3 Comment on "Aion: Clever Crafter bot"

  • “C:UsersDownloadsNA_AionSZ_en_v141_Full.zip:ZBinNPsps.dll”;”Virus found Win32/Patched”;”Infected”
    “C:UsersDownloadsNA_AionSZ_en_v141_Full.zip:NPman.pak”;”Virus identified Win32/Themida”;”Infected”
    “C:UsersDownloadsNA_AionSZ_en_v141_Full.zip:AionStarter.exe”;”Virus identified Win32/Themida”;”Infected”
    “C:UsersDownloadsNA_AionSZ_en_v141_Full.zip”;”Virus identified Win32/Themida”;”Infected”

  • http://en.wikipedia.org/wiki/Executable_compression

    “Also, some older virus scanners simply report all compressed executables as viruses because the decompressor stubs share some characteristics with those. Most modern virus scanners can unpack several different executable compression layers to check the actual executable inside, but some popular anti-virus and anti-malware scanners have had troubles with false alarms on compressed executables.”

    Themida is one of the packers listed in the article above.

    However, to be fair, I also ran it through VirusTotal – http://www.virustotal.com/analisis/a28da69156055d9dd54c2eea0a050d7787c1be43ce44c59d4aa64e07e8a36240-1269350220

    It shows a rootkit (usually need those for bots to hide them from games) and a trojan on some reports. Honestly, something like this is use at your own risk. By the way, AVG, was the only one which showed Themida. You might want to also check out this security post on AntiVirus reviews.

Leave a Reply