virus total scan result https://www.virustotal.com/file/9fd84138ecdc642b7dfca90c9ca873b1b8bfe08f6e081961dc43a7b2bf57d566/analysis/1329680687/
zip.file with a keygen and a patch file
keygen.exe
http://virusscan.jotti.org/en/scanresult/2aeb08190df6fbc6db5474cb4e3d1e1817c5ae54
patch.exe
http://virusscan.jotti.org/en/scanresult/710cc33398d02c78d2f4c2fa0449d169784d2680
both files detected by Malwarebytes as Riskware.Tool.CK
so is this file a false positive ?
nope
dangerous ?
when you play with hacktools / keygen…as Malwarebytes say…Riskware
ohh and btw mawarebyte is not able to detect it . so i was wondering if its false positive .
Malwarebytes does not scan zip.files…you have to unpack and scan
Filer oppdaget 2 C:\Users\odd\Downloads\Orbit\unPack\patch\Patch.exe (Riskware.Tool.CK) -> Satt i karantene og slettet vellykket. C:\Users\odd\Downloads\Orbit\unPack\patch\Keygen.exe (Riskware.Tool.CK) -> Satt i karantene og slettet vellykket.
also detected by SuperAntiSpyware as
Trojan.Agent/Gen-keygen
Trojan.Agent/Gen-HackPatch
ThreatExpert
http://www.threatexpert.com/report.aspx?md5=a470863147b6a8c074b89a53405007f3
http://www.threatexpert.com/report.aspx?md5=dde8f7926ed11f0b11f616b7fb11ebaa
lol yeh true . but i think avast have to update its virus database with that file .
it will soon be in there inbox
Great and thanks for help ;D
your wellcome…
OBS: you can edit your first post and remove the download link now
sure ? i mean if developers need it ?
it is already sendt avast lab…and we dont want to distribute malware here
I believe that Pondus has already sent a copy of it, so it is safe to remove the mediafire link in your first post.
For the future, suspect files should be sent directly to avast for analysis - Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn’t remove them from the original location, so they still have to be dealt with in that location.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and false positive/undetected malware in the subject.
done .
Hi Arsh de Grand,
Please do not use shortened URLs here, we do not particularly favour using them.
Avast is probably going to detect this hacktool as: Win32:Dropper-gen,
polonus
Can’t access… Is it only me?
umm yep only you ;D but try this direct link https://www.virustotal.com/file/9fd84138ecdc642b7dfca90c9ca873b1b8bfe08f6e081961dc43a7b2bf57d566/analysis/1329680687/
I can access it, but I don’t like these short links that effectively obfuscate the end location (unless you have a link expander add-on), so you start out going to goo.gl and then it redirects to the VT site. So depending on what add-ons or security features in your browser it might not get there, in firefox it warns of the redirect and asks permission.