Author Topic: My next problem..  (Read 13321 times)

Immortalis

  • Guest
My next problem..
« on: March 20, 2009, 11:35:21 am »
Downloaded Bit Che from the home page link, installed it and AVG reports the following...


"C:\Documents and Settings\Immortalis\Application Data\Convivea\Bit_Che\scripts\special.exe"                 ;"Runtime packed fsg"

I understand what it is, my question is... is this really a false positive or should I be worried? Should special.exe even exist in the scripts dir?

I did read the post about Anti Virus software, but that seems to deal more with Norton and Bit_Che.exe.
« Last Edit: March 20, 2009, 11:39:38 am by Immortalis »

Offline Bovski

  • Head Cider Tester
  • Hero Member
  • *****
  • Posts: 673
  • Karma: +189/-0
  • High Five Me
    • View Profile
    • Warez The Index
Re: My next problem..
« Reply #1 on: March 20, 2009, 01:21:59 pm »
special.exe is needed to log into some sites if you just use public sites you don't technically need it.

It's basically a webbrowser that captures the cookies for bit che.

Yes it belongs in the scripts directory.

I'm, not convinced its packed with fsg(Fast Small Good) but if you check out virus totals results of it then you will see all the major Virus checkers think its good.

http://www.virustotal.com/analisis/ab62b9b8b8f21379dce5ce0bbd930af7
« Last Edit: March 20, 2009, 01:30:12 pm by Bovski »

Immortalis

  • Guest
Re: My next problem..
« Reply #2 on: March 20, 2009, 03:24:32 pm »

Ok... thank you again very much!

Offline arjays

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
Re: My next problem..
« Reply #3 on: October 26, 2009, 04:03:40 pm »
I contacted AVG, and their responses were, at best, "scripted" (and practically useless).

Whether or not "SPECIAL.EXE" was/is actually "packed" by FSG is effectively immaterial.  The key point is that AVG thinks it is, and "flags" it, accordingly.

The "thing" is that AVG doesn't currently have the capability to "decompress" an FSG-packed module, so it can't "scan" it, so... it "flags" it, and puts the ball in "our court"...

The bottom line is that FSG-packed s/w are "suspect", in that they MAY be (or contain) malware... or not.  In the case of THIS "special.exe", the correct seems to be "not".  At least, one hopes....

FWIW, I found the following post on CNET, which explains "packing" quite well.

runtime packed fsg
by ManicWaldo - 5/10/09 3:03 AM In reply to: How dangerous is "runtime packed fsg" by auto78900
"Runtime Packed FSG" is not dangerous at all, not in any shape, manner or form. It's a "signature" that a particular program was used in making the file. It's a program designed to "pack" a program (.exe, etc) into a smaller size. FSG = Fast Small Good.

Now why does it show up in AV software?

Because malicious code writers use it frequently to:

1. pack their virus/malware executable files
2. make it harder for AV software to unpack the file and look for malicious code

It was used in legitimate programs also, but not much anymore because there are new and better packers available. And some not so legitimate, such as key generators made for software theft.

So what the Anti-Virus program is saying, "I don't know for sure if this is anything bad, but it was packed with a program that is often used to pack virii. So use at your own risk."

Since "runtime packed fsg" is not malware or a virus or anything bad in and of itself, you won't find much clear information about it. All the AV software is identifying is the fact that a "packer" program called "FSG" was used.

Here's an example of one of the latest greatest packers in legitimate use:

PECompact

PECompact compresses Windows modules (EXE, DLL, SCR, etc..) substantially, while leaving them able to be run just as before. At runtime, compressed modules are rapidly decompressed in memory. Smaller (<50%) size usually means quicker load time. PECompact generally compresses files much smaller than if they had been compressed by modern data compression software such as RAR.


Offline chip!

  • Bad Ass
  • Administrator
  • Unstoppable
  • *****
  • Posts: 2301
  • Karma: +629/-6
    • View Profile
Re: My next problem..
« Reply #4 on: November 09, 2009, 02:43:51 pm »
If AVG wants to *flag* the file because its packed with a packer, then usually they just need to be contacted and they will add the file's signature to their safe-list. 

Yet, it should be noted as well, that almost all major Antivirus products can successfully handle FSG packed files. I am surprised if AVG still can not, because normally that is a decent security software. Of course, this doesnt really matter, since its as equally easy to add the file to your antivirus "ignore" list, should your antivirus company be stubborn about flagging packed files.

and of course, as always, Bit Che is 100% virus free :)
  -  https://convivea.com  -   And...  boom goes the dynamite.

andy who

  • Guest
Re: My next problem..
« Reply #5 on: December 25, 2009, 04:27:15 pm »
If AVG wants to *flag* the file because its packed with a packer, then usually they just need to be contacted and they will add the file's signature to their safe-list. 

Yet, it should be noted as well, that almost all major Antivirus products can successfully handle FSG packed files. I am surprised if AVG still can not, because normally that is a decent security software. Of course, this doesnt really matter, since its as equally easy to add the file to your antivirus "ignore" list, should your antivirus company be stubborn about flagging packed files.

and of course, as always, Bit Che is 100% virus free :)

cheers