Keygens/Patchers vs. Antivirus Software & System Integrity

[JessicaLeigh]

Hi Everyone,

How can I effectively store and use keygens I d/l without compromising the integrity of my PC and it's virus protection?

A large percentage of keygens, patches, and cracks are detected as Trojans and viruses, but I know some, most, or nearly all of those detected as such by AVG Antivirus are false positives. I've been a PC tech for years, but this is an issue I can't seem to resolve.

My question goes out to all of you who have absolute control of this situation. Is there an AV solution more suitable for what I am trying to accomplish, than AVG (pro)? If so, how do I configure it so that I can be assured harmony between my keygens and AV realtime detection? Would anyone know how I do that?

I wish there was a way of bypassing AVG detections on HDDs to specific directories. There is a PUP exceptions list in the Advanced Configuration panel of AVG Pro, but there must be some easier way of solving the problem without singling out each and every keygen and patcher I download. I tried to set aside a folder just for keygens, but AVG nails it as soon as I either enter that directory, or execute one of the keygens. sad.gif

[DKT27]

Use some other AV. If not, disable it when using the keygen, then archive it in RAR or zip and put a password in it. AV will not scan password protected archives.

[donizme]

1. Choose Antivirus which has low false positives: Norton Internet Security 2009/Kaspersky Internet Security 2010/Sophos Antivirus

2. Like DKT27 has already said, store the keygens in a .rar file and put password on it (this encrypts the rar in 128 AES encryption) which no antivirus can scan (as far as I know).

3. Don't think 'oh that's a false positive' because it might not be. Although nsane of course always tries to have no viruses, you should always scan/upload to Virustotal.com to see other antivirus' opinions.

4. If the keygen/crack you have is for a software that is already installed like Norton. Then Norton will detect it if you don't do as mentioned above in #2.

5. Test the keygens in an old pc if u have one, to make sure it does what you expect it to or use Sandboxie.

[DKT27]

donizme is right.

[LeetPirate]

If AVG has so many false positives then why do you keep using it? :smartass:

Anyway, a possible solution would be to disable the web scanner module and leave the real time scanner enabled or you could also disable scanning within zip files as this feature is simply a marketing gimmick to trick customers. A virus inside a zip file could NEVER harm a computer and I dare any AntiVirus developer to prove me wrong; therefore scanning inside zip files is the climax of stupid features, sadly all current AV makers have this useless feature :( . You could also disable detection of potentially unwanted applications if that is possible, AV manufacturers made that special classification for things like keygens and cracks.

As for other suggestions for AV, I accomplish what you want using NOD32. I disabled detection of potentially unwanted programs, disabled scanning inside zip files and have no problem. Alternative to that might be Avira although since version 9 they have removed the ability to disable scanning inside zip files so I don't know if this means they don't scan inside zip or if they just don't want you to be able to turn it off. Norton could disable scanning within zip files too but then the icon changes in he system tray and constantly harasses you which is annoying :D . As for your directory scanning situation, I believe you can add a directory as an exception in NOD32 so it won't scan anything inside that folder.

[box]

Do what donizme suggested?

I always assumed that all keygens, patches, and cracks contained malware. Just because an AV program doesn't detect it today, it doesn't mean it is safe. When I have to use a keygen, I opened it in Sandboxie and make several keys and put them in a text file for later use. I then locked up all the keygens, patches, and cracks in an encrypted zip file. The one bad thing about Sandboxie is that it is not compatible with x64. So, in this case, I execute the keygens in the virtual PCs.

[MasterUploader]

my suggestion is to see what its detected as,if its detected as something like FSGpacked.w32 or thermida.packed.hacktool etc etc,they are just packers used on the crack to stop other groups taking apart there crack,and repacking it as their own,if its got a name like that its usually a false psoitive,or if it contains another packer name eg.PESpin,etc etc.you can alos monitor what other processes are started when you start the crack.yes you could use sanboxie which is a great app,but not all keygens/patches etc contain malware.mine dont,as i dont want to inject them with any type of infection,nor do i know/or want to know how to program a virus.cracks that have malware,are just viruses or whatever.that dosent come as standard,as cracks/patches etc arnt built on malware or whatever

[shought]

If AVG has so many false positives then why do you keep using it? :smartass:

Anyway, a possible solution would be to disable the web scanner module and leave the real time scanner enabled or you could also disable scanning within zip files as this feature is simply a marketing gimmick to trick customers. A virus inside a zip file could NEVER harm a computer and I dare any AntiVirus developer to prove me wrong; therefore scanning inside zip files is the climax of stupid features, sadly all current AV makers have this useless feature :( . You could also disable detection of potentially unwanted applications if that is possible, AV manufacturers made that special classification for things like keygens and cracks.

As for other suggestions for AV, I accomplish what you want using NOD32. I disabled detection of potentially unwanted programs, disabled scanning inside zip files and have no problem. Alternative to that might be Avira although since version 9 they have removed the ability to disable scanning inside zip files so I don't know if this means they don't scan inside zip or if they just don't want you to be able to turn it off. Norton could disable scanning within zip files too but then the icon changes in he system tray and constantly harasses you which is annoying :D . As for your directory scanning situation, I believe you can add a directory as an exception in NOD32 so it won't scan anything inside that folder.

I would not recommend disabling the web scanner.

It's not stupid to scan inside a .ZIP file, if scanning inside a .ZIP file is stupid scanning inside an EXE file is stupid as well. An EXE file which is zipped is equally harmful as an EXE file on itself, the only difference is a zipped EXE file would require two clicks to work its magic. You can safely store your (unzipped) keygens in a folder as long as you don't execute them. The scanning inside .ZIP files feature might not be useful to everyone, but it is informative nevertheless.

The best solution I could think of is this: make AVG 'ask' before it performs any action on any file, when you're downloading a keygen save it into your keygens folder and exclude that from scanning. This way AVG will offer you the option to ignore these false positives(at least this was the case some time ago when I still used it).

[HX1]

Okay yes AVG sux.. I wouldn't trust it. EVERY PC I have ever cleaned out, that used AVG ( until I got a hold of it ) were infected.

GET RID OF AVG.. Choose one of the top 3 AV/Security softwares out there.. and when you go to look for it.. don't go for the hype you see posted on some of these sites..where you have a chart running from left to right with basically the same software.. ad a different guy on the top which JUST HAPPENS to be their software..LOL

I would recommend ESET Smart Security.. A a lot of good things about ESET. For instance you can enter variables into the exclusions list making an entire directory unscannable. It also has a very precise mechanism when coming to detected true malware. Heuristics is excellent for this program. Also when you choose to scan compressed files. For example you are downloading a .RAR file and it contains a real threat.. Before it has a chance to finish the data downloading into your system it will cut the connection to the file and erase its remnants. It also identifies the threat and you can discern what actions to take. It will not eradicate everything that is called*keygen.exe either.. However monitoring system activity it will, particularly with patches/keygens and so on that read install information from the registry... or changes entries. I keep everything I have compressed and in its respective folders for archive. I would also recommend GData Security, Avira, Webroot, Sunbelt Vipre, Kapersky, and Spybot Search and Destroy..Spybot is a must have extra..

I went through and scanned my drive, and I actually got rid of most things detected and have since replaced those program version and accompanying files with ones less ALERTING.. so to speak.. plenty of places to look. I mean it takes a little more time.. but its worth it. With that taken into consideration I still have a few programs, and accompanying files in which I have to write exclusions for specifically. I put a copy in quarantine...of everything it hits.. so in that event I can always replace it, after I have a chance to take a good look at it. So technically with the right program, and the right method (-ology); it should be simple to maintain. There are usually some very trustworthy sources that you will come to trust overtime, and you know when to recognize and how to recognize the real deal from the real source. In other words look for it clean and working correctly.. TRIAL AND ERROR.. sheesh.. LOL..

You stated you had a problem when you browse to the directory. This is caused when Explorer.exe loads/caches the file. It loads all the info for it, in that its not in that directory.. Its in RAM or your pagefile and your system will remove it. The same way when you try to decompress a file and it disappears but the original is intact.. because it unzips it to the TEMP directory which you can set..in WinRAR.. The system nails it.

You should try to find a removable storage device somewhere.. and move these things from your system.. either do a fresh install.. or manually clean it out...You can use several tools of course.. and I would rescan with your new AV/Protection make sure something you have really is not a bad boy.. so to speak..LOL .. just as a precautionary.. along with false positives comes a lack of PROPER protection.

I would not disable the online protection.. either.. keep it on, let it detect it.. see what it is.. and if you feel like you can trust it after being informed let it be the only thing your doing.. and temporarily turn it off for that download. Then after its run look in critical areas and make sure that it hasn't left you a little surprise. Monthly maintenance, and being aware of non-usual system behavior can help you know..

EDIT: I also wanted to recommend two more tools, one a BartPE CD, you can boot from the disk and remove ANYTHING. Preferably an Apache Web server as well..on USB or simply installed on your system, and setup but not as a service - that you configured to your root dir so that in the event you have system failure/re-install/problem you can go in with BartPE and run Apache after loading the network driver.. and download any file(s) that you may want to retrieve from any system on your network. Sounds crazy but IT WORKS!.. and it will miraculously run by finding it in Total Commander and running it with BartPE..The second thing is a program called Eraser, uses DBAN to shred files. You can select how many passes..integrates in your context menu..helps make sure it you do a cleanup.. the file and every sign of it remains gone...no 'Night of the Walking Dead - Malware Resurrection' episodes.. if you know what I mean..LOL

[DKT27]

@box: I agree with you but it doesn't mean that donizme is wrong. Don't mind but not all people are right nor all are wrong. :D

@heath28m: Many of my friends have said that BartPE is not good and it is very slow.

[JessicaLeigh]

WOW! I'm completely overwhelmed by all your responses! LOL I want to thank ALL OF YOU for contributing your ideas, best practices and solutions.

LeetPirate: To answer your opening question specifically; I'd much rather have AVG hyper-protect me, than leave me susceptible to infection... hmm, I see a potential joke in there, somewhere... STDs - Super-highway Transmitted Diseases; Binary Cancer... lol, nevermind, I'm having a really great day today, and I have no idea why. Please don't mind my silliness. :)

I'd LOVE to get back to using Eset Nod32 as opposed to AVG. The reason I stopped, was because the crack/activation process seemed either very tricky, too complicated, or maybe that I was just THAT incredibly lazy! LOL Seriously though, it was ridiculous what one had to go through... changing the PC clock time back; re-patching Eset, then returning the time back to the present; live update authentication credentials; etc. I'm getting dizzy already! Is ESET as easy now as AVG; just to generate a code and use it during setup? Gosh, I sure hope so!

I've also heard that Norton "finally got the memo" after twelve years of frustrating customers and losing market shares to their competitors, and have drastically reworked their AV so it no longer wreaks havoc on system resources. Have any of you tried it? Any comments?

[lite_speed]

I've also heard that Norton "finally got the memo" after twelve years of frustrating customers and losing market shares to their competitors, and have drastically reworked their AV so it no longer wreaks havoc on system resources. Have any of you tried it? Any comments?

I use it, and let me say that the 2009 version is wonderful. They sure did get "the memo"! I heard they had to fire their chief developer (or some other high official) because they were losing so much revenue. The new one came in and sure worked miracles. Don't ust take my word for it, though; ask around and poke through the Internet. The 2009 version is much, much, much lighter; it only uses two processes which total about 10-15 MB on my Vista SP2 computer. And just wait; the 2010 version is right around the corner.

I'd suggest you trial it. I was burned by Norton many times in the past, but the 2009 version has really turned my head!

The only downside I can think of off the top of my head is that there is no option to "ask whenever a threat is found." Norton will automatically quarantine it. But like yourself, I do keep a stash of cracks in a folder. I've added that folder to Norton's exclusion list, and have had no problems.

[DKT27]

The box mara- fix is very easy to use. You will be welcomed if you go to ESET back. ;)

[LeetPirate]

WOW! I'm completely overwhelmed by all your responses! LOL I want to thank ALL OF YOU for contributing your ideas, best practices and solutions.

LeetPirate: To answer your opening question specifically; I'd much rather have AVG hyper-protect me, than leave me susceptible to infection... hmm, I see a potential joke in there, somewhere... STDs - Super-highway Transmitted Diseases; Binary Cancer... lol, nevermind, I'm having a really great day today, and I have no idea why. Please don't mind my silliness. :)

I'd LOVE to get back to using Eset Nod32 as opposed to AVG. The reason I stopped, was because the crack/activation process seemed either very tricky, too complicated, or maybe that I was just THAT incredibly lazy! LOL Seriously though, it was ridiculous what one had to go through... changing the PC clock time back; re-patching Eset, then returning the time back to the present; live update authentication credentials; etc. I'm getting dizzy already! Is ESET as easy now as AVG; just to generate a code and use it during setup? Gosh, I sure hope so!

I've also heard that Norton "finally got the memo" after twelve years of frustrating customers and losing market shares to their competitors, and have drastically reworked their AV so it no longer wreaks havoc on system resources. Have any of you tried it? Any comments?

Hmm, don't worry ESET has become super easy to use now. It is as easy as installing it, then run NodLogin or MiNodLogin and voila system working. You could either opt to run NodLogin manually so you could insert new passwords when the old ones expire or you could schedule it to run once a week or so. NodLogin passwords are reported to last for months without expiring so this is not so much of a hassle.

All you have to do is disable detection of potentially unwanted apps (it asks this during the setup) and scanning inside zip files for the module you want like the web scanner in your case. This way the web scanner isn't completely disabled but simply set up to workaround your problem (this is my new recommendation after considering what my comrade shought said, disabling the web scanner completely could definitely be a bad idea). You could leave zip scanning enabled for other modules like the realtime scanner if you wish so when the files land on your hard drive they are still scanned, rest assured you will be protected. You should take a look at the front page listing for NOD32 AV. Many have said, and I agree, that Eset smart security's firewall is not one of the best therefore it may be a better idea to use NOD32 antivirus and a separate firewall like comodo or ez armour.

As for norton2009, it has improved to what it should have been a long time ago. NAV2009 is a force to be reckoned with, and the work of box with his trial reset patch is outstanding. I have a few reasons why I still stick with NOD32 over NAV2009 but let's not make this about me :rofl: .

[JessicaLeigh]

Omigosh folks, do you remember when NAV '95 first came out? Remember it shipped as a 3.5" floppy, and then we thought it amazing when they updated it in '97 and released it on TWO 3.5" floppies, instead of just one? (Yes, I realize I'm dating myself, here) LOL Those were the olden golden days, huh? ;)

heath28m; bidibadboi; shought; box; donizme: Your explanations and suggestions are VERY insightful; TYSM for your time. I will most definitely try them all. It can't hurt, right?

lite-speed and LeetPirate: Just for old times sake, I'm going to trial NAV 2009, but will more than likely switch over to Eset, unless NAV completely leaves me in complete awe. DKT27, 10Q 4 your info on Eset serials. ;)

Again everyone; THANK YOU SO MUCH FOR YOUR HELP and INPUT! I soooo love my 'nsane' family!

[HX1]

@box: I agree with you but it doesn't mean that donizme is wrong. Don't mind but not all people are right nor all are wrong. :D

@heath28m: Many of my friends have said that BartPE is not good and it is very slow.

Well booting up into a Pre-installation environment isn't really meant to be incredibly fast. My main use for it is to be able to go in and eradicate files which normally will not leave, nor erase...and I am talking about those in which no other solution will work, not the ones who have another file replacing them either. Just simple and better than wiping your system and taking several days before you get back to what you want again.. Plus coupled with Apache.. ( like plugging your hard drive int the network as a file share ) I can get my files off if I am limited on external/pluggables.. without really having to worry about 8 hours long backups and BS..constantly syncing directories so on. Once in a while I do.. but this would be used in a ODD occasion when you can seem to repair a system failure or error of some sort, usully with XP, being Vista users have so many options now, but yeah.. If you have a better recommendation.. by all means let me know..:)

JessicaLeigh:

For ESET I would recommend the Mara fix..simple to install and you can have basically 0day protection..no worries about finding names/numbers..The trial for it is full version.. The upgrade link left on the program to upgrade to full version will stay there but its for ease of purchase only..Started using this type with version 2, now I use 4, after using 3 (ESET)..so its always worked for me..

[Bizarre™]

@heath28m: Many of my friends have said that BartPE is not good and it is very slow.

The speed depends upon the media you are using and the amount of memory (RAM).

[donizme]

Do what donizme suggested?

I always assumed that all keygens, patches, and cracks contained malware. Just because an AV program doesn't detect it today, it doesn't mean it is safe. When I have to use a keygen, I opened it in Sandboxie and make several keys and put them in a text file for later use. I then locked up all the keygens, patches, and cracks in an encrypted zip file. The one bad thing about Sandboxie is that it is not compatible with x64. So, in this case, I execute the keygens in the virtual PCs.

The first line here suggests Box perhaps disagrees with me, but the whole 4 line answer suggests he does agree with me!

Maybe Box can clear that up. I did say in my original answer to use Sandboxie, and other points Box mentions does go along the lines as I was saying as well. :s

[Bizarre™]

The one bad thing about Sandboxie is that it is not compatible with x64. So, in this case, I execute the keygens in the virtual PCs.

+1

In fact, a virtual OS can also be considered a sandboxed environment.

[DKT27]

Well still I haven't tried Sandboxie or Virtual OS. Well I know about Virtual OS properly but don't know more about sandboxie so guess I will have to try it to know more. :P

[KotaXor]

Hi Everyone,

How can I effectively store and use keygens I d/l without compromising the integrity of my PC and it's virus protection?

A large percentage of keygens, patches, and cracks are detected as Trojans and viruses, but I know some, most, or nearly all of those detected as such by AVG Antivirus are false positives. I've been a PC tech for years, but this is an issue I can't seem to resolve.

My question goes out to all of you who have absolute control of this situation. Is there an AV solution more suitable for what I am trying to accomplish, than AVG (pro)? If so, how do I configure it so that I can be assured harmony between my keygens and AV realtime detection? Would anyone know how I do that?

I wish there was a way of bypassing AVG detections on HDDs to specific directories. There is a PUP exceptions list in the Advanced Configuration panel of AVG Pro, but there must be some easier way of solving the problem without singling out each and every keygen and patcher I download. I tried to set aside a folder just for keygens, but AVG nails it as soon as I either enter that directory, or execute one of the keygens. sad.gif

Keep it on an external hard disk.....exclude it from being scanned.

[box]

@box: I agree with you but it doesn't mean that donizme is wrong. Don't mind but not all people are right nor all are wrong. :D

Do what donizme suggested?

I always assumed that all keygens, patches, and cracks contained malware. Just because an AV program doesn't detect it today, it doesn't mean it is safe. When I have to use a keygen, I opened it in Sandboxie and make several keys and put them in a text file for later use. I then locked up all the keygens, patches, and cracks in an encrypted zip file. The one bad thing about Sandboxie is that it is not compatible with x64. So, in this case, I execute the keygens in the virtual PCs.

The first line here suggests Box perhaps disagrees with me, but the whole 4 line answer suggests he does agree with me!

Maybe Box can clear that up. I did say in my original answer to use Sandboxie, and other points Box mentions does go along the lines as I was saying as well. :s

LOL. Sorry! I see what the problem is.

I meant: Do what donizme suggested. (period)

Not: Do what donizime suggested?

Damn netbook keyboard.

[DKT27]

:lmao: ^^.

So plannin to change the netbook? :P

[Viktor]

Hi Everyone,

How can I effectively store and use keygens I d/l without compromising the integrity of my PC and it's virus protection?

A large percentage of keygens, patches, and cracks are detected as Trojans and viruses, but I know some, most, or nearly all of those detected as such by AVG Antivirus are false positives. I've been a PC tech for years, but this is an issue I can't seem to resolve.

My question goes out to all of you who have absolute control of this situation. Is there an AV solution more suitable for what I am trying to accomplish, than AVG (pro)? If so, how do I configure it so that I can be assured harmony between my keygens and AV realtime detection? Would anyone know how I do that?

I wish there was a way of bypassing AVG detections on HDDs to specific directories. There is a PUP exceptions list in the Advanced Configuration panel of AVG Pro, but there must be some easier way of solving the problem without singling out each and every keygen and patcher I download. I tried to set aside a folder just for keygens, but AVG nails it as soon as I either enter that directory, or execute one of the keygens. sad.gif

KIS is friendly for most Keygens ^_^

and I use MBAM as back-up for scannin

:guns:

[appzter]

For ESET I would recommend the Mara fix..simple to install and you can have basically 0day protection..no worries about finding names/numbers..The trial for it is full version.. The upgrade link left on the program to upgrade to full version will stay there but its for ease of purchase only..Started using this type with version 2, now I use 4, after using 3 (ESET)..so its always worked for me..

Are you referring to Box-Mara or just a Mara fix? - would you please provide a link?