False positives - exe packers...

I’m a new user of CIS and I noticed that I get many false positives on exe/dll files compressed with some “exotic” packers… I think a good AV should be able to unpack “runtime packers” or at least tell that that file is packed (not suggest to be an unknown malware).

Here’s a list of false positives I found (unpacked files are clean). I used PEiD to get the info.
(Virus Signature Database Version: 1021 / Heuristic level: LOW)

Packed with PECompact

  • Unclassified Malware[at]8342523
  • Unclassified Malware[at]8316369
  • Unclassified Malware[at]8314783
  • Unclassified Malware[at]8302806
  • Unclassified Malware[at]8351666 (pec2codec_lzma.dll)
  • Unclassified Malware[at]8351669 (pec2rsrc_brazilian.dll)
  • Unclassified Malware[at]8351668 (pec2rsrc_japanese.dll)
  • Unclassified Malware[at]8351670 (pec2rsrc_polish.dll)
  • Unclassified Malware[at]8351667 (PEHideText.exe)

Packed with FSG

  • Unclassified Malware[at]8519599
  • Unclassified Malware[at]8375233
  • Unclassified Malware[at]8375178
  • Unclassified Malware[at]8330296
  • Unclassified Malware[at]8402469
  • Unclassified Malware[at]8375216
  • Unclassified Malware[at]8375172

Packed with PESpin

  • Unclassified Malware[at]8411890

Packed with Winkript

  • Unclassified Malware[at]8375217
  • Unclassified Malware[at]8375221

Packed with nSPack

  • Unclassified Malware[at]8362369
  • Unclassified Malware[at]8378765
  • Unclassified Malware[at]8309756

Packed with Neolite

  • Unclassified Malware[at]8375205

Packed with MEW

  • Unclassified Malware[at]8375198
  • Unclassified Malware[at]8375173
  • Unclassified Malware[at]8375221
  • Unclassified Malware[at]8375194

Packed with DEF

  • Unclassified Malware[at]8375181

Packed with .BJFNT

  • Unclassified Malware[at]8375199

Packed with Simple UPX Cryptor

  • Unclassified Malware[at]6424104

Packed with PEtite

  • Unclassified Malware[at]8375210

Packed with ASPack

  • Unclassified Malware[at]8375204

Packed with yoda’s cryptor

  • Unclassified Malware[at]8331071
  • Unclassified Malware[at]8332940

Packed with Upack

  • Unclassified Malware[at]5231028
  • Unclassified Malware[at]8375187
  • Unclassified Malware[at]5949224

We have identified this false-positive and will be fixed in next CAV update.
Thank you for reporting.


Could you please verify the FP’s with the latest base update?