Virus in pak0.pak.gz

[Nigel]

MY copy of McAfee is saying that there is a virus in the pak0.pak.gz file. Has anybody else noted this problem

[Dan East]

A long, long time ago someone reported that problem in this forum. See .

Try updating your virus software. The pak file does not contain a virus, and since it is not an executable cannot even be a conduit for a virus.

Dan East

[mark (killzat)]

Dan,

Hehe most viruses these days don't come in .EXE form anymore, the majority make use of automated Internet standards such as .vbs in E-Mails etc.

On the other hand my virus checker once reported Windows98 as being a virus, which isn't technically wrong because it later reported Bill Gates as one as well.. strange world eh..

[James S]

[RwGast]

[Paul]

[RwGast]

[Dan East]

What I meant by "executables" are true binary executables (EXE and DLL), plus scripting languages (vbs, js, wsh), files that contain scripts (doc, xls, etc), and files that can launch other programs (bat, pif). Other types of files such as images, sounds, text files, and many types of data files used by most applications (pak in this case), cannot be used to truly transport a virus. Even if such files had a virus embedded within them, the programs that load and access those files still do not "execute" or interprete the virus, so it never has a chance to run. As an example, try renaming an .exe file to .txt and pull it up in notepad (we'll call it test.exe -> test.txt). When you opened test.txt up in notepad you did not execute test.exe. Thus if test.exe contains a virus it would be benign, because as long as it is a txt file it will never get executed as an exe.

Dan East

[Guest]

[James S]

I wrote a virus in notepad once then renamed it to a .COM file. It was just to test to make sure my virus scanner worked, and it accomplished it's goal.

[RwGast]

[James S]

Virus.com binary executable contents:

X50!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

That should be it, just type it in in notepad and save it as virus.com, your virus scanner should detect it. I think it's called EICAR Virus, but that's only because I see that in the file up there. Really, try it. I works.

[RwGast]

What if i have no scanner? What will it do to my computer? Is there some explanation on how that really works? COM files are usually asm compilied binarys.

[Guest]

[theTempAvenger]

the lovely microsoft operting systems do not really understand file extenstions. If associate a file type with an application, this app will load and try and handle the file. Some Filetypes like exe, com are executable, then windows checks the header of the file about how to handle it. A good example of this is renaming an .exe to .dll it will still execute as a normal program.
The problem with gifs and other multimedia extensions are the programs that handle them. it is possible for a gif file to misbehave and due to an overlong line, etc. push a small peice of code into the wrong memory area where it gets executed as if it were a program instruction and not a piece of data. This happened with microsofts early web servers, you could upload a small virus to a web server by using a URL line of over 256 chars and then adding your virus code to the end of the line!

Ps, the links problem in Divix is also embedded into media player. Yes someone did use this and an internet explorer bug to spread a virus!!!!