dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
57155
share rss forum feed

cerdan

join:2008-01-02

Is Themida a legitimate threat?

AVG 7.5 has been bugging me with Themida alert on every bootup on an exe app file. Is this a legitimate threat or false alarm? Thanks!


MarkAW
Barry White
Premium
join:2001-08-27
Canada
kudos:16

1 edit
Find the exe file that AVG keeps flagging and upload it here
»www.virustotal.com/ or here »virusscan.jotti.org/ and f the scan that is done at either link comes up with more than a few anti-virus scanning programs saying it's a virus then more than likely it is a legit threat.
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle


amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9
reply to cerdan
said by cerdan:

AVG 7.5 has been bugging me with Themida alert on every bootup on an exe app file. Is this a legitimate threat or false alarm? Thanks!
Have you installed any new games lately ?


--
Proud Member of ASAP
DSLR Phishtracker

cerdan

join:2008-01-02
said by amysheehan:

said by cerdan:

AVG 7.5 has been bugging me with Themida alert on every bootup on an exe app file. Is this a legitimate threat or false alarm? Thanks!
Have you installed any new games lately ?


Yes but that file was installed many months ago.

Can't upload that particular file. I suspect it's blocking me from uploading to those sites listed above. It keeps saying "0 byte uploaded". I already have SpyBot and AVG disabled.

cerdan

join:2008-01-02
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"


amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9
reply to cerdan
I would suggest uninstalling the game you referenced.

Also- what is the name of the suspected file?


cerdan

join:2008-01-02
TMPGEncDVDAuthor3.exe

The Snowman
Premium
join:2007-05-20
kudos:4
reply to cerdan


Themida is a software protection product designed to prevent software from being "cracked" and does use encryption, therefore, is very difficult for any anti-virus to confirm one way or another if its malware. Un-fortunately, Themida is highly used by virus writers, keylogger writers, etc., to concel their malware.
So, all in all no one can actually be absolutely certain that when Themida is detected it is malware or a legit product....its your call.

Thats all the info I can offer you. I wont be returning here for some time..... so will wish you the best now.


amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9
reply to cerdan
said by cerdan:

TMPGEncDVDAuthor3.exe
That's from a dvd editing software program -
Could be a cracked version.
--
Proud Member of ASAP
DSLR Phishtracker

cerdan

join:2008-01-02
What can Themida do if I leave it untreated?

cerdan

join:2008-01-02
Provided it's a real threat obviously...


BestDeleteit

@verizon.net

1 recommendation

reply to cerdan


amy,

you got it correct...that is a "crack"....nice catch.
Its me The Snowman just saying goodnight.

TMPGENCDVDAUTHOR3.EXE has been seen to perform the following behavior:

The Process is packed and/or encrypted using a software packing process
Executes a Process
Adds Products to the system registry
Registers a Dynamic Link Library File
Can communicate with other computer systems using HTTP protocols


bestdeleteit

@verizon.net

1 recommendation

reply to cerdan
cerdan

you have just a bit over an hour to get a free editor that is legit...here:

»www.giveawayoftheday.com/avs-video-editor/



amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9
reply to cerdan
said by cerdan:

Provided it's a real threat obviously...
Please read this post
»Re: Is Themida a legitimate threat?

It's right on the money and posted by a trustworthy source.


--
Proud Member of ASAP
DSLR Phishtracker


microserf v1

@cgocable.net
reply to cerdan
No, Themida is not a legitimate threat. As mentioned, it is a software protection package used by program authors and distributors. Oreans Technology sells it.

TMPGEncDVDAuthor3.exe is an executable file, probably. That's all anyone here can tell you without an MD5, etc., preferably the binary. That particular file is where the copy protection is based and is commonly replaced with a modified/cracked version.

quote:
The Process is packed and/or encrypted using a software packing process
Executes a Process
Adds Products to the system registry
Registers a Dynamic Link Library File
Can communicate with other computer systems using HTTP protocols
That summarizes most protection systems as well as most trojans/viruses. It also resembles many "portable" products. Inconclusive without details.