kallejosef Posted April 5, 2010 Share Posted April 5, 2010 Hey guys.I have some questions about the box-mara nod32 fix.Last I checked it had these results "Result: 27/42 (64.29%)" on virustotalFor me it seems absurd to use a crack that is flagged out by 27 antiviruses.And this crack/fix will be used for an antivirus that will keep you secure.I'm not a hacker or computer programmer, and for me this is ridiculous. I mean, come on 64% that it is virus.And then comes my question. Is there anyone who can tell me what this fix actually do?I am aware that many will react negatively to this post, but it is of pure curiosity I make It. People will probably also say "If you do not trust it, do not use it." The point is : I want to use it, but do not entirely trust it, but if someone can tell me why it is flagged as a virus by so many anti-virus, it is an entirely different matter.it's not just NOD32, it also applies to several other applications--------------------------------------------------------------------------------------------------I can understand that it will be difficult to explain to me what the crack/ fixe actually do, when I have neither knowledge of cracking or programming. But try any way to convince me that the crack/ fixe actually is safe.Thank you :) :pirate: Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 5, 2010 Administrator Share Posted April 5, 2010 box, mara- fix v1.3 only sets your trial days of your ESET trial version to 30 days forever. Only changes some registry keys to keep the trial version working forever.I've myself seen it's signature(my own ways), and it's 100% safe.It's made in AutoIt! and most of the AVs don't like AutoIt, sometimes they may not even scan it fully and report it as unsafe. If you have any other questions, please ask. Link to comment Share on other sites More sharing options...
Bizarre™ Posted April 5, 2010 Share Posted April 5, 2010 There's no doubt box, mara- fix will be flagged as malware.AV's consider most Patch / Keygen a malware. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 5, 2010 Administrator Share Posted April 5, 2010 Sometimes I feel AVs are just paid to catch fixes. Ever seen Microsoft Malicious Software Removal Tool catch a false positive? Still it has caught so many deadly infections that no AV was able to remove. Link to comment Share on other sites More sharing options...
mara- Posted April 6, 2010 Share Posted April 6, 2010 Everything explained by DKT and Bizarre is true. Problem is AutoIt. You can check it yourself. Write something, compile it, and scan it with Virus Total. I think if you write this in AutoIt and compile it, Virus Total will report it as malware:Shutdown(6)This command reboots the computer. There is one more reason because fix is flagged as a virus. There is a tool included in AutoIt which does the obfuscation, so if someone breaks the code of the fix, it's very unreadable. You can read more on AutoIt Forum.Cheers ;) Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 6, 2010 Administrator Share Posted April 6, 2010 This shutdowner is a major problem. Please do something about it mara-. Link to comment Share on other sites More sharing options...
kallejosef Posted April 6, 2010 Author Share Posted April 6, 2010 Thanks for all the replies guys. Really appreciate it. :)-------------------------------------------------------------edit:And btw... i made a script with the shutdown(6) command and scanned with virustotal.Result: 6/39 (15.39%):P Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 6, 2010 Administrator Share Posted April 6, 2010 Did you make it in AutoIt! ?Shutdowner + AutoIt. Tell me if it catches less than 50%. Link to comment Share on other sites More sharing options...
Jubelino Posted April 7, 2010 Share Posted April 7, 2010 NOD is better than BD? Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 7, 2010 Administrator Share Posted April 7, 2010 It's just personal preferences. Try them both and select the one that suits you the most.I prefer ESET NOD32. :) Link to comment Share on other sites More sharing options...
kallejosef Posted April 7, 2010 Author Share Posted April 7, 2010 Did you make it in AutoIt! ?Shutdowner + AutoIt. Tell me if it catches less than 50%.Yes i made it in atuoIT and used the Autout Compile Script to .exe.only got like 6/39 (15.39%) Link to comment Share on other sites More sharing options...
mara- Posted April 7, 2010 Share Posted April 7, 2010 Did you make it in AutoIt! ?Shutdowner + AutoIt. Tell me if it catches less than 50%.Yes i made it in atuoIT and used the Autout Compile Script to .exe.only got like 6/39 (15.39%)Well, I would not say "only". I mean, is that a malware? No. But it seems, that beside this, there is something more that's picked as a malware. I'll investigate. And I will never be able to make it so all antiviruses stops reporting it as a malware. I can just reduce the number of it, if it means anything.Cheers ;) Link to comment Share on other sites More sharing options...
implague Posted April 7, 2010 Share Posted April 7, 2010 no one will ever doubt on work Box ofcourse kallejosef is a newbie so must b some questions in his mind @kallejosef u mite b come to know y box fix is flagged as a malware cause its made thru Autoit no worries of using box fixes i personally using nod fix and som others like Revo fix Link to comment Share on other sites More sharing options...
Bizarre™ Posted April 7, 2010 Share Posted April 7, 2010 I also prefer ESET NOD32.But like I always say: Each To His Own ;) Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 7, 2010 Administrator Share Posted April 7, 2010 @mara-: I don't know if it's even possible but you can make AVs not flag box, mara- fix when it's not executed by putting some password lock in it, that automatically unlocks itself when you execute it. This will wont allow AVs to scan inside the fix unless when executed. I've actually seen many fixes doing this. Link to comment Share on other sites More sharing options...
Bizarre™ Posted April 7, 2010 Share Posted April 7, 2010 @DKT27:I think it's much better to exclude any fix from AV scanning. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 7, 2010 Administrator Share Posted April 7, 2010 But there are some that post nonsense after downloading my torrent that contained box, mara- fix v1.3. Just an example.We know it, but others don't. Some people are good but frighten after seeing ESET blocking it as soon as it is downloaded. Link to comment Share on other sites More sharing options...
Bizarre™ Posted April 7, 2010 Share Posted April 7, 2010 @DKT27:Then those people should learn to ask and read.I prefer the latter though, since it exercises the mind:tooth: Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 7, 2010 Administrator Share Posted April 7, 2010 Meh don't like reading long long pages. :nono: :P Link to comment Share on other sites More sharing options...
Night Owl Posted April 7, 2010 Share Posted April 7, 2010 @mara-: I don't know if it's even possible but you can make AVs not flag box, mara- fix when it's not executed by putting some password lock in it, that automatically unlocks itself when you execute it. This will wont allow AVs to scan inside the fix unless when executed. I've actually seen many fixes doing this.The file "box, mara-fix v1.3.rar" has a file in it called "Eset fix.rar" which is password protected. When ESET scans "box, mara-fix v1.3.rar":Number of scanned objects: 4Number of infected objects: 0Number of cleaned objects: 0C:\...\box, mara-fix v1.3.rar » RAR » box, mara-fix v1.3\Eset fix.rar » RAR » Eset fix.exe - Incorrect file checksum (CRC); the file is probably password protected.If you take file "Eset fix.exe" out of password protected "Eset fix.rar", it should be excluded from scanning. Link to comment Share on other sites More sharing options...
BBs Posted April 7, 2010 Share Posted April 7, 2010 Its normal that almost everything written in autoit gets a hit in virustotal!It doesn't matter on which anti-malware forum you ask, every admin/Moderator says:Autoit is most time used to create malware.Well i don't think that its most time used to create malware, but it is known!And there are cases where every script written, compiled in autoit was detected as any Trojan or something else!For example 2 known antivirus/antimalware vendors!1. Malwarebytes (Anti-Malware)2. Emsi Software (A-Squared)They have fixed it now but its still critical with autoit compiled files!Not sure if its fixed allready or not: if you make in autoit a script which copys a file to desktop and to the windows directory(same .exe file), then kaspersky kills it when it runs! And flags it as any spyware or something else :DWell even you should never trust anyone when it comes to security(Said box once to me :P), you can trust here ppl like Box, Mara-, Tonyblair, Shajt... Because these ppl are sitting hours on their computer to make you happy, not to make you cry!Of course trust only the fixes which you downloaded from here, don't blame anyone if you downloaded it from torrent! Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 7, 2010 Administrator Share Posted April 7, 2010 @Night: I'm wishing to see ESET Fix.exe being password protected by mara-, that auto unlocks itself when executed. @BBs: That was my torrent, and it contained untouched box, mara- fix v1.3. Plus I had given the original hash of the fix. :unsure: Link to comment Share on other sites More sharing options...
kallejosef Posted April 7, 2010 Author Share Posted April 7, 2010 so basically, AutoIT is the problem.Are all of Box's releases made with autoit? like kaspersky and avira? Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 7, 2010 Administrator Share Posted April 7, 2010 Yes. Also you will see the most of the trial resets around here, whether it's made by anyone, the chances are high that they would be made in AutoIt! Link to comment Share on other sites More sharing options...
mara- Posted April 8, 2010 Share Posted April 8, 2010 I'm not sure if box do his fixes in AutoIt. This fix is designed by me only, and he figured how to freeze the trial.Cheers ;) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.