Page 1 of 1
"Resize.com" generating false positive with antivirus program
Posted: Wed Apr 08, 2009 1:13 am
by marzsyndrome
Thought I'd mention that it seems my current installation of avast! Antivirus on XP is claiming the little resize tool - available on this website - to include malware.
It reports it as "Other:Malware-gen". I know it's a harmless program of course, but it's rather annoying to have to temporarily switch off my virus protection everytime I want to use it. Seeing as there's very little info on the program itself, I wouldn't be able to report much about it when informing the avast! team about it, but I'll give it a try nevertheless.
I was wondering however, whether it would be relatively easy to code a new tool with a similar purpose, which doesn't attract the ire of random antivirus scanners?
Re: "Resize.com" generating false positive with antivirus program
Posted: Wed Apr 08, 2009 2:34 am
by r09
You can use the "reMove" tool by themabus, it's even better because you get the removed part in a separate file, in case you want to check it. It's also better in that it works with 64-bit operating systems (resize doesn't). Get it
here.
For example, to cut the last 150 sectors (352800 bytes) from a file called track01.bin:
remove -size=150sec track01.bin gap.bin
With that, track01.bin gets resized and gap.bin contains the removed part.
Re: "Resize.com" generating false positive with antivirus program
Posted: Wed Apr 08, 2009 7:39 pm
by marzsyndrome
Sounds good indeed. Although it would be fun still to generally have a tool which allowed you to resize a file in both directions (add, take away). ReMove sounds like it can only do the latter, as much as it can help in terms of redump's guide.
Re: "Resize.com" generating false positive with antivirus program
Posted: Thu Apr 09, 2009 10:07 am
by Rocknroms
marzsyndrome wrote:Sounds good indeed. Although it would be fun still to generally have a tool which allowed you to resize a file in both directions (add, take away). ReMove sounds like it can only do the latter, as much as it can help in terms of redump's guide.
ReMove can resize in any direction, simply use the subcommand "-direction=".
Example, you want to cut the first 150 sectors of track01.bin:
remove -direction=left -size=150sec temp.bin track01.bin
With a bit of immagination you can recover quickly anything you can handle with resize, moreover you can handle also bigger files.
Re: "Resize.com" generating false positive with antivirus program
Posted: Fri Apr 10, 2009 5:49 am
by marzsyndrome
Actually I meant "add to and take away from" rather than "left and right", but thanks for the tip nonetheless.
Re: "Resize.com" generating false positive with antivirus program
Posted: Fri Apr 10, 2009 6:54 am
by themabus
it's the same
when you have 2 files in commandline 'temp.bin' and 'track01.bin'
'left' moves data from beginning of 'track01.bin' to the end of 'temp.bin'
'right' does opposite
though, if you'd want to just add blank data (0x00) you'd need to first generate dummy file for that,
which you can with psxt001z
and it's easier to do copy /b then