Packed keygens: who does Avast "know" which one to ignore?

[beranger]

Yes, I know, using keygens is immoral, illegal, and so on. I'll burn in Hell. Yet, this is not the job of an AV to judge me on that matter.

There are 2 keygens I want to bring to your attention: one is for TextPad and the other one for UltraEdit.

The keygen for TextPad is judged as malware by Avast -- but Kaspersky and Microsoft are happy with it:
http://www.virustotal.com/file-scan/report.html?id=30144e9a8de1b1d90b906c3b1d08e5fb94aec881f8a144d2a17305691fbd680e-1286183881

The keygen for UltraEdit is judged as malware Kaspersky and Microsoft -- but Avast is happy with it:
http://www.virustotal.com/file-scan/report.html?id=8bb90c5db5a8fa2199a46377f79928d20d75ab5edd8cf5ce774cefb3d6aef49f-1286183916#

For God's sake, BOTH files are CLEAN!

How does an AV "judge" that some file is malware, only based on the fact that it is packed or multipacked?

This is crazy.

Oh, I have switched from the paid solution KAV2010 to Avast (albeit I still have 3 month of paid KAV) because KAV failed to add the signature for vashar.exe (Somborski) for more than 2 weeks! And, the only 2 AV to recognize *both* the malicious autorun.inf and vashar.exe were Avast and Microsoft, see http://beranger.org/post/1131134125/somborski-avira-and-mcafee-have-lost-face-updated

But now, as with any other AV solutions, I have to take extra precautions to archive my keygens -- which are less than 10, but I still want to have them, just in case...

P.S. Apparently, the autorun.inf that starts vashar.exe is still *unrecognized* as malicious by Avira, ClamAV, Comodo, DrWeb, NOD32, Panda, PCTools, Symantec, TrendMicro:
http://www.virustotal.com/file-scan/report.html?id=5010638de02a2b6e8aad940588aca68f92678304c4dce24657aaff59d407b598-1285747984

[Lisandro]

I have to take extra precautions to archive my keygens -- which are less than 10, but I still want to have them, just in case...

Make avast exceptions (or put all of them in a folder and make an exception).

[RejZoR]

Well, i have a mixed experience with stuff like keygens and no-cd patches. avast! seems to be very open to such stuff and if the keygen is not really malicious, they aren't bothering with it (in other words, they will remove false positive). Where others, even if it's not really malicious, they aren't going to fix the false positive just because it's a keygen/no-cd and you're not suppose to be using it anyway. I hate such attitude even if we're talking about such stuff. Their job is to keep malware out, not to moralize about what's right and wrong. Unless it's a keygen for their program. In that case i perfectly understand it.

[Hermite15]

Yes, I know, using keygens is immoral, illegal, and so on. I'll burn in Hell. Yet, this is not the job of an AV to judge me on that matter.

There are 2 keygens I want to bring to your attention: one is for TextPad and the other one for UltraEdit.

The keygen for TextPad is judged as malware by Avast -- but Kaspersky and Microsoft are happy with it:
http://www.virustotal.com/file-scan/report.html?id=30144e9a8de1b1d90b906c3b1d08e5fb94aec881f8a144d2a17305691fbd680e-1286183881

The keygen for UltraEdit is judged as malware Kaspersky and Microsoft -- but Avast is happy with it:
http://www.virustotal.com/file-scan/report.html?id=8bb90c5db5a8fa2199a46377f79928d20d75ab5edd8cf5ce774cefb3d6aef49f-1286183916#

For God's sake, BOTH files are CLEAN!

How does an AV "judge" that some file is malware, only based on the fact that it is packed or multipacked?

This is crazy.

Oh, I have switched from the paid solution KAV2010 to Avast (albeit I still have 3 month of paid KAV) because KAV failed to add the signature for vashar.exe (Somborski) for more than 2 weeks! And, the only 2 AV to recognize *both* the malicious autorun.inf and vashar.exe were Avast and Microsoft, see http://beranger.org/post/1131134125/somborski-avira-and-mcafee-have-lost-face-updated

But now, as with any other AV solutions, I have to take extra precautions to archive my keygens -- which are less than 10, but I still want to have them, just in case...

P.S. Apparently, the autorun.inf that starts vashar.exe is still *unrecognized* as malicious by Avira, ClamAV, Comodo, DrWeb, NOD32, Panda, PCTools, Symantec, TrendMicro:
http://www.virustotal.com/file-scan/report.html?id=5010638de02a2b6e8aad940588aca68f92678304c4dce24657aaff59d407b598-1285747984

I honestly couldn't care less whether you burn in hell or not to be honest, I'll be more pragmatic, don't post such crap here, if I had admin rights here, I would ban you immediately.

edit: and to be clearer to the others who have some understanding issues, the point is not to moralize, but to not help piracy, you wanna crack, you wanna steal, you're on your own, period. It's too easy to counter argue with anti ethic considerations, as the main goal is, before saying that it's not nice to steal , to not participate for Christ's sake, and as much as possible fight piracy.

[AdrianH]

I honestly couldn't care less whether you burn in hell or not to be honest, I'll be more pragmatic, don't post such crap here, if I had admin rights here, I would ban you immediately.

edit: and to be clearer to the others who have some understanding issues, the point is not to moralize, but to not help piracy, you wanna crack, you wanna steal, you're on your own, period. It's too easy to counter argue with anti ethic considerations, as the main goal is, before saying that it's not nice to steal , to not participate for Christ's sake, and as much as possible fight piracy.

+100

Hopefully the ban would be imposed AFTER you had passed on the IP address of the OP to those whose products are being ripped off!!

[beranger]

Logos, AdrianH: you have an IQ problem.

Everyone has the right to "own" (i.e. archive) a file that "could" be used to generate an "illegal" registration code.

It is not a gun. It is a file. Owning does not necessarily mean using.

An antivirus, free or PAID, is paid (if it's paid, and for KAV it was indeed paid!) to delete REAL MALWARE, not to apply some anti-piracy law!

And again, the question was purely TECHNICAL. If avast desires to block ALL the keygens, so be it. My question was: why SOME of the packed keygens are banned, while SOME OTHERS are not? (The same question could have been put to Kaspersky, but I've just told you that I gave up to the last 3 months of paid KAV "protection" because they were much slower than avast wrt to adding vashar.exe to the malware list.)

I wasn't aware that this forum is full of pure souls (which I won't call morons)...

[RejZoR]

Well Logos, false positive is still a false positive. A wrong detection. Detecting something that is not malware is just bad practice, because they aren't piracy police. But also no one an force them to fix it. It's only their good will to do that.

[DavidR]

Well given the detection results on both the VT links, I would say that avast is the least of the problems as in one of these avast isn't alerting. The first has 29 of 42 (avast detection) detections and the second 39 of 43 (no avast detection) scanners find something wrong. So in the case of the second is there a case for them to detect it and bring the total to 41 of 43.

[Hermite15]

Logos, AdrianH: you have an IQ problem.



I wasn't aware that this forum is full of pure souls (which I won't call morons)...

oh are you on crack too?  you obviously have a bank account problem, that's your main issue here, and you're coming here to spam and request that we'd help you accomplish your thieves... again, as mentioned by AdrianH above, I suggest that your IP should be reported to the authorities.

edit:

It is not a gun. It is a file. Owning does not necessarily mean using.

and yeah, obviously "owning" keygens and cracks doesn't necessarily mean using   let me get that, you're downloading keygens and cracks and you don't even use them? what are you doing with them then, stickin'em somewhere?

edit: I wouldn't mind Avast having a closer look at your AIS license btw

[CraigB]

It is not a gun. It is a file. Owning does not necessarily mean using.

If there is no intention of using it why own it?

[MasterTB]

There is something wrong with the OP -I won't name you-
You said to Logos this "Everyone has the right to "own" (i.e. archive) a file that "could" be used to generate an "illegal" registration code.
It is not a gun. It is a file. Owning does not necessarily mean using."

But you start your post saying this: "Yes, I know, using keygens is immoral, illegal, and so on. I'll burn in Hell." so... WHICH IS IT?
Either you don't even read what you write or you have some kind of problem... not to mention that by saying that you use them in the first post means that you acknowledge an Illicit or illegitimate behavior.

Martin.-

[Maxx_original]

blah, blah, blah... warez is not your claim, it's a privilege and is not for everyone.. that's it..

btw: other AV companies blacklist much more packers than we do.. and who cares? detecting grey-zone is not a critical issue, though we're removing such detections if they're considered as FP..

[medway01]

@ beranger:

Keygens, the lock pickers to stealing software and a good medium to spread infections, thats why most of them are found to be infected DOH ! < simples ! >

I may be wrong but maybe AV scanners pick up on the packer the keygens is 'inside' of as well as the actual keygen ?

If you collect enough keygens because its your 'right' to hold software for illegal purposes then its only a matter of time before one of them infects your PC, will you then ask for help removing it ?

To come to this forum and ask such a question is in my eyes, asking for judgment and questions about your sanity  

[Vladimyr]

I honestly couldn't care less whether you burn in hell or not to be honest, I'll be more pragmatic, don't post such crap here, if I had admin rights here, I would ban you immediately.

edit: and to be clearer to the others who have some understanding issues, the point is not to moralize, but to not help piracy, you wanna crack, you wanna steal, you're on your own, period. It's too easy to counter argue with anti ethic considerations, as the main goal is, before saying that it's not nice to steal , to not participate for Christ's sake, and as much as possible fight piracy.

@'Logos'
Have to agree with you on this issue, re keygens, but why do you have to be so histrionically self-righteous in making your point, indeed every point?

[beranger]

A false positive is a false positive, period.

At least one member (the one saying that I'd eventually get infected) fails to understand the initial claim: ALL the keygens (I only named 2, but I have almost 10, I believe) are CLEAN! While one or another AV "believes" them to be malware, they're not.

The proof that NONE of you is an actual Avast developer is that the correct answer was never given. A possible "correct" answer (given in the past by Panda) could be: "as long as an executable is multiply packed and can't be executed in a sandbox, we assume it's malicious because we can't estimate what it's doing".

But BOTH keygens shown are multiply packed! What makes one so special so to label it "clean", or what makes the other so special to make it "malware"? (Once again: NONE of them is malware.) That was the technical question, but most of you are too morons to understand it.

And I am using Avast Free. (That was to the idiot questioning my assumed AIS license.)