Hello,
I'm a developer in Oreans Technologies and we have developed Themida to protect applications against cracking. We are receiving many complain from our clients saying that NOD32 reports their applications as potential thread (Win32/Packed.Themida)
Yesterday, we contacted ESET about this issue and today we just got an email saying the following:
--
If you feel that NOD32 is giving a false positive on a particular file please do the following:
Email the specific file to
to verify if the infected file is indeed a threat. This service is free and is used to scan any sample using a dozen AV scanners without the need to install on your PC.
1. Create a new email message to
.
2. Type 'SCAN' in the Subject field.
3. Attach the file to be scanned (maximum 10 MB in size).
4. You will then receive an email with a report of the file analysis.
5. Once verified, forward the email to
so our Virus Lab can analyze the results.
NOTE: Due to the high volume of submissions we receive daily, we are unable to provide feedback on submissions at this time.
--
Which seems that nobody is really replying and a template is just given after 24 hours.
We know that there are lots of malware protected with Themida (unfortunately), but there is no reason to suppose that all software protected with Themida is malware. An ellegant solution would be to really inspect the file on memory and detect if the file is malware or not, and not just detecting as malware when packed with Themida.
We hope that Eset can give a fast solution to this as it's affecting our clients (and potential clients).
We are happy to assist you on anything that you need.
Thanks,
Rafael
source :
not sure if this is going to help to solve the fight here..