StegoTC - unique freeware TC Steganographic wcx plugin!!!

Discuss and announce Total Commander plugins, addons and other useful tools here, both their usage and their development.

Moderators: sheep, Hacker, Stefan2, white

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 240
Joined: 2008-04-14, 07:20 UTC
Location: Russia, Vladimir region, Kolchugino
Contact:

StegoTC - unique freeware TC Steganographic wcx plugin!!!

Post by *alexanderwdark » 2008-04-15, 19:23 UTC

Specialy for ghisler.ch guests!
New Freeware plugin for TC.




Unique steganographic plugin for TC, supports user defined bitset, 40 encryption algoritms, etc. Plugin is based on ImageSpyer utility. Strong LZMA data compression and hiding to TIFF (LZW, Deflate, Pixart) supported.



StegoTC

ImageSpyer GUI with same functions



Updated on 05.01.2009

1. If You have used old version, it's need to reenter personal settings (bitset, algorithm, mode, magic id, language).

2. Settins now are located in TC recommended directory, where file wincmd.ini is stored).

New: Use extended header to store CRC32 and file date. (see in options).

Other unlisted freeware and opensource plugins by me, Alex Myasnikov from Russia, Kolchugino (DarkSoftware tm.)

Download page
Last edited by alexanderwdark on 2009-01-07, 18:00 UTC, edited 9 times in total.

User avatar
Nigurrath
Senior Member
Senior Member
Posts: 217
Joined: 2003-02-05, 12:41 UTC

Post by *Nigurrath » 2008-04-21, 08:19 UTC

McAfee detects the program stego.exe as malware. Probably it isn't but this makes it not usable

BTW This happens with all your plugins. Probably you must compress them using another tool

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 240
Joined: 2008-04-14, 07:20 UTC
Location: Russia, Vladimir region, Kolchugino
Contact:

Post by *alexanderwdark » 2008-04-21, 10:09 UTC

Nigurrath wrote:McAfee detects the program stego.exe as malware. Probably it isn't but this makes it not usable

BTW This happens with all your plugins. Probably you must compress them using another tool

Stego - standalone packer, wrapper for non-TC using this plugin. This file was packed with UPX. IT's seems, McAfee can't unpack upx - it's this Antivirus problem. Use another antivirus, which can work with UPX-packed files and correctly unpack such type of Win32 PE. :)


It's compressed with UPX, free and opensource, one of the best compressors.
Please, send this files to McAfee. Other AV-tools works correctly and there are no problems. Best antiviruses, such as DrWeb, Kaspersky free of such bugs in their bases and av-engines.


You can switch av monitor off before installing and after it turn it on. Or You can add file to exclusions.
Keyboard not found. Press any key to continue...

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 36665
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2008-04-21, 15:26 UTC

Strange, Total Commander itself is packed with UPX, but with quite an old version: UPX 1.24w, the last of the 1.x versions. Maybe McAfee can only unpack UPX 1.x files and not newer versions?
Author of Total Commander
http://www.ghisler.com

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 240
Joined: 2008-04-14, 07:20 UTC
Location: Russia, Vladimir region, Kolchugino
Contact:

Post by *alexanderwdark » 2008-04-21, 15:47 UTC

ghisler(Author) wrote:Strange, Total Commander itself is packed with UPX, but with quite an old version: UPX 1.24w, the last of the 1.x versions. Maybe McAfee can only unpack UPX 1.x files and not newer versions?
I'm sorry, i wrote UPack in my cmd-compiling script, and files if packed by DWING'S Upack PE-packer.

You can try to pack any PE with it and check. Some antiviruses can't depack and give failure results by just signature checking. But DrWeb and Kaspersky - not.

McAffee has such historical problems. Not only McAffee. Many av-checkers who can decompress upack code.. and checks for upack decompressor (tiny!!) stub to see if if is virus. Because many virus writters are using upack. Free and fine packer with little and fast decompressor.

For example You can read this topic.

Offtopic: Mr. Ghisler, did You read about TC's Mempack bug with BZip2dll.wcx and DarkCryptTC.wcx in tar.plugin mode? how to fix it?
Keyboard not found. Press any key to continue...

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 36665
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2008-04-21, 16:24 UTC

2alexanderwdark
Try using a very popular EXE packer like UPX, this is the best way to avoid problems with virus scanners.
did You read about TC's Mempack bug with BZip2dll.wcx and DarkCryptTC.wcx
Yes, see my reply in these threads.
Author of Total Commander
http://www.ghisler.com

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 240
Joined: 2008-04-14, 07:20 UTC
Location: Russia, Vladimir region, Kolchugino
Contact:

Post by *alexanderwdark » 2008-04-21, 16:31 UTC

ghisler(Author) wrote:2alexanderwdark
Try using a very popular EXE packer like UPX, this is the best way to avoid problems with virus scanners.
did You read about TC's Mempack bug with BZip2dll.wcx and DarkCryptTC.wcx
Yes, see my reply in these threads.

Yes, I'd read - thanx for Your comments, it's nice to know that bug was fixed for next version.

Plugin was repacked and uploaded :)
Keyboard not found. Press any key to continue...

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 240
Joined: 2008-04-14, 07:20 UTC
Location: Russia, Vladimir region, Kolchugino
Contact:

Post by *alexanderwdark » 2008-04-27, 05:09 UTC

Nigurrath wrote:McAfee detects the program stego.exe as malware. Probably it isn't but this makes it not usable

BTW This happens with all your plugins. Probably you must compress them using another tool
Now I use UPX 3.02 with --ultra-brute compression.

But problems with some antiviruses is very mystic thing :shock:

Sometimes it's engines give surprise.
Keyboard not found. Press any key to continue...

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 240
Joined: 2008-04-14, 07:20 UTC
Location: Russia, Vladimir region, Kolchugino
Contact:

Post by *alexanderwdark » 2008-12-06, 11:48 UTC

06.12.2008 Updated: more safe key generation and transformation usign Skein hash function.
Keyboard not found. Press any key to continue...

User avatar
CG!
Junior Member
Junior Member
Posts: 21
Joined: 2008-11-10, 03:44 UTC

Post by *CG! » 2008-12-06, 17:58 UTC

i use UPX 3.03w with --ultra-brute --compress-icons=2.
No warning from Avira or McAffee reportet yet.
Only Norton showed an potential Virus, but this warning was gone with the last update.

User avatar
m^2
Power Member
Power Member
Posts: 1413
Joined: 2006-07-12, 10:02 UTC
Location: Poland
Contact:

Post by *m^2 » 2008-12-06, 18:14 UTC

CG! wrote:i use UPX 3.03w with --ultra-brute --compress-icons=2.
No warning from Avira or McAffee reportet yet.
Only Norton showed an potential Virus, but this warning was gone with the last update.
Still, problems because caused by UPX happen.
Problems w/out a reason happen too.
And so problems because some AV companies consider your software dangerous (like FTP server).

User avatar
CG!
Junior Member
Junior Member
Posts: 21
Joined: 2008-11-10, 03:44 UTC

Post by *CG! » 2008-12-06, 18:45 UTC

Well... it was just a suggestion to use version 3.03, because i had no longer Problems with AV's after i updated.

Wait... not true. if i use it on very small files (like around 30 or 50b), the used compression will cause AV warnings again.

but your are right, there's always a chance to get an compression that some AV's can't handle, except u specify the compression method yourself. But that's still no gurantee.

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 240
Joined: 2008-04-14, 07:20 UTC
Location: Russia, Vladimir region, Kolchugino
Contact:

Post by *alexanderwdark » 2008-12-06, 18:59 UTC

CG! wrote:Well... it was just a suggestion to use version 3.03, because i had no longer Problems with AV's after i updated.

Wait... not true. if i use it on very small files (like around 30 or 50b), the used compression will cause AV warnings again.

but your are right, there's always a chance to get an compression that some AV's can't handle, except u specify the compression method yourself. But that's still no gurantee.
Please, send this incorrectly detected files to AV test labs, they must fix their AV heruistic engine or/and virus signatures, because users often have such bad things by AV monitor.
Keyboard not found. Press any key to continue...

User avatar
CG!
Junior Member
Junior Member
Posts: 21
Joined: 2008-11-10, 03:44 UTC

Post by *CG! » 2008-12-06, 19:41 UTC

Did already.
Got an eMail back saying Thank you. We will check this.
That was 2 months ago. Dunno if they fixed it.
But my program TC-Start seems to cause no problem with AV's after all.
i asked some people that downloaded it from my site and it seems not Norton, McAffe or DataBecker got a problem with it.
i use Avira and it doesn't complain too.

User avatar
alexanderwdark
Senior Member
Senior Member
Posts: 240
Joined: 2008-04-14, 07:20 UTC
Location: Russia, Vladimir region, Kolchugino
Contact:

Post by *alexanderwdark » 2008-12-06, 19:46 UTC

CG! wrote:Did already.
Got an eMail back saying Thank you. We will check this.
That was 2 months ago. Dunno if they fixed it.
But my program TC-Start seems to cause no problem with AV's after all.
i asked some people that downloaded it from my site and it seems not Norton, McAffe or DataBecker got a problem with it.
i use Avira and it doesn't complain too.
Yes, there are some problems. I have used very nice, tiny PE exe-packer (Win)Upack, but lot of AV software can't depack it and makes only signature check of packed file. In result - lot of strange "virus" detections.

When using new version of packer it's good to do online check by many AV software with latest bases.

DarkCryptTC plugin, packed with UPX 3.03w will give ok results by 37 of 38 AVs
Last edited by alexanderwdark on 2008-12-06, 20:03 UTC, edited 1 time in total.
Keyboard not found. Press any key to continue...

Post Reply