Author Topic: avast NOT FOUND infection in a keygen !!!  (Read 6997 times)

0 Members and 1 Guest are viewing this topic.

miciotta62

  • Guest
avast NOT FOUND infection in a keygen !!!
« on: November 23, 2011, 01:25:55 PM »


Very DISAPPOINTMENT! i am a your user, and after downloading a game
the p2p network, it found no viruses or problems with YOUR PRODUCT!

It's the Game “7 wonder II” and the infected file are in the keygen in the file:


FFF-ReflexV2.exe

Your product after scan say:  negative and clean file.

While my office AVG Antivirus Bussiness Edition professional 2011
say:

INFECTED with Trojan Generic22.WUB


Very disappointed and worried. Best regards

https://www.virustotal.com/file-scan/report.html?id=d77be60217d6d7ef240f65854b5e9874dc85ca9f68ba3316d9c966b98b626507-1319844120


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37180
Re: avast NOT FOUND infection in a keygen !!!
« Reply #1 on: November 23, 2011, 01:30:16 PM »
as you see from the VT scan there are many others that also do not detect....no security program have 100% detection

send the sample to avast

however there is a possibility it is a False Positive

First seen: 2007-07-25 19:47:35
Last seen : 2011-10-28 23:22:00

Since the file is this old, i think it is strange that avast does not detect it if it is malware   ???

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=63894385b0a65b784530200ba0c00361



OK i found the file and check it at Avira lab
Quote
The file 'FFF-ReflexV2.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.10.9.72.




« Last Edit: November 23, 2011, 03:12:27 PM by Pondus »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86548
  • No support PMs thanks
Re: avast NOT FOUND infection in a keygen !!!
« Reply #2 on: November 23, 2011, 02:23:46 PM »
I would have to ask the question what were you downloading a key generator for ?
Aside from any legal, moral issues, they carry a very high risk of having an uninvited guest.

Whilst it is disappointing it wasn't detected by avast (assuming it is a good detection) when some other AVs do detect is, many if those based on generic signatures (more prone to FP) and some detecting it solely on its packing method. So this isn't a clear cut good detection.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4099
Re: avast NOT FOUND infection in a keygen !!!
« Reply #3 on: November 23, 2011, 02:27:27 PM »
OK i found the file and check it at Avira lab
Quote
The file 'FFF-ReflexV2.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.10.9.72.

Good work Pondus!

this is my answer in italian post..
http://forum.avast.com/index.php?topic=88952.0
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33597
  • malware fighter
Re: avast NOT FOUND infection in a keygen !!!
« Reply #4 on: November 23, 2011, 03:06:50 PM »
Hi giogio,

I would not conclude that easily that the executable has not been backdoored in some way,
for instance if you consider the sacn results as you care to search google for the MD5 hash of it: http://www.google.nl/search?gcx=c&ix=c2&sourceid=chrome&ie=UTF-8&q=63894385b0a65b784530200ba0c00361
All "reflexive games crack.ex-" variants according to my view should be flagged as PUP/riskware anyway. Also consider what DavidR stated earlier in his post in this thread. We are not here to give crackware a clean bill of health or tell that it has not been detected so far through anti-malware analysis or will go under the radar for the time being. That is unethical i.m.o.,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37180
Re: avast NOT FOUND infection in a keygen !!!
« Reply #5 on: November 23, 2011, 03:13:41 PM »
Malwarebytes detect it as - Trojan.Backdoor

have posted a FP case in the forum so we will see what they say


Quote
As this is a crack software, we do not evaluate cracks and keygen for safety.

They are often built with the same tools used to create malware so there are frequent FPs but cracks and keygens are also often malware.
This is a generic detection that is triggered by the builder being used that is used for mostly malware.
« Last Edit: November 23, 2011, 10:28:57 PM by Pondus »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 75572
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: avast NOT FOUND infection in a keygen !!!
« Reply #6 on: November 23, 2011, 03:30:56 PM »
Also consider what DavidR stated earlier in his post in this thread. We are not here to give crackware a clean bill of health or tell that it has not been detected so far through anti-malware analysis or will go under the radar for the time being. That is unethical i.m.o.

+1
I won't help on such issues...
W8.1 [x64] - Avast PremSec 22.5.7263.B [UI.706] - Firefox ESR 91.9.1 [NS/uBO/PB] - Thunderbird 91.9.1
Avast-Tools: Secure Browser 101.0 - Cleanup 22.2 - SecureLine 5.18 - Driver Updater 22.2 - CCleaner 6.0
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33597
  • malware fighter
Re: avast NOT FOUND infection in a keygen !!!
« Reply #7 on: November 23, 2011, 04:04:43 PM »
Hi Asyn,

And good. The use of Yoda's Crypter here or of any cryptor generally indicates one of two things -
that a malware author is trying to hide the contents of his executable, or someone worried about intellectual property is trying to hide the contents of his executable...
See the scan at VT:

Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
UPX compressed Win32 Executable (43.8%)[*lb*]Win32 EXE Yoda's Crypter (38.1%)[*lb*]Win32 Executable Generic (12.2%)[*lb*]Generic Win/DOS Executable (2.8%)[*lb*]DOS Executable Generic (2.8%)
sigcheck:
publisher....: n/a[*lb*]copyright....: n/a[*lb*]product......: n/a[*lb*]description..: n/a[*lb*]original name: n/a[*lb*]internal name: n/a[*lb*]file version.: n/a[*lb*]comments.....: n/a[*lb*]signers......: -[*lb*]signing date.: -[*lb*]verified.....: Unsigned[*lb*]
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers (Kaspersky): PE_Patch.UPX, UPX
PEInfo: PE structure information

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2262
Re: avast NOT FOUND infection in a keygen !!!
« Reply #8 on: November 23, 2011, 05:41:08 PM »
Hello,
the file looks clean.

Milos

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37180
Re: avast NOT FOUND infection in a keygen !!!
« Reply #9 on: November 23, 2011, 10:27:03 PM »
Norman lab
Quote
Hi,
This file is the crack of a game software. So there is a security risk associated with it. Thus added detection.

FFF-ReflexV2.exe : Processed - Crack.G
« Last Edit: November 24, 2011, 05:31:00 PM by Pondus »

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4099
Re: avast NOT FOUND infection in a keygen !!!
« Reply #10 on: November 24, 2011, 08:26:20 AM »
Also consider what DavidR stated earlier in his post in this thread. We are not here to give crackware a clean bill of health or tell that it has not been detected so far through anti-malware analysis or will go under the radar for the time being. That is unethical i.m.o.

+1
I won't help on such issues...

+1

Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33597
  • malware fighter
Re: avast NOT FOUND infection in a keygen !!!
« Reply #11 on: November 24, 2011, 05:52:21 PM »
Hi forum friends,

Maybe there should be a new classification created for these sort of programs (crack tools, keygens that go under the radar), to be found up as either "PIP" = possible illegal program or classified as "PCCIP" = possible copyright curcumventing program.
Then everyone should know what the intention was to develop, obfuscate, protect that file in the first place. Or just call them CRACK....

polonus
« Last Edit: November 24, 2011, 07:03:26 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

miciotta62

  • Guest
Re: avast NOT FOUND infection in a keygen !!!
« Reply #12 on: November 24, 2011, 08:52:45 PM »
ok...but this crack si INFECT yes or not ? or false/positive ?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37180
Re: avast NOT FOUND infection in a keygen !!!
« Reply #13 on: November 24, 2011, 09:06:04 PM »
It is explained in reply nr #5 and #9

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33597
  • malware fighter
Re: avast NOT FOUND infection in a keygen !!!
« Reply #14 on: November 24, 2011, 11:51:37 PM »
Hi miciotta62,

As we explained earlier we are not going to answer. Warez for a long time have been a major way of distributing new spyware, trojans and other malware. Everyday you can find a sample showing up detected as a trojan by a few scanners. But missed by many or all you have an ideal malware vector, and who is going to complain, no user likes to admit he got infected from an illegal download or from trying to circumvent legit copyrighted works, so an ideal propagation base for malcreants to spread their malcreations. That is why we are not going to react here,

polonus
« Last Edit: November 24, 2011, 11:59:35 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!