Viruses / Trojans and program Cracks / Keygens

LazyLion

LazyLion

King of de Jungle
Joined
Mar 17, 2005
Messages
107,433
Reaction score
9,950
Location
District 9
I recently put in an old hard drive that has some old games with some cracks and keygens in the game folders (don't ask). My current version of AVG 8 Free Edition has flagged some of these cracks and keygens as Trojans. The descriptions look pretty generic though and that got me to wondering if Anti-Virus makers are not just looking now at all cracks and keygens as Malware, when there may not in fact be any threat. How would I tell if this is indeed the case (other than installing a different virus scanner)?

I am on local only bandwidth at the moment, so I can't Google the names right now... but has anyone else come up with these suspicions? Are the anti-virus vendors targeting all cracks/keygens regardless of whether they are infected or not?
 
I've had that suspicion before but you can never be sure. For keygens you could always use Sandboxie, that way they couldn't infect your pc and they could still give you your, ahem, lost key. :D
 
No. Anti-virus programs use something called heuristic analysis. This tries to detect patterns in the code that look similar to known malicious code.

If it is flagged by the heuristic code then it won't be labeled with a specific virus name, but rather just some generic name.

Code used to disable the windows activation code is often also flagged.
 
Syndyre said:
I've had that suspicion before but you can never be sure. For keygens you could always use Sandboxie, that way they couldn't infect your pc and they could still give you your, ahem, lost key. :D
Click to expand...

Yeah, those dang keys... keep losing them! :rolleyes:

Here is one that just popped up... "Trojan Horse Agent.PXU"

sounds very non-descript!
 
Dobee said:
I was told that this is the case, you can omit the words "crack" or "keygen" from the files and scan it again but I have cracks and keygens that pass my virus scan test and they usually are the ones that work were as the ones that fail are always trojans.
Click to expand...

ok, will try this!

I also thought that might be the case with the Heuristic Analysis... and it is possible that the Heuristics is just picking up some "suspect" code. I know those coders use some pretty hefty gymnastics in their cracks and amazing algorithms in their keygens.

Thanks,

guys... I'll post the results of my enquiry.
 
Many AV proggies these days see keygens and crackers as malicious, of course, they don't specify who's going to be done in :D
Of course it appears to be doing the job... anyone else noticed how these things aren't just out there like they used to be...
 
Bradbowlllama said:
Many AV proggies these days see keygens and crackers as malicious, of course, they don't specify who's going to be done in :D
Of course it appears to be doing the job... anyone else noticed how these things aren't just out there like they used to be...
Click to expand...

The same thing seems to be happening with programs that warn you when you go to a crack site. Gives you a warning now, this site may be bad for your computer! :confused:

Funny, never used to be like that.
 
And then they wonder why they get overly paranoid net users such as myself :o
 
Syndyre said:
I've had that suspicion before but you can never be sure. For keygens you could always use Sandboxie, that way they couldn't infect your pc and they could still give you your, ahem, lost key. :D
Click to expand...

: ( Sandboxie don't support Vista 64bit...
 
Get a proper AV like Kaspersky which doesn't flag every second executable and actually stops real virii :p
 
Lower cost AV tend to flag all cracks, keygens, hacks as viruses.
I once downloaded a bona fide keystroke logger from a site that sells the software as a commercial product that is used to allow people to make a secure database of a computer used, for example as an internet access terminal in a library (to catch abuse) and for forensics.

Trend deleted all copies I had- including the legitimate installer I got from the vendor and flagged it as a "keylogger used to steal banking passwords and credit card numbers"

Very annoying!
 
Turiko said:
Lower cost AV tend to flag all cracks, keygens, hacks as viruses.
I once downloaded a bona fide keystroke logger from a site that sells the software as a commercial product that is used to allow people to make a secure database of a computer used, for example as an internet access terminal in a library (to catch abuse) and for forensics.

Trend deleted all copies I had- including the legitimate installer I got from the vendor and flagged it as a "keylogger used to steal banking passwords and credit card numbers"

Very annoying!
Click to expand...

I just noticed, when playing Stronghold Crusader the other day, that AVG also detects my Trainer for Stronghold as a "potentially unwanted program hook". Spyware Doctor also tried to block it. WTF?

now I go to this website...

http://www.forsaken-mu.com/

and see this...

NEWS:

AVG is causing problems again. If you use AVG and have problems, particularly with "IRC/Backdoor.SdBot4.BXC", please see this thread or use a decent antivirus software and not AVG.
Click to expand...
 
two things;

1st - dont use cracked software. think what those keygen do. it is illegal as well.
2nd - move to Nod32, AVG has a high rate of false positive hits.
 
I have been very happy since moving to Avast free edition from AVG free... much faster on a LAN too...
 
I switched from AVG to NOD32 months ago for the simple reason that AVG gives tons of false positives. I can't remember this site I once visited - it said to type a specific set of weird characters into notepad and to save it...then to scan the textfile with antivirus software and to my amazement, the textfile was detected as a virus. So from my observations, some anti-virus apps are poor at recognising genuine virii and malware. Most keygens are genuine apps and not virii, but you can never take this for granted, cos there will always be one or two that will be a virus.
 
Garyvdh said:
I just noticed, when playing Stronghold Crusader the other day, that AVG also detects my Trainer for Stronghold as a "potentially unwanted program hook". Spyware Doctor also tried to block it. WTF?
Click to expand...
Trainers intercept your keystrokes, so they could look similar to a keylogger to the AVs heuristics. I just wish they'd explain why the program tripped up their heuristics instead of just calling it a generic.foo.bar and then having no explanation when you click on the link for more detail.

I've been getting lots of false positives with AVG lately and it is annoying. I tested just about every AV on the market about 3 years ago, at the time it was the leanest and meanest, gave the least false positives and found things the others didn't. Now they seem to be becoming like every other AV out there.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X