关于卡巴斯基对EXECryptor某些泄露Key版本的封杀 - 新博客http://hi.baidu.com/playboyjin

<< 公布一套网安06年VIP免杀教程全集(31节) | 首页 | MSDN 绿色版 >>

2007-06-03

关于卡巴斯基对EXECryptor某些泄露Key版本的封杀 - [脱壳]

版权声明：转载时请以超链接形式标明文章原始出处和作者信息及本声明
 http://playboyjin.blogbus.com/logs/5634403.html

EXECryptor V2.2.5 曾经有key被公开，可以注册V2.0-V2.2.5.b4等版本

而杀软中卡巴斯基对这些EXECryptor版本加壳的文件一律封杀

网上遛达，搜索了一些资料，感觉这是卡巴斯基和EXECryptor的“合作”成果

[Copy to clipboard] [ - ]

CODE:

Kaspersky detect EXECRYPTOR??
If your program is legidimate, please send it to newvirus@kaspersky.com, it will be undetected. If its not than the dection will stay here.
If you are packing using a non-legidimate copy, it will be detected.
http://forum.kaspersky.com/index.php?showtopic=29937&mode=linear

QUOTE:

001	23.01.2007 05:49 Post #1
Newbie Group: Members Posts: 3 Joined: 23.01.2007 Member No.: 31007	Hello people i'm protect one DLL with execryptor and when finish KAV alert me what have virus in DLL how can be? see this: http://img65.imageshack.us/img65/6730/cagaste5cm.jpg

Whizard	23.01.2007 06:54 Post #2
Professional Group: Gold beta testers Posts: 8831 Joined: 19.11.2005 From: Toronto/Canada Member No.: 5933	If your program is legidimate, please send it to newvirus@kaspersky.com, it will be undetected. If its not than the dection will stay here. -------------------- Changelog Translator ~^Whizard^~

c4p0ne	23.01.2007 12:01 Post #3
Advanced Member Group: Members Posts: 166 Joined: 10.04.2005 Member No.: 237	Haha there's no way his file is legit if he's packing it with anything like execryptor! -------------------- "Cookies need love like everything does.." -Agent Smith

Whizard	23.01.2007 15:41 Post #4
Professional Group: Gold beta testers Posts: 8831 Joined: 19.11.2005 From: Toronto/Canada Member No.: 5933	You can make the argument both ways. I already told him what to do -------------------- Changelog Translator ~^Whizard^~

001	23.01.2007 19:54 Post #5
Newbie Group: Members Posts: 3 Joined: 23.01.2007 Member No.: 31007	QUOTE(Whizard @ 23.01.2007 06:54) If your program is legidimate, please send it to newvirus@kaspersky.com, it will be undetected. If its not than the dection will stay here. it is not necessary to do that, simply take any DLL and protect with execryptor and you see what I'm say This post has been edited by 1: 23.01.2007 19:54

bildos	23.01.2007 20:31 Post #6
Advanced Member Group: Gold beta testers Posts: 443 Joined: 22.09.2005 From: Romania, Transylvania Member No.: 4399	I asked about execryptor long time ago... :-) If unpack team still didn't realize "unpacker" for execryptor I'm really disappointed. This post has been edited by bildos: 23.01.2007 20:31 -------------------- http://www.freerainbowtables.com

Lucian Bara	23.01.2007 20:47 Post #7
Forum Elite Group: Gold beta testers Posts: 22149 Joined: 28.01.2006 From: Timisoara, Romania Member No.: 7989	QUOTE(1 @ 23.01.2007 04:49) Hello people i'm protect one DLL with execryptor and when finish KAV alert me what have virus in DLL how can be? see this: http://img65.imageshack.us/img65/6730/cagaste5cm.jpg hello does that happen only with that tmp file or with the completed crypted file too? -------------------- Kaspersky fan. Hardware details: Intel Pentium 4 Prescot 540(LGA) 3,2GHz overclock @3,6Ghz, Msi 915P Combo FR, 1024MB-DDR(2*512) 2.5-4-4-8, Leadtek PX6600 256MB GPU 300Mhz@350Mhz, Memory 500Mhz@600Mhz, Teac DV-W516GA, Leadtek tv2000 xp Expert, HDD 200GB Seagate SATA, HDD 200GB Western Digital Sata2. ---------------------------------------------------------------

TonyW	23.01.2007 23:08 Post #8
Advanced Member Group: Gold beta testers Posts: 935 Joined: 8.04.2005 From: Southport, UK Member No.: 76	QUOTE(bildos @ 23.01.2007 17:31) I asked about execryptor long time ago... :-) If unpack team still didn't realize "unpacker" for execryptor I'm really disappointed. Looks like it's being detected judging by that screenshot.

Whizard	23.01.2007 23:10 Post #9
Professional Group: Gold beta testers Posts: 8831 Joined: 19.11.2005 From: Toronto/Canada Member No.: 5933	If you are packing using a non-legidimate copy, it will be detected. -------------------- Changelog Translator ~^Whizard^~