OS:WinXP
more than 6 days i'm working on this project. and still i can't found "The Problem"
i want to write just a very simple exe packer.
my packer works very good but "Kaspersky Ant-Virus" occurr "Suspicious code alert"

Why why why stupid antivirus doing this to me ?

it was another stange thing.
when i was added a new and totaly empty section an existing file,it was occurred the same error "Suspicious code"
hey there is no code !
how could be some thing "Suspicious" if there is no exist

the same "stupid program" occurr NOTHING when files packed with y0da's cryptor.

i have soruce of y0da's cryptor but i'm still desperate straits :(

-HELP ! HELP !
-Is anybody hear my scream ?
Posted on 2004-08-28 20:51:07 by Criminal2
Criminal2,

It is because the lesser AV scanners don't have very good heuristic scanners so if there is a branch to a decompression routine, it does not know the difference and complains about it. It is worth having a good look at the startup code produced by other EXE packers to see what they do in terms of sections but the general idea is to make the code act like a normal exe file but that branches to the decompression stub first.
Posted on 2004-08-28 21:18:21 by hutch--
don't screw with the Russians
Posted on 2004-08-28 21:27:53 by comrade