this is *not* a virus

Discussion in 'NOD32 version 2 Forum' started by Carl Farrington, Jun 3, 2005.

Thread Status:
Not open for further replies.
  1. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    ~snip~ link removed ~ Blackspear

    if anything, it helps to prevent virus and other malware from the dangerous 'serial/crack' websites which one might otherwise trawl if one was indeed searching for a serial number or crack for a program.

    IMO an antivirus company should not be allowed to abuse their power by denying access to software that they do not like. Will they soon be classifying and denying access to competitors products also?

    Thoughts, anybody?
     
    Last edited by a moderator: Jun 3, 2005
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Screenshot.

    Blackspear.
     

    Attached Files:

    • 03.gif
      03.gif
      File size:
      90.3 KB
      Views:
      579
  4. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    yep.. that's the point of this discussion :rolleyes:
     
  5. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    Sorry, maybe I need to be a bit more to the point. It's a false positive. There is nothing virus or malware about this application, it is a peice of software which obtains cracks from the crack websites for you and downloads them directly.

    Obviously this sort of tool would be frowned upon and disliked by commercial software publishers, but this does not make it a virus. They should not be abusing their power by denying people access to the file just because they do not like it.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Well we will have to wait for Happy Bytes to advise us further on this one, simply posting such a link is not allowed, we don't wish the curious with inadequate security to become infected.

    Cheers

    Blackspear.
     
  7. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    Fair enough, I understand your cautiousness.
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I'd be wary because a lot of so called applications/software from shadey websites that deal with cracks/hacks and warez, can have a bad payload inside them.

    NOD is probably wary too.
     
  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Well, one other point on this... Even if the file itself is not specifically malicious, you still can't post it here because of this forum's rule about posting links to warez. A crack-searching tool is warez.

    Uploading the file to Jotti showed that a few other anti-virus products also flag the file in the same way as NOD32. (Interestingly enough, the NOD32 running at Jotti did not pick it up. Since you are saying NOD32 on your system flags it, but Jotti's implementation doesn't, then something is either misconfigured at Jotti or out of date.)
     

    Attached Files:

  10. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    well the TOS actually says links to warez sites, which i would take to mean websites about warez. NOD32 only seems to have started picking this up since version 2.5. I'll just have to create a folder for this thing and exclude that folder from AMON. It is irritating though and I still don't think it's ethically correct.
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    How is it ethically correct to use a tool to find illegal cracks for software?

    Blackspear.
     
  12. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    ethically, one should be allowed to do whatever one wants as long as it doesn't impact on others. One should not specifically go out of ones way to disrupt or interfere with another persons activities. Now I realise obtaining cracks can be seen as impacting on others, but I cannot tell you the number of times I have gone to an old Windows 98 machine and had to reinstall Windows, only to find that they don't have a product-key (we're talking 7yr old machines here).

    This is just one example of a possible legitimate use. Besides that, people *will* look for cracks. Would we rather they go to the sites listed on astalavista.box.sk and get infected with malware which then tried to pass itself onto everybody elses computer, or would we rather just let them get on with it safely, with cracksearcher.exe?

    please excuse all the "ones" :D it just seemed easier to say that way
     
  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    I doubt you are going to find a lot of sympathy in trying to defend a crack search tool under any circumstances. Besides, flagging a file does not prevent people from accessing it. The program is not identified as a virus but as a hacktool, a proper target of malware scanners, and considered a valid target especially by businesses who would never want their employees to have such illegal programs on the company computers.
     
  14. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    This is a very good point, one which I hadn't considered. However, it is not the job of NOD32 anti-virus program to do this. That is what Websense and SurfControl are for.

    it seems to.. I can't run it here. There's no 'ignore' option on the AMON alert window.
    I wonder if disabling "Adware/Spyware/Riskware" in the AMON options would work. I don't want any adware or spyware on here though, although I haven't had any infection-attempts in many years, touch-wood. Safe-Hex indeed.
     
  15. PLeX?

    PLeX? Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    28
    Location:
    Knoxville, TN USA
    I doubt the employees who make a living from the sale of the warezed software would agree that they aren't impacted.
     
  16. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    i did cover that one..
     
  17. PlexShaw

    PlexShaw Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    62
    Wouldn't something like this, which I understand is legal, help with that particular problem (prior to instigating the reinstall obviously)?
     
  18. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    it would on a working system, yes. I do indeed use this to see if a customers WinXP is using one of the blacklisted keys.
     
  19. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    :D I couldn't help myself Blackspear, that was priceless. *puppy*
     
  20. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    there is no "we" in "would we rather they go to sites..." - because obviously my opinion differs to yours - I say let their machines get fried and infected with the pox... if they can't work out their protection and get slimed in the process, does THAT impact anyone else negatively? Should we care that someone might get infected looking for a dodgy license who doesn't have the wherewithall to protect their machine from the malware abounding on such sites.

    7 year old licenses - heard of ebay? 7 y/o software when it can be found online is DIRT cheap!
     
  21. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    i read over at the 'other antivirus' forum that jotti runs on linux and the nod32 option for finding 'potentially dangerous applications' isnt available, which is why nod32 doesnt always identify 'threats' that some of the others do. this could be why it isnt identified there, or as you say it may be out of date defs - i've seen that be the case before too.
    not so true with the new version of NOD32 (2.5) which is putting itself forward as more of an anti-malware app than an anti-virus app. see how it now identifies 'Threats' rather than 'Viruses'.
    yeah try that, but it may just be the 'Potentially Dangerous Applications' option that needs unticking. It isnt selected by default in a new install.
     
  22. Carl Farrington

    Carl Farrington Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    57
    Location:
    Manchester, England, U.K.
    You're missing the point - it's when their computers get full of malware which then spams OTHER PEOPLES computers, that's when it starts impacting on others.
    Mate when it's 8:30pm and you've just popped into a customers office to get something setup for the next morning, say migrating a server, and you have to go round all the workstations and then when you've just told the harrasing girlfriend that you're leaving in 5 minutes and this shitty 98 machine completely barfs on you... you ain't gonna be going on eBay for a product-key are ya.
     
  23. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    By the same token, in a commercial setting, you're not going to potentially leave your clients legally exposed by placing cracked versions of software on their machines, are ya?

    Sure, maybe the client is licensed for the software, but between the time the illegal application keys are flagged and the licensing details are sorted out, your clients reputation has already suffered. It is simply not appropriate to cut corners like this working on a clients machine.

    Blue
     
  24. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Jottis doesn't have the extra detections/spyware bit enabled in NOD at the moment but Virustotal does, that is why we frequently get a different result from the 2 sites on the same file
     
  25. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    if you see thw virustotal repoirt on that file
    his is a report processed by VirusTotal on 06/04/2005 at 13:48:40 (CET) after scanning the file "CrackSearcher.exe" file.

    Antivirus Version Update Result
    AntiVir 6.30.0.15 06.03.2005 PMS/CrackSearch.A
    AVG 718 06.03.2005 no virus found
    Avira 6.30.0.15 06.03.2005 PMS/CrackSearch.A
    BitDefender 7.0 06.04.2005 no virus found
    ClamAV devel-20050501 06.04.2005 no virus found
    DrWeb 4.32b 06.03.2005 no virus found
    eTrust-Iris 7.1.194.0 06.04.2005 no virus found
    eTrust-Vet 11.9.1.0 06.03.2005 no virus found
    Fortinet 2.27.0.0 06.04.2005 HackerTool/Cracksearch
    Ikarus 2.32 06.03.2005 no virus found
    Kaspersky 4.0.2.24 06.04.2005 HackTool.Win32.CrackSearch.a
    McAfee 4506 06.03.2005 potentially unwanted program HTool-CrackSearch
    NOD32v2 1.1126 06.03.2005 Win32/HackTool.CrackSearch.A
    Norman 5.70.10 06.03.2005 no virus found
    Panda 8.02.00 06.03.2005 HackTool/CrackSearch.A
    Sybari 7.5.1314 06.04.2005 HackTool.Win32.CrackSearch.a
    Symantec 8.0 06.04.2005 no virus found
    TheHacker 5.8-2.2 06.04.2005 no virus found
    VBA32 3.10.3 06.03.2005 HackTool.Win32.CrackSearch.a

    either described as posssibly unwanted program or hacktool by many Antiviruses

    This is one of the no win situations for an AV. most times we see reports XXX didn't detect XXX and the reply is well it isn't a virus it's a riskware program that can be used for immoral or illegal purposes and after numerous complaints give in and detect it.

    Next day some one says OH xxx detected XXX on my computer and it's harmless it's a crack tool :D

    what are the AV companies supposed to do

    Almost all Antiviruses now are not pure antiviruses but antimalware detectors and detecting crack tools that encourage the use of copyright contravention and software piracy is a legitimate part of an antiviruses job
     
Thread Status:
Not open for further replies.