Hi Guys,
After searching the entire day trying to find a post (by MarkoM I think) that specifies how to fix the false positive the Bat_To_Exe_Converter creates and that can be fixed by replacing UPX? with UPC?, I give up and hope that someone can point me in the right direction.
I used Bat_To_Exe Converter to make a ghost exe of a very simple bat file. Avast detects it as a trojan whenever PAM launches.
As I understood the post in question there is a way to edit? the exe to remove the false positive detection.
Thanks in advance for the help.
Regards
Paul
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
What does it say?
"Those people who think they know everything are a great annoyance to those of us who do." Asimov
If you mean the virus alert, then it detects the trojan "Win32:Agent-ADMK [Trj]".
If you mean the "missing" post then its about a person (Marko rings a bell) who recommends Bat_To_Exe Converter over Bat2Exe and speaks about how to edit the exe file created so that the item (UPX?) that triggers the false positive is cahnged to something (UPC?) that does not trigger it.
Thanks
Paul
Indeed looks like a false positive. I expected correct positive because, like John mentioned already, Bat2Exe converters are to some extent malicious.
But Avast sees something else, contact them, they should fix the signatures.
"Those people who think they know everything are a great annoyance to those of us who do." Asimov
Some malware is based on BAT2EXE converters, so EXEs made from BATs routinely get flagged.
To fix it, switch from Avast, turn of Avast's heuristics (they kinda suck anyway, as do most heuristics), find a different BAT2EXE "compiler", or write the bat using actual code instead of a bat like NSIS.
Sometimes, the impossible can become possible, if you're awesome!
Or maybe contact Avast?
At least they'll whitelist the particular executable, so it's clean until it has to be modified.
"Those people who think they know everything are a great annoyance to those of us who do." Asimov
Yes, maybe it's time I make the effort to learn NSIS but at the moment it's difficult to justify when there are menus/launchers that allows you to launch bat files.
As for letting Avast know about my little exe will distract them from looking for real virusses, so I'd rather find a solution where I do not have to bug them. It's a different storie for proper apps here on this site.
I also saw somewhere where there is a simple way to get PAM to launch shortcuts. I'll investigate that in more detail if I cannot find the post.
Thanks for all the help, I wish I had more time to get stuck into doing this properly.
Regards
Paul
Their solution has a problem. If they are concerned about own software quality, they should welcome such reports.
"Those people who think they know everything are a great annoyance to those of us who do." Asimov
Ok thanks, I get your point, will submit it to Avast tomorrow.
Regards
Paul
1. Add the converted file's name to the Avast Exclusions list.
2. Edit the converted file's UPX string to UPY. I think there are 2 or 3 places to change. PSPAD has a Hex editing capability and I'm sure there are others.
3. Use a converter like MS IExpress.
http://renegadetech.blogspot.com/2006/07/how-to-convert-bat-file-or-vbs-...
This link may help also:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=SUNA,SUNA:2...
Ed
Hi Ed P,
Thanks for all the options!
I like the MS IExpress option but I cannot get it to work properly. It seems that it is launching the bat file but the program does not start, whereas if I execute the bat file normally it works fine. I will have to play a bit more as I really like this option.
Thanks also for the search tip. It good to know that you can target google to a single site. The forum search facility always left me frustrated, so this tip would help me.
Regards
Paul
I had a problem with the Bat_To_Exe_Converter newer version!
An older version did not produce warnings or reactions from my virus scanner when I created an .exe. I am using the Avira AntiVir Personal software, which reacted quickly to nutralize the output of the latest version of the converter.
The older version has a modified date of 11/18/10 and size around 444KB.
Hope this is a help,
davidre
False positives are the fault of the anti-virus software and should be reported by the user experiencing the issue directly to the anti-virus company. Someone else could report the problem, but if that person isn't experiencing the problem first hand, then they can't confirm a fix is actually working.
neutron1132 (at) usa (dot) com