KMSEmulator.exe is not a Malware but a HackTool

Hello,

Avast reports KMSEmulator.exe as Win32:Malware-gen, which is confusing. It should be reported as an hacktool/keygen.

http://www.virustotal.com/file-scan/report.html?id=a2ffd0bc5e055e519fd3006bfdae422327d8e01310eae528267014c54293bfa4-1297445600

If you think I am wrong and that keygens should be reported as dangerous malware please tell me.

If you want office so much, buy it…

IMHO, leave the file as malware-gen, avast! (and other AV companies) have better things to do than please people who want to steal software… ::slight_smile:

http://forum.avast.com/index.php?topic=70806

I use open office. So after you keygens are malware ? Well I think I will consider switching to a less confusing antivirus like Microsoft Security Essentials or Avira AntiVir…

I agree that the detection should be kept but it should be corrected to a correct naming.

Thank you for your answer.

Well that is my opinion, I happen to use office, since it was paid for. Had I not already had it I would also use open office - There are enough free alternatives to be useful. Just annoys me that people complain when they are stopped from stealing. Would they be so liberal if someone was stopped from robbing them?

I don’t see how avast is confusing?

The malware-gen is a generic detection that allows the virus teams to add a detection, rather than spend time and effort dreaming up a name that means whatever. There is also the fact that there is no AV naming convention so one AV’s so called “Hacktool” is another AV’s “Trojan”

DavidR explains the whole naming convention thing better, let me see if I can find the post.

Ok, if malware-gen is a generic detection name, it makes sense.

I can understand that important things have priority over this kind of things.

The metioned post by DavidR:

I have bolded (is that a word? :D) the part of it that I feel most pertinent to this thread.

Also:

DavidR on other aspects of keygens (he is so much better with words than me :P)

Well naming convention is another strange beast, as there is no standard naming convention between the different AV companies and this is no better demonstrated in the different malware names assigned in the 27 alerts in the VT results.

There are many generic and heuristic (suspicious/unclassified) within those 27 listed.

didn’t use a keygen for my office either, but got it coming up. This bickering about if it is or isn’t purchased is irrelevant because a keygen just generates a key for a program, isn’t malware or spyware or anything of that line, but regardless, now it’s coming up every @#$@ time I turn on my computers, since the last update. How do I make it STOP!?!??

And many keygens comes bundled with malware. :wink: