Are Keygens Viruses

0 views

Skip to first unread message

Fatima Teem

unread,

Aug 4, 2024, 7:27:55 PM8/4/24

to pliccalbarddust

Ive been using computer for 20 years and I've used many antivirus. And I have had many "cracking software" laying around on the various PCs that I have used. These include keygen, software cracks/patchers and game hacks (wallhacks, aimbots, multihacks and etc).

I notice that sooner or later, whatever antivirus program I am using flags those software as a threat (malware, virus, trojan and etc). Is it correct that all such software contain some kind of threat? Or all antivirus are designed to treat all such software as a possible threat?

In order to distribute the program to others, you always compile the program to an executable. An executable however is not the scripted code in a shell, but it is a reconstructed set of instructions that the processor understands in order to do what you initially programmed.

Understanding this is important. When virus scanners create their threat detection, they will search read all executables. A virus will modify an executable and change some code so the virus itself will be run whenever the executable is run. The virus scanner will search for this virus by simply searching for a pattern. The virus may have 80 bytes of code, but 50 bytes of that code contain the harmful instructions so the virus scanner will scan for those 50 bytes.

This ensures that any modification to that virus to cloak itself, will still result in a detection in most cases. It can't change the dangarous code in itself or it would simply not work like that anymore.

Because virus scanners don't like it when their paid software is cracked, it will mark any crack or keygen as unsafe to protect itself, but it is also possible that someone creates a crack and puts in a virus so that this person can later collect information about who uses their crack etc...

When it comes to knowing if keygens, cracks, hacks, etc... contain actual malicious code, I have no answer to it. It can be, and its possible it is not the case. It is often true that in order for a crack to work, it has to perform functions that viruses also do, which is why most cracks are seen as dangarous. Their tasks cannot be distinguished from viruses.

The same problem happens with real programs too. They may have operations in them that could be flagged as a virus. If that happens, the developers usually contact the virus scanner developers and get their program investigated so a better match is created, and the false positive won't happen in the future.

TL;DR: It does so because those cracks/keygens/etc contain a signature of the virus it detects. Whether or not it is real and why it detects that, can't be answered. Its different per use case and per virus scanner.

So just over the weekend, i started getting emails. The group policy that puts this setting has been in place for years. why is it just getting flagged now? These are registry keys that control windows functions, but sophos thinks they are keygens? what??? can you explain at all. thanks

A key generator (key-gen) is a computer program that generates a product licensing key, such as a serial number, necessary to activate for use of a software application. Keygens may be legitimately distributed by software manufacturers for licensing software in commercial environments where software has been licensed in bulk for an entire site or enterprise, or they may be developed and distributed illegitimately in circumstances of copyright infringement or software piracy.

Illegitimate key generators are typically programmed and distributed by software crackers in the warez scene. These keygens often play music (taking from the tradition of cracktros), which may include the genres dubstep, chiptunes, sampled loops or anything that the programmer desires. Chiptunes are often preferred due to their small size. Keygens can have artistic user interfaces or kept simple and display only a cracking group or cracker's logo.

A software license is a legal instrument that governs the usage and distribution of computer software.[1] Often, such licenses are enforced by implementing in the software a product activation or digital rights management (DRM) mechanism,[2] seeking to prevent unauthorized use of the software by issuing a code sequence that must be entered into the application when prompted or stored in its configuration.[better source needed]

Many programs attempt to verify or validate licensing keys over the Internet by establishing a session with a licensing application of the software publisher. Advanced keygens bypass this mechanism, and include additional features for key verification, for example by generating the validation data which would otherwise be returned by an activation server. If the software offers phone activation then the keygen could generate the correct activation code to finish activation. Another method that has been used is activation server emulation, which patches the program memory to "see" the keygen as the de facto activation server.

A multi-keygen is a keygen that offers key generation for multiple software applications. Multi-keygens are sometimes released over singular keygens if a series of products requires the same algorithm for generating product keys.

Unauthorized keygens that typically violate software licensing terms are written by programmers who engage in reverse engineering and software cracking, often called crackers, to circumvent copy protection of software or digital rights management for multimedia.

Keygens, available through P2P networks or otherwise, can contain malicious payloads.[3] These key generators may or may not generate a valid key, but the embedded malware loaded invisibly at the same time may, for example, be a version of CryptoLocker (ransomware).[4][5]

Antivirus software may discover malware embedded in keygens; such software often also identifies unauthorized keygens which do not contain a payload as potentially unwanted software, often labelling them with a name such as Win32/Keygen or Win32/Gendows.[3]

A program designed to assist hacking is defined as HackTool.Win32.HackAV or not-a-virus:Keygen from Kaspersky Labs or as HackTool:Win32/Keygen by Microsoft Malware Protection Center. According to the Microsoft Malware Protection Center, its first known detection dates back to July 16, 2009.[6] The following security threats were most often found on PCs that have been related to these tools:

A key changer or keychan is a variation of a keygen. A keychan is a small piece of software that changes the license key or serial number of a particular piece of proprietary software installed on a computer.

my computer got ravaged by malware after i tried to install some keygen software after that i tried a lot of tools after which almost cured it but still i noticed 50% chrome usage on startup and then today svhost.exe was back consuming 50% of cpu which confirmed malware was still there and then i looked back at firstscan of malwarebytes which showed only some of the threats were quarantined .I (or other software such as spybot) have already deleted some of the files shown in firstscan before this and today i deleted a dll( fiddlercore4) and 2 others(in same dir) which were created on day of infection but what to do with the registry values and keys.

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

You should always have an Antivirus installed on your computer. Free or paid. Obviously, paid Antiviruses offers more features than free ones. Depending of your set up, your browsing habits, your browser hardening, etc. a free one can do the job just fine.

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like UCheck, ]SUMo and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.