shought Posted August 17, 2008 Share Posted August 17, 2008 Note: This topic only applies to fixes downloaded from the nsane proxy(all fixes presented on the frontpage come from the proxy, but to make sure you can check if the link starts with 'http://proxy.nsanedown.com').Lately we've seen a lot of topics telling us that some fix, crack, patch or keygen was infected with some sort of malware. Every single time the outcome of this discussion was that the detected 'threat' was a false positive. That is why every single person should follow a few simple steps before making a topic here about some fix being infected with malware.The steps are:Download and extract the file. This is completely harmless, however do not run it (yet).Open your Web Browser and go to http://www.virustotal.com.Search the EXE file(s) and upload it/them (for multiple files you must open two windows/tabs).Wait for the scan to complete.A lot of AV programs have scanned your file and gave a report. If more than 75% reports a threat in the file you can go ahead and make a topic here. If less than 75% of the AV programs tell you that there's a threat in your file please do not bother us and make your own decision :) The file is completely safe and the AV programs only detected some scripts/packers, which are used to make the fix and could be used to create malware. It is also possible, I don't know for sure, but I think this is always the case, that the company that produces the software for which you are using a fix sent a sample of that fix to the major AV companies telling them to add it to their database. This is of course only meant to scare off people using this fix.Note: Only apply this 75% rule to files downloaded from the nsane proxy (all fixes presented on the frontpage come from the proxy, but to make sure you can check if the link starts with 'http://proxy.nsanedown.com'). As a general rule you could take 50%, but no guarantees are made). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.