Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the forum
Board view  Mix view

HX full of virii (DOSX)

posted by Rugxulo(R) Homepage, Usono, 23.11.2012, 00:24

> > Horrible that we have to work around lousy antiviruses
>
> > (I didn't check, but IMHO, putting the password as plaintext in the .ZIP
> > comment would at least be semi-friendly
>
> Better idea:
>
> - switch form ZIP to 7-ZIP

Won't work. Most good ones can unpack various archives and exe packers, esp. the open source kind (.7Z).

> - brew a better PWD than "japheth" and hide it better

.ZIP passwords are incredibly easy to crack. Also, it's a pain trying to remember a billion passwords. If the "PX" hack isn't viable, I'll understand, but so far it seems like the least painful way to fix everything, at least in my naive worldview.

Or just only password protect DKRNL32.DLL and leave others unencrypted. Then the README.1ST could tell the password to unpack the remaining file.

Or just split the actual file into several pieces and let the user manually combine it (hopefully defeating detection).

> - hide your HX files into something else looking innocent (PNG? OGV? ...)

I don't think that will work. Lots of formats have subformats inside them, so smart antiviruses probably still scan them for various things.

> Hints about suitable tools
> (usable in DOS) are
> welcome :hungry:

There was an old one on FASM's forum a few years ago, perhaps by ATV, but I don't remember where. Feel free to search.

> > You could probably also just disable heuristics entirely or choose
> "ignore"
> > to manually ignore the warning (e.g. XPACK/Gen or whatever for
> > TESTDRUG.EXE below)
>
> I don't have any problems with the file. Maybe because I don't use those
> useless "antivirii" at all?

They aren't useless, just overzealous and bloated and slow. It's a sad fact of life.

 

Complete thread:

Back to the forum
Board view  Mix view
15192 Postings in 1365 Threads, 250 registered users, 15 users online (0 registered, 15 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum