verify this by noting the lack of other FP reports for this packer. The author made more than one mistake that triggered a heuristic hit but now that we know of this program it will no longer be detected.

 

Hello, I just went Googling for information on Malware.Packer.Krunchy (the flagged result I just got on several zipped folders) and came across this thread.  The text I've bolded in the above quote isn't accurate -- it's obviously several years later now, and your software is still flagging Farbrausch demos as malware.  Please see the below screenshot:

 

 

g4ja2lby.png

 

When I looked at the files in question, and opened the internal 'readme' text files to find out what they were (this is an old archived section of my HDD; it's got a lot of stuff I don't remember on it), I came up with the following:

 

* Information on each individual demo file (stuff talking about its inception, known problems, inspiration, issues with development, etc.)

* Links to the farbrausch website (here)

* Links to the specific project relating to the files I had (here)

* E-mail addresses for contacting them (hotline@farb-rausch.com and fanmail@farb-rausch.com)

 

All of the "fr" files listed in the above screenshot are from the same group.

 

Further researching online shows that this isn't the only AV/anti-malware program to pick up FB demos because of the packer that they use, which I assume is kkrunchy, explained in great detail here.

 

Personally this doesn't bother me -- considering I can't even remember why I have those files, I'm happy to delete them anyway.  But on the off-chance that all this is legit, I figured I'd resurrect this thread and appeal to you, and hopefully give the FB guys a break from all these false positives.

 

If there's another reason those files are being flagged -- some other alarming feature of the demos that you genuinely feel you need to warn users about -- I completely understand, though an explanation would be great.  Otherwise, this is just fyi. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.