Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

upx.exe


  • Please log in to reply
2 replies to this topic

#1 JackTaylor

JackTaylor

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 04 October 2005 - 10:28 AM

I have been using an application "SWiSHstudio" by www.swishzone.com, to make Executables.

"upx.exe" has been used in it for some time for 'compression'.

Today when I export an EXE, ZoneAlarm-Pro reports/alerts/warns
"upx.exe has been blocked from creating a new process"

Apparently ZoneAlarm just implemented/picked-up "upx.exe" in most recent update
(less than 24 hours old)
because yesterday "upx.exe" did not trigger an Alert/Warning.

The "more info - details" of ZoneAlarm did not produce enough satisfactory about IMHO.

Did my usual "Google" on-for 'upx.exe' and found listing here (BleepingComputer.com).
Bleeping Computer - upx.exe - File Information

Does anyone here have experience and/or exact information about "upx.exe" what it does to make it malware when NOT "Added by a variant of the AGENT.AH TROJAN!"??

Regards

BC AdBot (Login to Remove)

 


#2 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:11:53 PM

Posted 04 October 2005 - 01:33 PM

Occasionally malware and legitimate files end up with the same filenames. UPX.exe is a variant of the WIN32.AGENT.AH TROJAN only if it identifies itself as 'notepade.exe'. See http://castlecops.com/s6693-upx_exe.html .

For piece of mind, try uploading the version of upx.exe you have to the Jotti's malware scan site and see what it has to say.
Derfram
~~~~~~

#3 JackTaylor

JackTaylor
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 05 October 2005 - 06:50 AM

ddeerrff,

Thanks.

Regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users