Some time ago I downloaded BeSweet 1.5 from http://www.doom9.org/Soft21/Audio/BeSweetv1.5b31.zip
although I did not then make use of it.

Later, after various updates to TrendMicro Internet Security 2007 the downloaded file and a backup copy were quarantined although the log stated: “no virus found”.

I have tried downloading the file again and now, with the updated TMIS in place, the file is automatically quarantined “Computer virus found” and access denied.

TrendMicro’s explanation is “The infect file was either a password-protected zip file of a multi-layered zip file which PC-cillin cannot fully access as by default it will only look at the first three layers. If the malicious file is deeper than this or is password-protected, PC-cillin cannot access it.”

The file is not password protected and I would not expect it to be a multi-layered zip file.

Has anyone else had a problem with this file or is this a problem with TMIS? :confused:

Ray

I just downloaded that zip file and scanned it with Symantec Anti-Virus and it is clean. Like you guessed, neither is the file password protected nor are there other zip files inside this. Just TrendMicro acting weird, I guess.

Thank you for your reply. I am taking it up with TrendMicro.

Ray

Because the file was quarantined I could not submit it to TrendMicro.
However they downloaded it themselves and have commented:

We analyzed the following files ... and verified these to be non malicious.
ac3enc.dll (11,264 bytes)
BeSweet.exe (61,440 bytes)
bsn.dll (54,272 bytes)
hip.dll (31,744 bytes)
lame_enc.dll (140,800 bytes)
The Trend Micro white list will now be made to undetect the file as PAK_Generic.001.
We will update you as soon as the latest virus pattern file has been released.

Ray
:)

http://virusscan.jotti.org

http://www.virustotal.com/en/indexf.html

:)

i think its probably a packer used to make the exe smaller, these are also used to obscure virus detection etc.

edit1: look here http://upx.sourceforge.net/ :) it's the packer UPX.

edit2:

File: BeSweetv1.5b31.zip
Status:
OK
MD5 0cde8e8ddcb66f0dff6d5fbb2a979621
Packers detected:
UPX
Scanner results
Scan taken on 20 Feb 2007 19:56:50 (GMT)
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


edit3:

Antivirus Version Update Result
AntiVir 7.3.1.37 02.20.2007 no virus found
Authentium 4.93.8 02.19.2007 no virus found
Avast 4.7.936.0 02.20.2007 no virus found
AVG 386 02.20.2007 no virus found
BitDefender 7.2 02.20.2007 no virus found
CAT-QuickHeal 9.00 02.20.2007 no virus found
ClamAV devel-20060426 02.20.2007 no virus found
DrWeb 4.33 02.20.2007 no virus found
eSafe 7.0.14.0 02.20.2007 suspicious Trojan/Worm
eTrust-Vet 30.4.3414 02.20.2007 no virus found
Ewido 4.0 02.20.2007 no virus found
FileAdvisor 1 02.20.2007 no virus found
Fortinet 2.85.0.0 02.20.2007 suspicious
F-Prot 4.2.1.29 02.19.2007 no virus found
F-Secure 6.70.13030.0 02.20.2007 no virus found
Ikarus T3.1.0.31 02.20.2007 no virus found
Kaspersky 4.0.2.24 02.20.2007 no virus found
McAfee 4967 02.20.2007 no virus found
Microsoft 1.2204 02.20.2007 no virus found
NOD32v2 2072 02.20.2007 no virus found
Norman 5.80.02 02.20.2007 no virus found
Panda 9.0.0.4 02.20.2007 no virus found

Aditional Information
File size: 490924 bytes
MD5: 0cde8e8ddcb66f0dff6d5fbb2a979621
SHA1: 1d59e6c3da521c97db6d92c26a7314f9863adf7e
packers: UPX
packers: UPX, UPX, UPX, UPX, UPX, UPX, UPX, UPX, UPX
packers: UPX


I used to see a lot of antivirus programs detect UPX as a virus, looks like a few more need to adress the issue.

Regards
cyph

Unfortunately, many anti-virus programs seem convinced that the only reason you'd compress an EXE is that it's a virus. -_-