Virus in many AGE .exe?

[ERISS]

With my Avira scan:

Nom: PCK/ExeCryptor
Type: Packer (fr)
En circulation: Oui
Infections signalées Faible
Potentiel de distribution: Faible
Potentiel de destruction: Faible
Fichier statique: Non

Général PCK/ malware class description (fr)

Détails de fichier Logiciel de compression des fichiers exécutables:
Afin d'entraver la détection et de réduire la taille du fichier il est compressé avec un logiciel de compression des exécutables.

[lodilefty]

Is this reporting the installer or patch .exe files? They definitely are compacted executables.

We get occasional inquiries, and have yet to encounter anything real...
Some AV software gets a bit "too robust".



(I run Avast, which has kept me virus free for ~6 years now. And it's free!)

[Hobbes]

I have also had false virus detections with AGEOD games in the past.
Like Lodi I have been using Avast for the past few years and have had no problems (and it has also never highlighted AGEOD games as a possible infection).

Cheers, Chris

[ERISS]

En Angliche c'est plus détaillé:

Virus: PCK/ExeCryptor
Type: Packer
In the wild: Yes
Reported Infections: Low
Distribution Potential: Low
Damage Potential: Low
Static file: No

General PCK/ - Packer

Packer detection is a heuristic detection routine designed to detect common packers used by malware. Even though some packers are commercially available, many executables compressed with them are malware, or have a behaviour that presents a security or privacy risk.

Usually these packers employ encryption mechanisms and often manipulate the original executable code to hide the real functionality.

Please note that legitimate software may employ some of these commercial packers. A packer detection does not necessarily mean that the detected file is malicious. Due to this, enabling packer detection is usually only recommended for corporate users or for users who understand what runtime packers are and how to interpret a packer detection.

A PCK/ detected file is most likely not to be malicious if one or more of the following are true:
- The program is in use for a very long time and is known to the user
- The program was installed by the user himself
- The program comes from a trustworthy source

If you are ever unsure whether a PCK/ detected file is legitimate we highly recommend uploading it to http://www.avira.com/en/support/submit_suspicious_files.html for further analysis.

File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Andrei Ivanes on Friday, March 19, 2010
Description updated by Andrei Ivanes on Friday, March 19, 2010

Ca semblerait un faux-positif, mais par précaution j'enverrai ça chez mon support d'Avira Internet Security 2012 (payant).
J'indiquerai la liste complète des exe incriminés quand mon scan sera enfin terminé.

[deguerra]

et cela?

Please note that legitimate software may employ some of these commercial packers. A packer detection does not necessarily mean that the detected file is malicious. Due to this, enabling packer detection is usually only recommended for corporate users or for users who understand what runtime packers are and how to interpret a packer detection.

A PCK/ detected file is most likely not to be malicious if one or more of the following are true:
- The program is in use for a very long time and is known to the user
- The program was installed by the user himself
- The program comes from a trustworthy source

[ERISS]

Exécutables de jeux:
. Wars in America\AGESettings.exe
. Birth of America\BoA.exe

Patch:
. BoA_patch1.13d.exe

J'ai ignoré au lieu de les mettre en quarantaine.