That is correct…the rar contain a couple of files named keygen and some others also detected
Uploading it to avast so they can check it out
Malwarebytes detect one file as Spyware.Password and 4 others as Dont.Steal.Our.Software
and i guess that means the keygen is also bundled with malware…
not surprising, first they lure you with a keygen…then they empty your bank account
Wow, I had no idea anyone had responded, I did not get any email alerts about this thread.
I emailed the sample to Avast before I even posted this thread & I have already submitted from within Avast but I usually never hear back about/get results about my samples by email or when submitting files from within Avast, I hope this improves one day; because many services at least offer auto-responses to help you track your submission & then a human response sometimes, so that you know whether a file was actually malware or a false positive.
Like Avira, Microsoft, AVG, et cetera.
So does anyone know if the Avast Team has determined if this is malware or not?
I got several responses from several other companies, but nothing from Avast yet, as usual; I was just curious that Avast was one of the few companies not detecting it, so I decided to post it here.
If you wish to be notified of email responses, go to the lower left-hand corner of the text box you would be typing in and click “Additional Options…”
Here you can click the box for Notify me of replies.
You can also attach files allowed using the Browse button below, with size limit of 200KB per post. Allowed files are in Allowed file types below the Attach line. ANSI format works best for text; use that for a log.
Perhaps resubmitting sample to VT until Avast! alerts? As a rule, an Avast! moderator does not come here to notify of a FP or missed malware, so no surprise there.
If you go to illegal, pirated or smut content sites you know the riks you take/run to get malware and who is later going to complain? And don’t the malcreants know that and that is why they reside just there in these domains. Don’t go into an alley way if you could risk to be beaten over the head!
Thank you Mchain, I figured it out earlier, I forgot that was not enabled on default at the Avast forums & I had forgot to check the box last time.
Yeah I will do that, but it would be nice if the Avast Team had a response system for emails and/or submissions through the Avast program and/or a special web submission form like many other companies.
I have reread the OP and do not quite see that goodjohnjr is necessarily and actively seeking files that are used for jailbreaking or running OEM programs as pirated software, so as to get the benefits of a full program at no cost.
However, having said that, some of us really do not know better, and some of those will come to us for help in restoring and cleaning their infected systems.
An example would be a site such as this: hxxp://www.thekidzpage.com/ or this: hxxp://support.automationdirect.com/downloads.html
Note that links are made not clickable on purpose.
So the warnings above are just in case, if I understand it correctly. No problem there.
That is why I depend on Avast! to protect my system from threats I do not yet know about. Hence the point goodjohnjr was, I think, originally trying to make. If Avast! does not see it, then are we protected from an inadvertent click or drive-by?
That is correct Mchain, I use mostly free & open source software, and I use the free version of Malwarebytes for the record.
I noticed that Avast was one of the few that did not detect this file on VirusTotal so I decided to submit the file to Avast (because I was testing Avast Free at the time) & several other companies; I like to submit possible malware and/or false positives to various companies to help in the fight against malware & false positives.
My thread has nothing to do with pirating but it is interesting to read people’s opinions, so I do thank you all for commenting, even if I do not agree.
I would like to mention something,speaking generally.Just because a file is packed with UPX(Ultimate packer for executables),it doesn’t mean that it is infected.In most cases,UPX is used to reduce the size of a file(.exe) etc etc.
UPX can also be used for protection by developers. A benefit is that a checksum of both the compressed and uncompressed file is maintained internally.
Malcreants however can layer it with other inner packing to mislead analysts and victims alike, seemingly meaningless dead closed jump code is found, but the malcode when running knows how to jump that.
So the story is not that easily told as it is being presented. We have an abominable clever opponent in the malcrean. This is an interesting read on the subject from the Norman blog: http://blogs.norman.com/2011/malware-detection-team/relations-between-spammed-malware
This link’s article author = Snorre Fagerland, Principal Security Researcher in the Malware Detection Team (MDT) at Norman’s. Discussed a.o is. outer layer of UPX packing; inner packer is [P1],
Yes but,it is well known that UPX have many weaknesses and can be unpacked easily(it’s really easy,seriously.)and this is why,UPX is actually used to reduce the size of the file.Unpacking UPX is as simple as,1,2,3 ;D .