Saturday, May 19, 2012

Virus/Trojan alert in Keygens

Q: Why is my Anti Virus checker reporting Trojan/Virus in a Keygen?

A: You are almost certainly experiencing what is known as a False Positive. Unfortunately the majority of common Anti Virus applications will put Keygens into the suspicious category and warn, or worse, immediately quarantine them.

Anti Virus programs generally don't support or understand the way Keygens are constructed and so they take the safest route i.e. they assume them to be a threat.

Obviously we uploaders cannot influence the policy of the Anti Virus developers and we certainly cannot take any responsibility for what decisions the members take regards their computers, so please take the following advice as a starting point only.

We strongly advise you to learn how your AV app actually works - they are all different. We do not recommend any particular Anti Virus programs because they all have their strengths and weaknesses, not to mention they are under constant development - some of the larger companies also use component parts of various other applications, so nothing is straightforward.

Q: My Anti Virus program is censoring a Keygen, what should I do?

A: Firstly, if your AV program has removed or disabled the Keygen, find out what this means - most often the AV program will move the Keygen to a 'Quarantine' folder. The Keygen is still usable, but the problem here is that unless the AV program allows you to tell it that the Keygen is 'safe', as soon as you release the Keygen from Quarantine, the AV app will detect it as a rogue application and the process will start over again.

Some AV apps will disable the Keygen. Most times this means the Keygen is rendered useless, however simply restoring it from it's original WinRar or Zip archive will renew the file (assuming you have actually kept the original archive) - of course, as before, the problem here is that your AV program will immediately detect the restored Keygen as rogue.

The most obvious solution here is to turn of the automatic detection functionality of your Anti Virus program but how do you know the Keygen is actually safe?

Try one of the online resources, like Virus Total - however, there is no guarantee that any of these resources will give the thumbs up to a Keygen.
Probably the only way to be 100% sure is to try something like PE explorer and examine the code contained within the Keygen to see that all is as it should be - mind you, if you were that competent you'd hardly be worried about this whole problem anyway. ;)

So, unless you are an 'expert' there is no real way of knowing if the Keygen is indeed 'safe' - so what should you do?

Scene groups are very conscientious and would never knowingly release a Virus or Trojan in one of their files.

Does that give you enough peace of mind to turn your AV scanning off?
If it doesn't, use Sandboxie and unarchive and run your Keygens from within it - this would appear to be one of the few '100%' safe methods currently available to us.

You could also just run the Keygen on another, non critical computer or a Virtual O.S. - but you need to be aware that if you have unwittingly contracted a Virus or released a Trojan onto the system you can easily spread it via your network or other means such as CD, USB Pen Drives, eMail etc... I hope this helps...