OS:WinXP
more than 6 days i'm working on this project. and still i can't found "The Problem"
i want to write just a very simple exe packer.
my packer works very good but "Kaspersky Ant-Virus" occurr "Suspicious code alert"

Why why why stupid antivirus doing this to me ?

it was another stange thing.
when i was added a new and totaly empty section an existing file,it was occurred the same error "Suspicious code"
hey there is no code !
how could be some thing "Suspicious" if there is no exist

the same "stupid program" occurr NOTHING when files packed with y0da's cryptor.

i have soruce of y0da's cryptor but i'm still desperate straits

-HELP ! HELP !
-Is anybody hear my scream ?

Howdy,

You have answered your own question.
Think about this, What makes code look suspicious ?
You cannot add empty sections. Kas looks at this and see's a problem.
What is the problem ? >>there is nothing there<< Must be bad !!!

Since most people run a anti-V, you need to find out what bad code you have written.

As I think about this, remember how many people/companies tell you to shut off your ant-V before running their utils ??
Look into this. You will probably find out what is causing you these problems.

Woodmann

did you set the entryrva in the pe header to your new created section? that is suspicious too. especially when your new created section is the last section and has notcode and writable flags.

lifewire,

using apvx, from z0mbie, unpack the .avc till you find the w32 heuristics obj.

then disasm with IDA

ancev

yes ancev, i knew that, very nice also the special .obj's per virus name can be very interesting