Possible virus/trojan in MDK ISO

Thoughts on life, the universe and everything else not covered in other categories.

Moderator: LW Moderator

Post Reply
Rekrul
Member
Posts: 41
Joined: Wed Sep 20, 2006 9:33 am
Been thanked: 1 time

Possible virus/trojan in MDK ISO

Post by Rekrul »

I just downloaded the ISO of MDK and after unpacking the Rar files, I have a CUE file, an ECM file, a 3dslxecm.exe file which matches unecm.exe found elsewhere on the net and a file named unpack.exe, which my virus scanner identifies as "W32/KillAV.FN". I also submitted this file to the online virus scan sites listed in another thread and about 75% of the scanners used tagged this as a virus/trojan.

At the very least, this file is unnecessary as the 3dslxecm.exe file is the one needed to unpack the ECM file.

So what is "unpack.exe" and why is it in the archive?
Top
User avatar
Trey
Super Member
Posts: 1671
Joined: Thu Jul 12, 2007 3:43 am
Location: U.S.A. - Just like Disneyland! (but with more Porn, Drugs, and Guns)
Has thanked: 2 times
Been thanked: 13 times

Re: Possible virus/trojan in MDK ISO

Post by Trey »

Rekrul wrote:I just downloaded the ISO of MDK and after unpacking the Rar files, I have a CUE file, an ECM file, a 3dslxecm.exe file which matches unecm.exe found elsewhere on the net and a file named unpack.exe, which my virus scanner identifies as "W32/KillAV.FN". I also submitted this file to the online virus scan sites listed in another thread and about 75% of the scanners used tagged this as a virus/trojan.

At the very least, this file is unnecessary as the 3dslxecm.exe file is the one needed to unpack the ECM file.

So what is "unpack.exe" and why is it in the archive?
Don't know. The NFO says that InsaneFury had it first. It also says that unpack.exe is needed to install correctly... the W32/KillAV part means that it shuts down your antivirus. Playing devils advocate, maybe early versions had a conflict with anti-virus programs so they needed to be shut down first before installing, but if the file is an ISO then you aren't going to install from the directory anyway, I don't see why that would be nessessary...
Top
MasteromaN
Super Member
Posts: 1225
Joined: Thu Feb 24, 2005 3:52 pm
Has thanked: 1 time
Been thanked: 2 times

Post by MasteromaN »

If you have unecm.exe just move the ecm file over it.
Top
User avatar
InsaneFury
3DSL Moderator
Posts: 1268
Joined: Sat Jun 05, 2004 7:14 pm
Has thanked: 8 times
Been thanked: 4 times

Post by InsaneFury »

I think releases like this usually came with an unpack.bat file, which would just call the unecm.exe, adding the ecm filename as a parameter.

Perhaps someone tried to create a Win32-native executable that does the same, or perhaps converted the batch file to an executable. Perhaps disassembling the exe would answer some questions.



Top
User avatar
loki1985
Super Member
Posts: 925
Joined: Fri Jun 18, 2004 8:58 am
Location: South of Heaven
Been thanked: 4 times

Post by loki1985 »

from my memory, i can confirm that this executable was converted to an EXE file from a batch file, using some 3rd party bat2exe software.
Top
dead-meat
Super Member
Posts: 1529
Joined: Fri Jun 18, 2004 1:20 pm

Post by dead-meat »

InsaneFury wrote:I think releases like this usually came with an unpack.bat file, which would just call the unecm.exe, adding the ecm filename as a parameter.

Perhaps someone tried to create a Win32-native executable that does the same, or perhaps converted the batch file to an executable.
You can't be that wrong ;)
Top
Post Reply

Return to “General Topics”