Support Forum for TrojanHunter anti-malware remover and other products, including freeware

Search

Members

Login

Register

Welcome, Guest. Please Login or Register.

May 21^st, 2013, 11:15am

   TrojanHunter Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   What is UPX and what's the danger?

« Previous topic | Next topic »

Pages: 1

Notify of replies

Send Topic

Author

Topic: What is UPX and what's the danger? (Read 850 times)

John_Hill
Newbie

Posts: 12

What is UPX and what's the danger?
« on: Nov 30^th, 2004, 2:06am »

Quote

Modify

Probably I should know, but I don't. I found the acronym: Ultimate Packer for eXecutables, but what so?

I'm evaluating TH4; obviously I need it. At first run I was notified:
wizmo.exe (Suspicious: UPX-packed file in Windows System folder)
[The One-Click Utility from Gibson Research Corp.]

IP Logged

Randy_Bell
Global Moderator

TrojanHunter is the Best!

Gender:

Posts: 2883

Re: What is UPX and what's the danger?
« Reply #1 on: Nov 30^th, 2004, 9:05am »

Quote

Modify

UPX is a runtime packer for executables. There are many such "execution compression" schemes but UPX is the most popular, probably followed by ASPACK. The idea is to compress the size of the executable without losing any functionality: when executed, the compressed executable will load the same uncompressed image in memory. Wink

IP Logged

John_Hill
Newbie

Posts: 12

Re: What is UPX and what's the danger?
« Reply #2 on: Dec 2^nd, 2004, 12:57am »

Quote

Modify

Thx for your answer. I assume that the TH warning is caused by the fact that TH can't unpack the exe to check its content? How does TH treat self-executable zip files?

IP Logged

Randy_Bell
Global Moderator

TrojanHunter is the Best!

Gender:

Posts: 2883

Re: What is UPX and what's the danger?
« Reply #3 on: Dec 2^nd, 2004, 1:27am »

Quote

Modify

on Dec 2^nd, 2004, 12:57am, John_Hill wrote:

I assume that the TH warning is caused by the fact that TH can't unpack the exe to check its content?

TH can unpack UPX, usually the warning is because UPX-packed files in the Windows system folder are suspect. �Trojans and malware use packing to disguise their true signatures. �Btw, that is the strength of memory scanning techniques such as used by TH Guard because trojans must reveal their true signature {footprint} when they load into memory. � Wink

The other question, about self-extracting executables -- KAV can unpack and decrypt many of these but I don't think TH is designed to analyze self-extracting ZIP or RAR files until they unzip themselves -- I could be wrong about that, though. �Usually this is not a security risk since self-extractors when executed will reveal their uncompressed components {contents} and give opportunity for AntiVirus and AntiTrojan realtime monitors to examine the contents at the time they extract the contents. � Wink

« Last Edit: Dec 2^nd, 2004, 1:29am by Randy_Bell »

IP Logged

John_Hill
Newbie

Posts: 12

Re: What is UPX and what's the danger?
« Reply #4 on: Dec 2^nd, 2004, 2:11am »

Quote

Modify

Unbeatable quick response! I appreciate your guidance, Randy.

I have used AV/firewalls for years, but during the last weeks I have learned (from newspapers, friends etc) that "a common AV" isn't sufficient. Due to the complexity of today's security threats, you need specialized software like TH (+ anti spyware/adware). As a result of my surfing for security issues, I have learned: Don't use the application's default settings; UNDERSTAND the software; make your individual configuration to suite your needs. (That's why I'm asking.)

I have just started my evaluation period, but I'm convinced. I need TH. It is working fine (fortunately without finding any Trojan), but the help file could be "more helpful". Thanks to this splendid user forum, I think I have the resources I need. I'm reading and reading... Thanks to all contributors.

IP Logged

Pages: 1

Notify of replies

Send Topic


« Previous topic \| Next topic »