Thanks RoleReversal. Its getting harder to fool an enterprise level AV with a cyrpter, but simple home versions are still easy target. Email AVs that are used by Yahoo,etc are the easiest to slip through. They are almost a joke so please no one reading this rely on them. When I refer to home versions, I am referring to AVs like AVG free,etc... Enterprise level requires writing a complete new signature that is nothing at all like what might be found in the AV's signature base, so you better be on top of your programming skills or have a friend that is. If it is even slightly similar, it will trigger the AV and thats why we are seeing more and more false positives popping up today. This is due to their so called "heuristic" function, which can work well on some versions and very poorly on others. Attacking an enterprise level AV with a simple encoding stub is a waste of time, at least thats my humble experience.