StegoTC - unique freeware TC Steganographic wcx plugin!!!
Moderators: Hacker, petermad, Stefan2, white
- alexanderwdark
- Senior Member
- Posts: 270
- Joined: 2008-04-14, 07:20 UTC
- Location: Russia
- Contact:
StegoTC - unique freeware TC Steganographic wcx plugin!!!
Specialy for ghisler.ch guests!
New Freeware plugin for TC.
Unique steganographic plugin for TC, supports user defined bitset, 40 encryption algoritms, etc. Plugin is based on ImageSpyer utility. Strong LZMA data compression and hiding to TIFF (LZW, Deflate, Pixart) supported.
StegoTC
ImageSpyer GUI with same functions
Updated on 05.01.2009
1. If You have used old version, it's need to reenter personal settings (bitset, algorithm, mode, magic id, language).
2. Settins now are located in TC recommended directory, where file wincmd.ini is stored).
New: Use extended header to store CRC32 and file date. (see in options).
Other unlisted freeware and opensource plugins by me, Alex Myasnikov from Russia, Kolchugino (DarkSoftware tm.)
Download page
New Freeware plugin for TC.
Unique steganographic plugin for TC, supports user defined bitset, 40 encryption algoritms, etc. Plugin is based on ImageSpyer utility. Strong LZMA data compression and hiding to TIFF (LZW, Deflate, Pixart) supported.
StegoTC
ImageSpyer GUI with same functions
Updated on 05.01.2009
1. If You have used old version, it's need to reenter personal settings (bitset, algorithm, mode, magic id, language).
2. Settins now are located in TC recommended directory, where file wincmd.ini is stored).
New: Use extended header to store CRC32 and file date. (see in options).
Other unlisted freeware and opensource plugins by me, Alex Myasnikov from Russia, Kolchugino (DarkSoftware tm.)
Download page
Last edited by alexanderwdark on 2009-01-07, 18:00 UTC, edited 9 times in total.
- alexanderwdark
- Senior Member
- Posts: 270
- Joined: 2008-04-14, 07:20 UTC
- Location: Russia
- Contact:
Nigurrath wrote:McAfee detects the program stego.exe as malware. Probably it isn't but this makes it not usable
BTW This happens with all your plugins. Probably you must compress them using another tool
Stego - standalone packer, wrapper for non-TC using this plugin. This file was packed with UPX. IT's seems, McAfee can't unpack upx - it's this Antivirus problem. Use another antivirus, which can work with UPX-packed files and correctly unpack such type of Win32 PE.
It's compressed with UPX, free and opensource, one of the best compressors.
Please, send this files to McAfee. Other AV-tools works correctly and there are no problems. Best antiviruses, such as DrWeb, Kaspersky free of such bugs in their bases and av-engines.
You can switch av monitor off before installing and after it turn it on. Or You can add file to exclusions.
- ghisler(Author)
- Site Admin
- Posts: 49664
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Strange, Total Commander itself is packed with UPX, but with quite an old version: UPX 1.24w, the last of the 1.x versions. Maybe McAfee can only unpack UPX 1.x files and not newer versions?
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
- alexanderwdark
- Senior Member
- Posts: 270
- Joined: 2008-04-14, 07:20 UTC
- Location: Russia
- Contact:
I'm sorry, i wrote UPack in my cmd-compiling script, and files if packed by DWING'S Upack PE-packer.ghisler(Author) wrote:Strange, Total Commander itself is packed with UPX, but with quite an old version: UPX 1.24w, the last of the 1.x versions. Maybe McAfee can only unpack UPX 1.x files and not newer versions?
You can try to pack any PE with it and check. Some antiviruses can't depack and give failure results by just signature checking. But DrWeb and Kaspersky - not.
McAffee has such historical problems. Not only McAffee. Many av-checkers who can decompress upack code.. and checks for upack decompressor (tiny!!) stub to see if if is virus. Because many virus writters are using upack. Free and fine packer with little and fast decompressor.
For example You can read this topic.
Offtopic: Mr. Ghisler, did You read about TC's Mempack bug with BZip2dll.wcx and DarkCryptTC.wcx in tar.plugin mode? how to fix it?
- ghisler(Author)
- Site Admin
- Posts: 49664
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
2alexanderwdark
Try using a very popular EXE packer like UPX, this is the best way to avoid problems with virus scanners.
Try using a very popular EXE packer like UPX, this is the best way to avoid problems with virus scanners.
Yes, see my reply in these threads.did You read about TC's Mempack bug with BZip2dll.wcx and DarkCryptTC.wcx
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
- alexanderwdark
- Senior Member
- Posts: 270
- Joined: 2008-04-14, 07:20 UTC
- Location: Russia
- Contact:
ghisler(Author) wrote:2alexanderwdark
Try using a very popular EXE packer like UPX, this is the best way to avoid problems with virus scanners.
Yes, see my reply in these threads.did You read about TC's Mempack bug with BZip2dll.wcx and DarkCryptTC.wcx
Yes, I'd read - thanx for Your comments, it's nice to know that bug was fixed for next version.
Plugin was repacked and uploaded
- alexanderwdark
- Senior Member
- Posts: 270
- Joined: 2008-04-14, 07:20 UTC
- Location: Russia
- Contact:
Now I use UPX 3.02 with --ultra-brute compression.Nigurrath wrote:McAfee detects the program stego.exe as malware. Probably it isn't but this makes it not usable
BTW This happens with all your plugins. Probably you must compress them using another tool
But problems with some antiviruses is very mystic thing
Sometimes it's engines give surprise.
- alexanderwdark
- Senior Member
- Posts: 270
- Joined: 2008-04-14, 07:20 UTC
- Location: Russia
- Contact:
Still, problems because caused by UPX happen.CG! wrote:i use UPX 3.03w with --ultra-brute --compress-icons=2.
No warning from Avira or McAffee reportet yet.
Only Norton showed an potential Virus, but this warning was gone with the last update.
Problems w/out a reason happen too.
And so problems because some AV companies consider your software dangerous (like FTP server).
Well... it was just a suggestion to use version 3.03, because i had no longer Problems with AV's after i updated.
Wait... not true. if i use it on very small files (like around 30 or 50b), the used compression will cause AV warnings again.
but your are right, there's always a chance to get an compression that some AV's can't handle, except u specify the compression method yourself. But that's still no gurantee.
Wait... not true. if i use it on very small files (like around 30 or 50b), the used compression will cause AV warnings again.
but your are right, there's always a chance to get an compression that some AV's can't handle, except u specify the compression method yourself. But that's still no gurantee.
- alexanderwdark
- Senior Member
- Posts: 270
- Joined: 2008-04-14, 07:20 UTC
- Location: Russia
- Contact:
Please, send this incorrectly detected files to AV test labs, they must fix their AV heruistic engine or/and virus signatures, because users often have such bad things by AV monitor.CG! wrote:Well... it was just a suggestion to use version 3.03, because i had no longer Problems with AV's after i updated.
Wait... not true. if i use it on very small files (like around 30 or 50b), the used compression will cause AV warnings again.
but your are right, there's always a chance to get an compression that some AV's can't handle, except u specify the compression method yourself. But that's still no gurantee.
Did already.
Got an eMail back saying Thank you. We will check this.
That was 2 months ago. Dunno if they fixed it.
But my program TC-Start seems to cause no problem with AV's after all.
i asked some people that downloaded it from my site and it seems not Norton, McAffe or DataBecker got a problem with it.
i use Avira and it doesn't complain too.
Got an eMail back saying Thank you. We will check this.
That was 2 months ago. Dunno if they fixed it.
But my program TC-Start seems to cause no problem with AV's after all.
i asked some people that downloaded it from my site and it seems not Norton, McAffe or DataBecker got a problem with it.
i use Avira and it doesn't complain too.
- alexanderwdark
- Senior Member
- Posts: 270
- Joined: 2008-04-14, 07:20 UTC
- Location: Russia
- Contact:
Yes, there are some problems. I have used very nice, tiny PE exe-packer (Win)Upack, but lot of AV software can't depack it and makes only signature check of packed file. In result - lot of strange "virus" detections.CG! wrote:Did already.
Got an eMail back saying Thank you. We will check this.
That was 2 months ago. Dunno if they fixed it.
But my program TC-Start seems to cause no problem with AV's after all.
i asked some people that downloaded it from my site and it seems not Norton, McAffe or DataBecker got a problem with it.
i use Avira and it doesn't complain too.
When using new version of packer it's good to do online check by many AV software with latest bases.
DarkCryptTC plugin, packed with UPX 3.03w will give ok results by 37 of 38 AVs
Last edited by alexanderwdark on 2008-12-06, 20:03 UTC, edited 1 time in total.