Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
2 replies to this topic

#1 JackTaylor


  • Members
  • 3 posts
  • Local time:11:37 AM

Posted 04 October 2005 - 10:28 AM

I have been using an application "SWiSHstudio" by www.swishzone.com, to make Executables.

"upx.exe" has been used in it for some time for 'compression'.

Today when I export an EXE, ZoneAlarm-Pro reports/alerts/warns
"upx.exe has been blocked from creating a new process"

Apparently ZoneAlarm just implemented/picked-up "upx.exe" in most recent update
(less than 24 hours old)
because yesterday "upx.exe" did not trigger an Alert/Warning.

The "more info - details" of ZoneAlarm did not produce enough satisfactory about IMHO.

Did my usual "Google" on-for 'upx.exe' and found listing here (BleepingComputer.com).
Bleeping Computer - upx.exe - File Information

Does anyone here have experience and/or exact information about "upx.exe" what it does to make it malware when NOT "Added by a variant of the AGENT.AH TROJAN!"??


BC AdBot (Login to Remove)


#2 ddeerrff



  • Malware Response Team
  • 2,741 posts
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:10:37 AM

Posted 04 October 2005 - 01:33 PM

Occasionally malware and legitimate files end up with the same filenames. UPX.exe is a variant of the WIN32.AGENT.AH TROJAN only if it identifies itself as 'notepade.exe'. See http://castlecops.com/s6693-upx_exe.html .

For piece of mind, try uploading the version of upx.exe you have to the Jotti's malware scan site and see what it has to say.

#3 JackTaylor

  • Topic Starter

  • Members
  • 3 posts
  • Local time:11:37 AM

Posted 05 October 2005 - 06:50 AM




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users