Does TwinR contain a keylogger??

[lanzelot]

It's not only ******* AVG that detects it ********.

NOD32 detected it
Kasperksy detected it
Spyware Doctor detected it

Geesh it even has a backdoore.bifrose. ******** just dont use this piece of ****.

[Izeliae]

so dont use it.

[JasM]

Hello,

I'm a developer in Oreans Technologies and we have developed Themida to protect applications against cracking. We are receiving many complain from our clients saying that NOD32 reports their applications as potential thread (Win32/Packed.Themida)

Yesterday, we contacted ESET about this issue and today we just got an email saying the following:

--

If you feel that NOD32 is giving a false positive on a particular file please do the following:

Email the specific file to to verify if the infected file is indeed a threat. This service is free and is used to scan any sample using a dozen AV scanners without the need to install on your PC.

1. Create a new email message to .

2. Type 'SCAN' in the Subject field.

3. Attach the file to be scanned (maximum 10 MB in size).

4. You will then receive an email with a report of the file analysis.

5. Once verified, forward the email to so our Virus Lab can analyze the results.

NOTE: Due to the high volume of submissions we receive daily, we are unable to provide feedback on submissions at this time.

--

Which seems that nobody is really replying and a template is just given after 24 hours.

We know that there are lots of malware protected with Themida (unfortunately), but there is no reason to suppose that all software protected with Themida is malware. An ellegant solution would be to really inspect the file on memory and detect if the file is malware or not, and not just detecting as malware when packed with Themida.

We hope that Eset can give a fast solution to this as it's affecting our clients (and potential clients).

We are happy to assist you on anything that you need.

Thanks,
Rafael

source :

not sure if this is going to help to solve the fight here..

[JasM]

for sus/compack. i could not find more information on this. but from the anti virus web site we can choose to do these..

Your options

Files flagged as suspicious are blocked on access.

If you've received an alert, then you have 2 options:

* authorize the file
* send the file to the lab for analysis

Authorize the file if it's from a trusted source.

Send it to the lab for analysis if:

* you trust the file, but it generates alerts.
* you don't trust the file

Sending a file to the lab?

When you complete the sample submission form, please give a reason for your submission and mention this "Sus/" detection.

source:

[JasM]

from wat i see. it seems quite safe.. so hopefully there will be a version of twinr that could be use longer den the 'trail' timing given..

[St!gmata]

*moved to Main Discussion*
*Thread-Title changed*

[revlord]

@lanzelot , i use nod32 for quite some years now and ain`t give me no shout for this bot or the archive itself as it`s runing at full options with adv heurisitic or wtf is called and i really trust it, yr version must be absolete from 1908.
As for kapersky is worth less than avg and that other1 u mentioned it`s packed on a boat by captain barbarosa.I log on my cabal accounts very rare and when i do i use either cabalrider and now mostly twinr since rider is goin retail and i can say i still have 15k coins and my mils untouched, so trust me if this had a keyloger the hacker would of had plenty of time to take everything from me lawl!