Author Topic: KMSEmulator.exe is not a Malware but a HackTool  (Read 81176 times)

Offline 976gf9sf

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
KMSEmulator.exe is not a Malware but a HackTool
« on: February 11, 2011, 04:52:35 PM »
Hello,

Avast reports KMSEmulator.exe as Win32:Malware-gen, which is confusing. It should be reported as an hacktool/keygen.

http://www.virustotal.com/file-scan/report.html?id=a2ffd0bc5e055e519fd3006bfdae422327d8e01310eae528267014c54293bfa4-1297445600

If you think I am wrong and that keygens should be reported as dangerous malware please tell me.

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #1 on: February 11, 2011, 04:57:26 PM »
If you want office so much, buy it...

IMHO, leave the file as malware-gen, avast! (and other AV companies) have better things to do than please people who want to steal software... ::)

http://forum.avast.com/index.php?topic=70806
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline 976gf9sf

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #2 on: February 11, 2011, 05:03:34 PM »
I use open office. So after you keygens are malware ? Well I think I will consider switching to a less confusing antivirus like Microsoft Security Essentials or Avira AntiVir..

I agree that the detection should be kept but it should be corrected to a correct naming.

Thank you for your answer.
« Last Edit: February 11, 2011, 05:05:17 PM by 976gf9sf »

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #3 on: February 11, 2011, 05:11:34 PM »
Well that is my opinion, I happen to use office, since it was paid for. Had I not already had it I would also use open office - There are enough free alternatives to be useful. Just annoys me that people complain when they are stopped from stealing. Would they be so liberal if someone was stopped from robbing them?


I don't see how avast is confusing?

The malware-gen is a generic detection that allows the virus teams to add a detection, rather than spend time and effort dreaming up a name that means whatever. There is also the fact that there is no AV naming convention so one AV's so called "Hacktool" is another AV's "Trojan"

DavidR explains the whole naming convention thing better, let me see if I can find the post.
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline 976gf9sf

  • Newbie
  • *
  • Posts: 11
    • Personal Message (Offline)
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #4 on: February 11, 2011, 05:16:23 PM »
Ok, if malware-gen is a generic detection name, it makes sense.

I can understand that important things have priority over this kind of things.


Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4138
  • Gender: Male
  • There is no magic, only lost physics
    • spg SCOTT
    • Personal Message (Offline)
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #5 on: February 11, 2011, 05:19:00 PM »
The metioned post by DavidR:
Sorry but I don't agree, the Win32:Xxxxxxxx-gen detections are generic signatures (those with -gen etc.), designed to combat new/multiple variants of malware, this helps with zero-day malware, where you may not have a specific signature. The last thing that you want is for these not to be detected pending a specific named signature being released.

There is a constant battle going on were AV companies are playing catch-up with new malware, so you have to have such generic, heuristic and algorithmic signatures to combat this. The price you pay for this protection in some cases is not getting a specific malware name.

Personally I couldn't give a stuff what avast calls it as you are none the wiser if you are given a name. First, there is no standard naming convention for naming new malware and the same sample will have many different aliases, you only have to look at virustotal to see that in action with 43 different scanners.

So you could have a name and google it and be none the wiser as it may not returne any information.
I have bolded (is that a word? :D) the part of it that I feel most pertinent to this thread.

Also:

DavidR on other aspects of keygens (he is so much better with words than me :P)
Aside from any legal/moral issues about using keygens - Keygens and cracks are always high risk as they frequently come with uninvited guests. Should your system get infected as a result of downloading a keygen who are you going to complain to.
« Last Edit: February 11, 2011, 05:21:13 PM by spg SCOTT »
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69233
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #6 on: February 11, 2011, 06:56:31 PM »
Well naming convention is another strange beast, as there is no standard naming convention between the different AV companies and this is no better demonstrated in the different malware names assigned in the 27 alerts in the VT results.

There are many generic and heuristic (suspicious/unclassified) within those 27 listed.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline lesaycock

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #7 on: September 11, 2013, 05:32:13 PM »
didn't use a keygen for my office either, but got it coming up. This bickering about if it is or isn't purchased is irrelevant because a keygen just generates a key for a program, isn't malware or spyware or anything of that line, but regardless, now it's coming up every @#$@ time I turn on my computers, since the last update. How do I make it STOP!?!??
« Last Edit: September 11, 2013, 05:42:56 PM by lesaycock »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21774
  • Gender: Male
    • Personal Message (Offline)
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #8 on: September 11, 2013, 05:37:30 PM »
And many keygens comes bundled with malware.  ;)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now