Avast WEBforum
Other => Viruses and worms => Topic started by: miciotta62 on November 23, 2011, 01:25:55 PM
-
Very DISAPPOINTMENT! i am a your user, and after downloading a game
the p2p network, it found no viruses or problems with YOUR PRODUCT!
It's the Game “7 wonder II” and the infected file are in the keygen in the file:
FFF-ReflexV2.exe
Your product after scan say: negative and clean file.
While my office AVG Antivirus Bussiness Edition professional 2011
say:
INFECTED with Trojan Generic22.WUB
Very disappointed and worried. Best regards
https://www.virustotal.com/file-scan/report.html?id=d77be60217d6d7ef240f65854b5e9874dc85ca9f68ba3316d9c966b98b626507-1319844120
-
as you see from the VT scan there are many others that also do not detect....no security program have 100% detection
send the sample to avast
however there is a possibility it is a False Positive
First seen: 2007-07-25 19:47:35
Last seen : 2011-10-28 23:22:00
Since the file is this old, i think it is strange that avast does not detect it if it is malware ???
ThreatExpert
http://www.threatexpert.com/report.aspx?md5=63894385b0a65b784530200ba0c00361
OK i found the file and check it at Avira lab
The file 'FFF-ReflexV2.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.10.9.72.
-
I would have to ask the question what were you downloading a key generator for ?
Aside from any legal, moral issues, they carry a very high risk of having an uninvited guest.
Whilst it is disappointing it wasn't detected by avast (assuming it is a good detection) when some other AVs do detect is, many if those based on generic signatures (more prone to FP) and some detecting it solely on its packing method. So this isn't a clear cut good detection.
-
OK i found the file and check it at Avira lab
The file 'FFF-ReflexV2.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.10.9.72.
Good work Pondus!
this is my answer in italian post..
http://forum.avast.com/index.php?topic=88952.0
-
Hi giogio,
I would not conclude that easily that the executable has not been backdoored in some way,
for instance if you consider the sacn results as you care to search google for the MD5 hash of it: http://www.google.nl/search?gcx=c&ix=c2&sourceid=chrome&ie=UTF-8&q=63894385b0a65b784530200ba0c00361
All "reflexive games crack.ex-" variants according to my view should be flagged as PUP/riskware anyway. Also consider what DavidR stated earlier in his post in this thread. We are not here to give crackware a clean bill of health or tell that it has not been detected so far through anti-malware analysis or will go under the radar for the time being. That is unethical i.m.o.,
polonus
-
Malwarebytes detect it as - Trojan.Backdoor
have posted a FP case in the forum so we will see what they say
As this is a crack software, we do not evaluate cracks and keygen for safety.
They are often built with the same tools used to create malware so there are frequent FPs but cracks and keygens are also often malware.
This is a generic detection that is triggered by the builder being used that is used for mostly malware.
-
Also consider what DavidR stated earlier in his post in this thread. We are not here to give crackware a clean bill of health or tell that it has not been detected so far through anti-malware analysis or will go under the radar for the time being. That is unethical i.m.o.
+1
I won't help on such issues...
-
Hi Asyn,
And good. The use of Yoda's Crypter here or of any cryptor generally indicates one of two things -
that a malware author is trying to hide the contents of his executable, or someone worried about intellectual property is trying to hide the contents of his executable...
See the scan at VT:
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
UPX compressed Win32 Executable (43.8%)[*lb*]Win32 EXE Yoda's Crypter (38.1%)[*lb*]Win32 Executable Generic (12.2%)[*lb*]Generic Win/DOS Executable (2.8%)[*lb*]DOS Executable Generic (2.8%)
sigcheck:
publisher....: n/a[*lb*]copyright....: n/a[*lb*]product......: n/a[*lb*]description..: n/a[*lb*]original name: n/a[*lb*]internal name: n/a[*lb*]file version.: n/a[*lb*]comments.....: n/a[*lb*]signers......: -[*lb*]signing date.: -[*lb*]verified.....: Unsigned[*lb*]
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers (Kaspersky): PE_Patch.UPX, UPX
PEInfo: PE structure information
polonus
-
Hello,
the file looks clean.
Milos
-
Norman lab
Hi,
This file is the crack of a game software. So there is a security risk associated with it. Thus added detection.
FFF-ReflexV2.exe : Processed - Crack.G
-
Also consider what DavidR stated earlier in his post in this thread. We are not here to give crackware a clean bill of health or tell that it has not been detected so far through anti-malware analysis or will go under the radar for the time being. That is unethical i.m.o.
+1
I won't help on such issues...
+1
-
Hi forum friends,
Maybe there should be a new classification created for these sort of programs (crack tools, keygens that go under the radar), to be found up as either "PIP" = possible illegal program or classified as "PCCIP" = possible copyright curcumventing program.
Then everyone should know what the intention was to develop, obfuscate, protect that file in the first place. Or just call them CRACK....
polonus
-
ok...but this crack si INFECT yes or not ? or false/positive ?
-
It is explained in reply nr #5 and #9
-
Hi miciotta62,
As we explained earlier we are not going to answer. Warez for a long time have been a major way of distributing new spyware, trojans and other malware. Everyday you can find a sample showing up detected as a trojan by a few scanners. But missed by many or all you have an ideal malware vector, and who is going to complain, no user likes to admit he got infected from an illegal download or from trying to circumvent legit copyrighted works, so an ideal propagation base for malcreants to spread their malcreations. That is why we are not going to react here,
polonus
-
Hi miciotta62,
As we explained earlier we are not going to answer. Warez for a long time have been a major way of distributing new spyware, trojans and other malware. Everyday you can find a sample showing up detected as a trojan by a few scanners. But missed by many or all you have an ideal malware vector, and who is going to complain, no user likes to admit he got infected from an illegal download or from trying to circumvent legit copyrighted works, so an ideal propagation base for malcreants to spread their malcreations. That is why we are not going to react here,
polonus
Users that use Warez are open for infection! ::)
Especially female people running XP SP2. ;)