Avast WEBforum
Other => Viruses and worms => Topic started by: 976gf9sf on February 11, 2011, 06:52:35 PM
-
Hello,
Avast reports KMSEmulator.exe as Win32:Malware-gen, which is confusing. It should be reported as an hacktool/keygen.
http://www.virustotal.com/file-scan/report.html?id=a2ffd0bc5e055e519fd3006bfdae422327d8e01310eae528267014c54293bfa4-1297445600
If you think I am wrong and that keygens should be reported as dangerous malware please tell me.
-
If you want office so much, buy it...
IMHO, leave the file as malware-gen, avast! (and other AV companies) have better things to do than please people who want to steal software... ::)
http://forum.avast.com/index.php?topic=70806
-
I use open office. So after you keygens are malware ? Well I think I will consider switching to a less confusing antivirus like Microsoft Security Essentials or Avira AntiVir..
I agree that the detection should be kept but it should be corrected to a correct naming.
Thank you for your answer.
-
Well that is my opinion, I happen to use office, since it was paid for. Had I not already had it I would also use open office - There are enough free alternatives to be useful. Just annoys me that people complain when they are stopped from stealing. Would they be so liberal if someone was stopped from robbing them?
I don't see how avast is confusing?
The malware-gen is a generic detection that allows the virus teams to add a detection, rather than spend time and effort dreaming up a name that means whatever. There is also the fact that there is no AV naming convention so one AV's so called "Hacktool" is another AV's "Trojan"
DavidR explains the whole naming convention thing better, let me see if I can find the post.
-
Ok, if malware-gen is a generic detection name, it makes sense.
I can understand that important things have priority over this kind of things.
-
The metioned post by DavidR:
Sorry but I don't agree, the Win32:Xxxxxxxx-gen detections are generic signatures (those with -gen etc.), designed to combat new/multiple variants of malware, this helps with zero-day malware, where you may not have a specific signature. The last thing that you want is for these not to be detected pending a specific named signature being released.
There is a constant battle going on were AV companies are playing catch-up with new malware, so you have to have such generic, heuristic and algorithmic signatures to combat this. The price you pay for this protection in some cases is not getting a specific malware name.
Personally I couldn't give a stuff what avast calls it as you are none the wiser if you are given a name. First, there is no standard naming convention for naming new malware and the same sample will have many different aliases, you only have to look at virustotal to see that in action with 43 different scanners.
So you could have a name and google it and be none the wiser as it may not returne any information.
I have bolded (is that a word? :D) the part of it that I feel most pertinent to this thread.
Also:
DavidR on other aspects of keygens (he is so much better with words than me :P)
Aside from any legal/moral issues about using keygens - Keygens and cracks are always high risk as they frequently come with uninvited guests. Should your system get infected as a result of downloading a keygen who are you going to complain to.
-
Well naming convention is another strange beast, as there is no standard naming convention between the different AV companies and this is no better demonstrated in the different malware names assigned in the 27 alerts in the VT results.
There are many generic and heuristic (suspicious/unclassified) within those 27 listed.
-
didn't use a keygen for my office either, but got it coming up. This bickering about if it is or isn't purchased is irrelevant because a keygen just generates a key for a program, isn't malware or spyware or anything of that line, but regardless, now it's coming up every @#$@ time I turn on my computers, since the last update. How do I make it STOP!?!??
-
And many keygens comes bundled with malware. ;)