UPX-Archive damaged?

Greetings!

I run avast 4.6 Home on a Windows XP Home with all Updates installed. avast is regularly updated, too.

When recently scanning my whole file System, avast had problems scanning several files.

At least two times, the error message was something like “Cannot scan: UPX-Archiv is damaged” (The actual message was in german and I translated it, so it might be different from the actual english one.)

One of the files with this error was DVD Shrink 3.2.exe (It should be there, as I installed the program.)

That can I do, to solve the problem?

Thx in advance.

BaXiM

avast is just reporting that the file can’t be scanned (and giving a reason) not that it is infected.

But it could possibly be that a non standard UPX packer was used to compress it and avast couldn’t unpack it to scan it, that is speculation on my part.

The DVD Shrink 3.2.exe was probably the installation flie that once installed isn’t used otherwise, if it was corrupt it wouldn’t work.

BaXiM: Could you please rescan only “dvd shrink 3.2.exe” file ? I tried it with the latest version and I got:

c:#pk#avast4\debug>ashcmd /t=a /a /_ “c:#pk\DVD shrink 3.2.exe”
c:#pk\DVD shrink 3.2.exe[Yoda][UPX] OK
c:#pk\DVD shrink 3.2.exe[Yoda] OK
c:#pk\DVD shrink 3.2.exe OK

do you still get the same error ? If yes, I’d ask igor to check it on his configuration
thank you.

I suppose, you refer to scanning the file over the Explorer-context-menu (as i do not know an other way to scan a single file with avast).

Where can I view a log of the scanning-process? ???
When only scanning the directory, in which the exe is, I get the same error over and over.

The support for Yoda Cryptor is not released yet (it’s currently present in internal versions only). So, (the public version of) avast! is not able to unpack the file. It can see the UPX header, however, because it’s present even in the original file - and when it tries to unpack the file as UPX, it fails (because the UPX layer is hidden below the Yoda layer).

So, as DavidR said, the message just means that avast! was unable to look “below” the executable packers (i.e. to scan the content of the packed file). Certainly nothing to worry about, you can safely ignore the message.

Thanks a lot for the quick response and help.

I will do as igor suggests.

You really do great work folks. (The Program itself and the support.)