info on RarePacker.Multi.Generic

[craig123456]

Zonealarm has found the following when unpacking an exe file: "RarePacker.Multi.Generic was found" and quarantined the file.
(it's the old DVD Shink application)

Do you have any information on what rarepacker is and why it was quarantined? Is it safe to use, or what does it do?

regards
craig

[findley]

Quote:

Originally Posted by craig123456

Zonealarm has found the following when unpacking an exe file: "RarePacker.Multi.Generic was found" and quarantined the file.
(it's the old DVD Shink application)

Do you have any information on what rarepacker is and why it was quarantined? Is it safe to use, or what does it do?

regards
craig

Craig,

To check this out, you could upload the DVD shrink files to Virus Total Virustotal is a free service which will analyze the suspicious files. The files will be checked out against thirty-nine antivirus engines.

There was a thread on false positives, DVD shrink and RarePacker.Multi.Generic
a couple months back. Here is the link: ZASS False Positives

Best regards,
Findley

[atinalee]

I just did a scan because I just installed the new 9.1.008 program.

It foudn rarepacker.multi generic in this codestuffstarter program I have used for years. I am not sure what to do now? I really dont think they would have a trojan in this program.

Can you tell me if this is a false positive and if I should restore it. It put it in the quarantine file.

Thanks

Anita

[findley]

Quote:

Originally Posted by atinalee

I just did a scan because I just installed the new 9.1.008 program.

It foudn rarepacker.multi generic in this codestuffstarter program I have used for years. I am not sure what to do now? I really dont think they would have a trojan in this program.

Can you tell me if this is a false positive and if I should restore it. It put it in the quarantine file.

Thanks

Anita

Hi Anita,
Suggest you follow the same advice as previously given to craig in post #2.
Upload any suspicious file to Virus Total or to Jotti's malware scan You'll get your answer as to whether this is a false positive.
best regards and enjoy the weekend,
Findley

[gramps]

Quote:

Originally Posted by findley

Craig,

To check this out, you could upload the DVD shrink files to Virus Total Virustotal is a free service which will analyze the suspicious files. The files will be checked out against thirty-nine antivirus engines.

There was a thread on false positives, DVD shrink and RarePacker.Multi.Generic
a couple months back. Here is the link: ZASS False Positives

Best regards,
Findley

Thanks for the very helpful information Findley. I'm sure you've seen that both of these services ( Virus Total or to Jotti's malware scan ) give differing results and their Kaspersky may be different from ZA's (odd).

Would you agree that if Kaspersky, AVG, NOD32 agree on the status, and the rest show different threats; I can say ZA gave a false alarm?

Thanks again,
Gramps

[findley]

Quote:

Originally Posted by gramps

Thanks for the very helpful information Findley. I'm sure you've seen that both of these services ( Virus Total or to Jotti's malware scan ) give differing results and their Kaspersky may be different from ZA's (odd).

Would you agree that if Kaspersky, AVG, NOD32 agree on the status, and the rest show different threats; I can say ZA gave a false alarm?

Thanks again,
Gramps

Gramps,
The differing results for Virus Total and Jotti's reflect that these free file analyzing services for suspicious malware run different versions of av engines with Jotti's service ususally being behind, date-wise, the virus total services. But there can be comparative value in using both.

With the DVD Shrink files there are malware versions and clean versions. These files can be downloaded and installed from legitimate sources and downloaded and installed from dubious sources. It has been noted in previous threads on DVD Shrink that ZA has in the past flagged these files and users have reported them as false positives as noted in the threads referenced previously.

My habit and practice on any thing flagged by zone alarm or any other malware scanner is to run multiple online scanners to verify whether or not this is a threat or false positive. If there is any doubt, further investigation can be done by running hijackthis and posting the hijackthis log to the HJT forum at bleepingcomputer or spywarehammer or another malware removal forum where experts will evaluate and walk you through the running of malware removal tools, if necessary.
Findley

[atinalee]

Thanks I found out from the site with this program that it is not a trojan but the way they do their exe file. Zone alarm keeps telling me every day I have a trojan and every day I tell it to restore it. It is a real pain. I might look for a different program or uninstall it. Too much of a problem.
Thanks

Anita

[findley]

Quote:

Originally Posted by atinalee

Thanks I found out from the site with this program that it is not a trojan but the way they do their exe file. Zone alarm keeps telling me every day I have a trojan and every day I tell it to restore it. It is a real pain. I might look for a different program or uninstall it. Too much of a problem.
Thanks

Anita

Anita,

In the advanced options of the antivirus section, have you tried adding the files to the Zone Alarm exception list so they are not scanned and identified as an issue?
hope this helps
Findley

[atinalee]

Thanks so much. I didnt know you could do this. This has solved my problem.

Anita

[findley]

Quote:

Originally Posted by atinalee

Thanks so much. I didnt know you could do this. This has solved my problem.

Anita

Glad to hear it and thanks for the feedback