Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Lamer (Read 3136 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Lamer

There's a new version of the (100%) Lamer frontend, BUT my F-prot virusscanner says it's a suspicious file ("could be infected with an unknown virus") :confused:

Anybody wants to download the new Lamer and scan it with his/her virusscanner?

Link: http://www.1oo-percent.de/lamer/

Lamer

Reply #1
I downloaded the latest version (1.20 beta), and McAfee VirusScan didn't complain when I run it.

Probably just a false alarm in your case.

Lamer

Reply #2
My Norton AV didn't detect anything suspicious about it.

Lamer

Reply #3
Thanx a lot! I'm going to try Lamer right away. Always liked it. But the guy also calls himself Devil, so I was in doubt...

Lamer

Reply #4
I did a quick check on the lamer.exe file. F-PROT reports it because it's probably compressed with some unknown PE-EXE compressor. The code entrypoint (RVA) is at the end of the file and it has imports to critical system functions that trojans/viruses often use (Winsock access, registry access). I will unpack it this evening and have a deeper look at the code.

But honestly, if someone wanna hide a virus or trojan code in a normal program, the possibilities are virtually unlimited. I wish there would be good behaviour blocker for Windows. :-(


bye, Skeeve