false positives, how to....

[Cereberus]

how do you know what is legitimately a false positive which mbam or anti virus warns about, but is actually a harmless ....medicine for some app.

i do take certain precautions and use a little common sense when approaching such... medicines such as....

1. download only from high post count users with good credibility

2. read the comments ..... for anything bad about the ts or anything found wrong with the file shared

3. take heed of av/mbam pop up warnings. though may disregard if most likely a false positive. but i'd still run a mbam/hitman/nod32 scan on the apps folder after patching, as well as to check signatures if it's same as the original to double check.

4. don't download repacks.... ever.... (portables i'm not so sure on either :x i usually just stick with full apps. and ideally slim especially for things like ccleaner, for which the standard version comes prepacked with adware, hence why slim version is more ideal)

5. if it's a really good app and i use it often, i'd buy it.

6. avoid keygens and patchers whenever possible. ideally use serials posted in txt. also use firewall block method. some apps is possible to register with serial + firewall block without resorting to patches/keygens. This is an indirect medicine that tends to work best without taking a risk.

7. if mbam/hitman/nod32 or some other anti virus/malware flags some app installed that looks dodgy, then i may uninstall and try another release and see if that other one has the same flags or not. or i may ask myself, is this an app i use regularly ? if not i rather just delete it and only resort to installing it when actually needed. One such app is recuva which is very effectively but sadly by default comes bundled with adware.

8. if someone keeps on pushing for silent/repack releases..... be on high alert :eekout:

the only thing i didn't resort to is using a sandboxed environment to test out first....

so any tips for differentiating whats a false positive, and what is legitimately a malware/virus app ;_; ? or any other precaution i might have missed ?

PS: these are some of my favourite security apps to perform these scans

On demand

-hitman

- mbam

- nod32 (or any other av that scored well on avtest consistently)

- herdprotect (mostly for double checking)

- zemana anti malware

- shouldiremoveit (this mostly helps for a new laptop. but i also use it sometimes for desktop, just in case i installed an app, but actually it was a bad one without me realizing it was one with such a bad disrepute. so this app tells me.)

Passive

- nod32

- mbae

- emet

- mbam

- WFC

- zemana anti logger

- hostsman

others

- ninite (rather than rely on third party download sites, i use ninite which has the installer MINUS the adware that comes prepackaged on download sites lik cnet...etc....)

- SUMO (easy way to check latest version of apps)

- Secunia PSI (same like sumo)

[dcs18]

Those 5 points are pretty valid — personally, I never use patches or keygens . . . . . . I prefer to firewall my apps. & programs to retain activation.

I purchase most of my stuff — not the ones which one is forced to buy but stuff published by Developers who really deserve to be supported.

[Cereberus]

Those 5 points are pretty valid — personally, I never use patches or keygens . . . . . . I prefer to firewall my apps. & programs to retain activation.

I purchase most of my stuff — not the ones which one is forced to buy but stuff published by Developers who really deserve to be supported.

and ironically some of the best apps i use are actually freeware. ublock/umatrix

[Whi5t1eR]

Those 5 points are pretty valid — personally, I never use patches or keygens . . . . . . I prefer to firewall my apps. & programs to retain activation.

I purchase most of my stuff — not the ones which one is forced to buy but stuff published by Developers who really deserve to be supported.

Mmmmm

[Cereberus]

[Cereberus]

can anyone help me diagnose this please.

i only recently install ratiborus auto kms net, and the office 2016 :/

then notice this warning for 2 specific files being flagged as malware which never occurred before that.

File: SppExtComObjPatcher.exe

CRC-32: a565bf0d

MD4: 90df9107ffd7becc4d7a8796ed681dce

MD5: fd59f4930243c71bbc45835048921e01

SHA-1: c663309e3e7ad9e6dd355598df2f3832f43dfb58

http://r.virscan.org/report/a35d3f45f859f8d859b36567c31da871

File: SppExtComObjHook.dll

CRC-32: a0f580d8

MD4: 826841d05f5f87d0034580d4801e71d8

MD5: 45a5bc3fd4816b88177d7169cbf2f532

SHA-1: 7a081a42826a58e91dabf60e06ce859b970d0602

http://r.virscan.org/report/47539500aac9fe656c2955a0acea5d94

is this a false positive ? :think:

[knowledge-Spammer]

i think false positive

[knowledge-Spammer]

just so i understand u used this

did u use portable?

if u not trust it u can remove it and try this topic

http://www.nsaneforums.com/topic/252378-office-2016-rtm-activation-via-phone-or-kms/

[unknownasphyxiated]

it's not a false positive

it's being detected correctly as Potentially Unwanted Application (PUA) Hacktool

for a legit activated system, this file will be a PUA

for a non-legit activated system, this is not a PUA

to be safe, you can rely on online scan tool to check the detection for that file from different type of av

usually you can ignore detection from a non-popular av

if the detection hacktool, usually it is a safe-to-use malware PUA

[Cereberus]

just so i understand u used this

did u use portable?

if u not trust it u can remove it and try this topic

http://www.nsaneforums.com/topic/252378-office-2016-rtm-activation-via-phone-or-kms/

yeah portable which i placed manually here

C:\Program Files (x86)\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe

but i noticed when i first run the exe, it creates another folder and copies itself exactly to

C:\ProgramData\KMSAutoS\KMSAuto Net.exe

so maybe i didn't need the first location file, maybe can delete. not sure so i left as is.

the link source you gave me is safe. but i also found the original download source

http://forum.ru-board.com/topic.cgi?forum=2&topic=5328#1

PS: be careful though, cause my mbam is warning me at the ru-board there is a "savepic.su" blocked outbound website.

Make sure you use ublock with umatrix and configure like such. i did not get any mbam warnings after that on this site

KMSAuto Net 2015 Portable v1.3.8 - (10/08/2015), several methods of activation, select Auto

https://mega.nz/#F!K9s1EAiJ!DSdPpjft4SQy2-Qkg5KlMg

both the checksum matches for the kms auto net i got from torrent and the original author source so is legit :}

File: KMSAuto Net.exe

CRC-32: 1387ba48

MD4: 04f7d62279e9da9ae1420440980b2ab6

MD5: 6ee7f3ecd5111cd5306792fd3141515d

SHA-1: 45c92d0e691175a39a8c61228f526f80a7ca94fc

[player]

can anyone help me diagnose this please.

File: SppExtComObjPatcher.exe (virustotal)

File: SppExtComObjHook.dll (virustotal)

pretty sure they are flagged more for anti-piracy than malicious code.

if they were truly trojans/viruses, i'd be surprised that only Baidu & ESET detected them (out of major AVs I recognised)

also the feedback is quite helpful this time: Riskware, RiskTool, not malicious, potentially unsafe

[TheRuan]

I can't be sure if THIS version u r using is a virus or not, but yes, almost all(if not all) kms activation tools will be detected in the same or very similar way.

But if u r looking for WIndows/Office activation try to use the ones posted in http://forums.mydigitallife.info/if u got it from there AND downloaded from a link posted there(not from youtube or anything like that), or here in nsane forums and the poster is someone with thousands of posts/thanks there is no reason to worry that much.

If u r coming from Windows 10 Insider I hope u know u can activate using the original key u got, at least mine is working just fine. To be clear, the key i got from Windows Insider is activating a FULL Windows 10 Pro that isn't running the Insider stuff.

[DLord]

I would say it's a false positive. The detection is correct as it is a hacktool, and it's exactly what you want it to be ;)