Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - arjays

Pages: [1]
1
Bugs & Feature Requests / Re: Bit Che doesn't update scripts any more and only BTMon seems to work.
« on: August 06, 2011, 10:46:21 am »
Oddly enough, I've been having the opposite problem... everything works EXCEPT for BTMON...  I "see" the torrent, I click on it, but... BitChe can't access it (let alone download it)... I'm guessing a "handshake" problem??

2
Bugs & Feature Requests / Re: My next problem..
« on: October 26, 2009, 04:03:40 pm »
I contacted AVG, and their responses were, at best, "scripted" (and practically useless).

Whether or not "SPECIAL.EXE" was/is actually "packed" by FSG is effectively immaterial.  The key point is that AVG thinks it is, and "flags" it, accordingly.

The "thing" is that AVG doesn't currently have the capability to "decompress" an FSG-packed module, so it can't "scan" it, so... it "flags" it, and puts the ball in "our court"...

The bottom line is that FSG-packed s/w are "suspect", in that they MAY be (or contain) malware... or not.  In the case of THIS "special.exe", the correct seems to be "not".  At least, one hopes....

FWIW, I found the following post on CNET, which explains "packing" quite well.

runtime packed fsg
by ManicWaldo - 5/10/09 3:03 AM In reply to: How dangerous is "runtime packed fsg" by auto78900
"Runtime Packed FSG" is not dangerous at all, not in any shape, manner or form. It's a "signature" that a particular program was used in making the file. It's a program designed to "pack" a program (.exe, etc) into a smaller size. FSG = Fast Small Good.

Now why does it show up in AV software?

Because malicious code writers use it frequently to:

1. pack their virus/malware executable files
2. make it harder for AV software to unpack the file and look for malicious code

It was used in legitimate programs also, but not much anymore because there are new and better packers available. And some not so legitimate, such as key generators made for software theft.

So what the Anti-Virus program is saying, "I don't know for sure if this is anything bad, but it was packed with a program that is often used to pack virii. So use at your own risk."

Since "runtime packed fsg" is not malware or a virus or anything bad in and of itself, you won't find much clear information about it. All the AV software is identifying is the fact that a "packer" program called "FSG" was used.

Here's an example of one of the latest greatest packers in legitimate use:

PECompact

PECompact compresses Windows modules (EXE, DLL, SCR, etc..) substantially, while leaving them able to be run just as before. At runtime, compressed modules are rapidly decompressed in memory. Smaller (<50%) size usually means quicker load time. PECompact generally compresses files much smaller than if they had been compressed by modern data compression software such as RAR.


Pages: [1]