Author Topic: KMSEmulator.exe is not a Malware but a HackTool  (Read 110812 times)

0 Members and 1 Guest are viewing this topic.

976gf9sf

  • Guest
KMSEmulator.exe is not a Malware but a HackTool
« on: February 11, 2011, 06:52:35 PM »
Hello,

Avast reports KMSEmulator.exe as Win32:Malware-gen, which is confusing. It should be reported as an hacktool/keygen.

http://www.virustotal.com/file-scan/report.html?id=a2ffd0bc5e055e519fd3006bfdae422327d8e01310eae528267014c54293bfa4-1297445600

If you think I am wrong and that keygens should be reported as dangerous malware please tell me.

spg SCOTT

  • Guest
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #1 on: February 11, 2011, 06:57:26 PM »
If you want office so much, buy it...

IMHO, leave the file as malware-gen, avast! (and other AV companies) have better things to do than please people who want to steal software... ::)

http://forum.avast.com/index.php?topic=70806

976gf9sf

  • Guest
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #2 on: February 11, 2011, 07:03:34 PM »
I use open office. So after you keygens are malware ? Well I think I will consider switching to a less confusing antivirus like Microsoft Security Essentials or Avira AntiVir..

I agree that the detection should be kept but it should be corrected to a correct naming.

Thank you for your answer.
« Last Edit: February 11, 2011, 07:05:17 PM by 976gf9sf »

spg SCOTT

  • Guest
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #3 on: February 11, 2011, 07:11:34 PM »
Well that is my opinion, I happen to use office, since it was paid for. Had I not already had it I would also use open office - There are enough free alternatives to be useful. Just annoys me that people complain when they are stopped from stealing. Would they be so liberal if someone was stopped from robbing them?


I don't see how avast is confusing?

The malware-gen is a generic detection that allows the virus teams to add a detection, rather than spend time and effort dreaming up a name that means whatever. There is also the fact that there is no AV naming convention so one AV's so called "Hacktool" is another AV's "Trojan"

DavidR explains the whole naming convention thing better, let me see if I can find the post.

976gf9sf

  • Guest
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #4 on: February 11, 2011, 07:16:23 PM »
Ok, if malware-gen is a generic detection name, it makes sense.

I can understand that important things have priority over this kind of things.


spg SCOTT

  • Guest
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #5 on: February 11, 2011, 07:19:00 PM »
The metioned post by DavidR:
Sorry but I don't agree, the Win32:Xxxxxxxx-gen detections are generic signatures (those with -gen etc.), designed to combat new/multiple variants of malware, this helps with zero-day malware, where you may not have a specific signature. The last thing that you want is for these not to be detected pending a specific named signature being released.

There is a constant battle going on were AV companies are playing catch-up with new malware, so you have to have such generic, heuristic and algorithmic signatures to combat this. The price you pay for this protection in some cases is not getting a specific malware name.

Personally I couldn't give a stuff what avast calls it as you are none the wiser if you are given a name. First, there is no standard naming convention for naming new malware and the same sample will have many different aliases, you only have to look at virustotal to see that in action with 43 different scanners.

So you could have a name and google it and be none the wiser as it may not returne any information.
I have bolded (is that a word? :D) the part of it that I feel most pertinent to this thread.

Also:

DavidR on other aspects of keygens (he is so much better with words than me :P)
Aside from any legal/moral issues about using keygens - Keygens and cracks are always high risk as they frequently come with uninvited guests. Should your system get infected as a result of downloading a keygen who are you going to complain to.
« Last Edit: February 11, 2011, 07:21:13 PM by spg SCOTT »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #6 on: February 11, 2011, 08:56:31 PM »
Well naming convention is another strange beast, as there is no standard naming convention between the different AV companies and this is no better demonstrated in the different malware names assigned in the 27 alerts in the VT results.

There are many generic and heuristic (suspicious/unclassified) within those 27 listed.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

lesaycock

  • Guest
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #7 on: September 11, 2013, 07:32:13 PM »
didn't use a keygen for my office either, but got it coming up. This bickering about if it is or isn't purchased is irrelevant because a keygen just generates a key for a program, isn't malware or spyware or anything of that line, but regardless, now it's coming up every @#$@ time I turn on my computers, since the last update. How do I make it STOP!?!??
« Last Edit: September 11, 2013, 07:42:56 PM by lesaycock »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37526
  • Not a avast user
Re: KMSEmulator.exe is not a Malware but a HackTool
« Reply #8 on: September 11, 2013, 07:37:30 PM »
And many keygens comes bundled with malware.  ;)