How to tell if game rips have trojans?
August 6th, 2016
As you said ” Could it be their antivirus read the crack or keygen”…..
Everyone has different AV, one will detect one will not.
Usually if topic Really contains some kind of trojan/virus then multiple users will report it, but if it is just one most likely it is just antivirus program he use……
Since AV software is usually playing catch up (they need to be able to ID malware, which means it has to exist) they use something called advanced heuristics, in which they look at the behavior of software to determine if what it’s doing is similar to what known malware does, then flag it based on that. That’s what we call a ‘false positive’. Most of the garbage AV software people use will do this without discretion, which is why people go crazy. Most of the time you can decide based on the name, which will be generic. Because cracks usually manipulate other files to bypass call homes, system checks etc they do look suspect to software.
If you are worried about it, you can run these cracks in ‘sandbox’ environments, which will run the file but restrict it’s access to certain areas of the OS, meaning that if it tries to access certain folders you know there’s a problem.
There are also hash checks, wherein you’ll compare the file you’ve downloaded to the original uploaded by scene groups, unfortunately this isn’t popular and assumes that the original group hasn’t packed it with malware.
Personally I just go ahead with it, and monitor the system afterwards, using software like Comodo Killswitch to make sure my PC isn’t dialling out to any unknown IP addresses (which would be required for malware to connect to the person who released it)
thanks to you both, thanks a lot for the info, cheers.
I’ll add in, if you’re in doubt, upload it to Virus Total or Jottis Malware Scan.
If it shows something like 4/47 AND those 4 are things like Avast or Avira, Sophos, ClamAV (the most likely to give false positives) – then it’s probably OK.
If it shows something like 28/47 and those 28 include ESET, Kaspersky, Malwarevytes, etc (the top name AV) then it’s probably BAD.
—–
Stay with well known uploaders – Toothless, Kissme1 (now inactive)..
Learn the quirks – e.g. Theta upload cracked exes are usually false positives (they usually do the smaller games, the “match 3” and so on)
—–
Having said all that, you still need to be wary..
I have seen some rld.ll files that have flagged as virus with ESET – people say it’s false positive BUT I also have the same dll in another game that is not flagging a virus AND it works perfectly when copy-pasted over the “virus” file.
So, if the virus one was a false postivie, how come the non virus version of the same file works in that folder? Makes me think that some of these false positives .. aren’t false..
So – be careful, be a little paranoid.
thanks man
I recommend having a good firewall. I personally use Comodo Firewall its free and very effective. Use it to block cracks and games from accessing the internet. As for knowing whether a game crack is legit or not. Make sure you find one from a proper group release. Otherwise if in doubt read comments people post on threads. If you are really paranoid just use a virtual machine in Vmware and test things out first. If things go wrong just delete the virtual machine. If nothing looks out of the ordinary then its safe.