BitDefender's Antivirus - Get rid of fake viruses!

earnolmartin

Trojan.Bat.HDkill.A

Trojan.Crack.Stylexp.B

Trojan.Activcrk.A

These viruses do not exist on other virus databases except BitDefenders'. Therefore, these supposed viruses are really not viruses. These files do not pose a threat, as I have used them, and ZoneAlarm Internet Security Suite says they're clean. Please do not create your own virus definitions because you're trying to censor the type of files we have on our computers. In order to improve your anitvirus, I would remove these false virus "trojans". Else, users like myself become very annoyed and will not want to use your security products.

BitDefender's security suite has potential since it uses less than 10MB of background memory most of the time. This is the smallest I've seen any security suite run. However, the antivirus needs to have fake virus definitions removed.

I'd love to see the above implimented in version 11.

Let me know what you think mods and users...

~

Thanks

AndreiASM

Hi, Eric!

Each antivirus uses it's own naming-convention for malware. You can find more information about it on bitdefender.com on naming comventions.

FP (False-Positives) are a main problem for each security software, and if those programs don't contain any dangerous routine, the detection will be removed.

Andrei

alexcrist

Hi Eric,

I really don't think these are "fake signatures". At most, they are false positives (which is completely different).

Please archive those reported files in a zip file (protected by the password infected) and attach them in a new thread in the Malware section.

Cris.

earnolmartin

Hi Eric,

I really don't think these are "fake signatures". At most, they are false positives (which is completely different).

Please archive those reported files in a zip file (protected by the password infected) and attach them in a new thread in the Malware section.

Cris.

Why can't false positves be removed then? These signatures are false positives because I already know those files do not contain viruses. These signatures only apply to like 2 files.

I do not wish to upload them...

I will tell you, however, that one of those files allows you to view your Windows XP product key. If other antivirus programs see no harm in those files, then they are not infected. Thus, those 3 signatures should be removed as no other antivirus program sees it as a threat.

vladx

No, the user can't remove those signatures manually the only thing you could do is to exclude the folder/folders whre these files are located from scanning until the people from BD will remove the detection if they are really FPs.

AndreiASM

As I saw in their names, thise files are cracks. Maybe that's why they are detected like malware. I really don't know how they look, if I would have a sample I would take a look.

Andrei

alexcrist

@Eric: you have to understand this:

1) if no other AV finds these files as infected, that doesn't mean tha BD is not good. Maybe it's better then the other ones

2) this would not be the first time when an AV detects some files as infected, when in fact they are clean. This doesn't mean that the signatures are "fake". Those signatures do not apply to only 2 files. They apply to all files that contain that signature, and those files might really be infected.

Why won't you upload the files? You asked that the detection should be removed. That will not happen without the files beeing checked by the BD Virus Analysts. So, if you don't want to help BD become better, your only option is to ignore those files from scan (like vladx said).

Cris.

earnolmartin

@Eric: you have to understand this:

1) if no other AV finds these files as infected, that doesn't mean tha BD is not good. Maybe it's better then the other ones

2) this would not be the first time when an AV detects some files as infected, when in fact they are clean. This doesn't mean that the signatures are "fake". Those signatures do not apply to only 2 files. They apply to all files that contain that signature, and those files might really be infected.

Why won't you upload the files? You asked that the detection should be removed. That will not happen without the files beeing checked by the BD Virus Analysts. So, if you don't want to help BD become better, your only option is to ignore those files from scan (like vladx said).

Cris.

Sure... I'll upload them... however I only have one file because one was deleted by antivirus and one is 1.1GB.

/applications/core/interface/file/attachment.php?id=212" data-fileid="212" rel="">Windows_XP_Product_Key_Viewer.zip

vladx

...and one is 1.1GB.

Is this file in fact an archive?If yes, than it's ossible that the archive contains more files and only one is reported as infected.

earnolmartin

As I saw in their names, thise files are cracks. Maybe that's why they are detected like malware. I really don't know how they look, if I would have a sample I would take a look.

Andrei

Yes, one of them is. It was the one that was deleted though, but I'll try to post it as well.

AndreiASM

Hi, Eric!

I moved your topic on "Malware discussion" because here only VR cand acces attached files. On the rest of the forums, everybody can acces them, making itt possible to infect other computers. Everytime you want to attach a possible infected file please attach it on "Malware talk".

Thank you!

Andrei

earnolmartin

Hi, Eric!

I moved your topic on "Malware discussion" because here only VR cand acces attached files. On the rest of the forums, everybody can acces them, making itt possible to infect other computers. Everytime you want to attach a possible infected file please attach it on "Malware talk".

Thank you!

Andrei

Ok, but this was really a suggestion topic...

I've attached the file in the 1.1GB zip.

/applications/core/interface/file/attachment.php?id=214" data-fileid="214" rel="">Virus_File.zip

AndreiASM

Hi, Eric!

I understand that it is a suggestion topic, but we can't allow users to download possible infected files on the forum. They can blame us for infecting their computer (from their ignorance). That's why I moved your topic here. These files could actualy be real trojans, and they could actually cause harm. Virus Researchers will take a look.

Andrei

Niels

Hi Eric

BitDefender doesn't detect every tool to receive what registration key you used. To give an example BitDefender doesn't react on this tool: http://downloads.cnet.co.uk/0,39100207,39144968s,00.htm

and also here : http://www.nirsoft.net/utils/product_cd_key_viewer.html and here : http://www.download.com/3001-2094_4-10664536.html

Where did you download that tool? Because all the tools to receive that information were clean.

Sometimes BitDefender or any other antivirus detect some files also if they are legit. To give an example pskill is installed on some pc's. It can also be used by a hacker to let your computer countdown and afterwards shutdown itself.

If you download cracks it's likely that they contain malware.

Regards

Niels

Niels

Hi Eric

If something was wrong with definition file than all the tools I downloaded must be detected. The problem is that I can't download the file because only virus researchers can download files here to protect people who accidentally download a virus. If you want to be really sure you can upload the files on these websites:

http://www.virustotal.com

or

http://virusscan.jotti.org

If it's a theme for stylexp that you downloaded from Themexp.org than the chance is likely that it contains malware. Here is the proof: http://www.siteadvisor.com/sites/themexp.o...fe&aff_id=0 Most of the themespack they offer contains malware.

Regards

Niels

Niels

Hi Eric

That is also why I said if.

Did you already uploaded the virus file to the websites I mentioned?

Could you give me the location where the virus was found and also the name of the file?

Did you installed a windows vista 30 day activation crack? Because that is also the information that sophos offers: http://www.sophos.com/security/analyses/trojactivcrka.html So you don't have a point. It's the exact the same trojan. Also for the rest of your infections are also detected by other vendors: http://research.sunbelt-software.com/threa...threatid=130083

But sometimes valid files could be marked as infected but that chance is very little. You have to wait till one of the virus researchers take a look.

Regards

Niels

AndreiASM

Hi, Eric!

This is just coincidence that BD detects those files as malware BUT take into consideration that they could be indeed malware. BD doesn't detect cracks, keygens etc. BD detects viruses, worms, trojans, spyware etc., and there aren't any definitions for keygens and cracks.

However, most of the times, these kind of programs contain malware. You shouls be carrefull with them.

Andrei

vladx

Well, i saw few times when Bitdefender detects cracks wich aren't infected, IME Kaspersky detects much more cracks,keygens than BD, naming them not a virus....

However, most of the times, these kind of programs contain malware. You shouls be carrefull with them.

Yea, and i can confirm this.

Niels

If you look closely, those are the only web references to those types of viruses. We all know ZoneAlarm Internet Security is great, right? Well I wanted to experiment with different internet security suites to see which one used the least amount of background memory. Since ZoneAlarm uses the Kasperky Virus Engine and it doesn't see it as a virus, then why does BitDefender? BitDefender is the smallest internet security suite to run the least amount of background memory, which I like. However, it's got a few issues which I'm trying to address.

No, I did not install or run the time crack for Windows Vista... However I did download it. I think BitDefender just doesn't want users to have any kind of crack... This information should be kept confidential anyway, and it's the users choice. Therefore, telling me that some files have a virus when they do not is biased information trying to influence users.

I had bad experiences with their firewall. Installation issues where my pc rebooted itself again and again. I can't argue about the security suite. But I read a review in pc magazine where they say that in that particular test zonealarm was only capable of detecting 34 % of zoo files. That was with version 6.0.

So it could be improved.

BitDefender detects because cracks and other software to bypass registration or protection have a high chance to be infected. That's why BitDefender detects them.Other vendors marks also cracks as viruses or as riskware. Cracks,keygens,... are all illegal.

Regards

Niels

AndreiASM

I had bad experiences with Kaspersky. After installing it, at reboot, my PC was freezing. I had do make a "manual remove" in safe mode. Very unpleasent.

Andrei

Niels

Hi Eric

You are wrong by saying that. Kaspersky sometimes doesn't have definitions for some malware. This was the case for a new msn virus where the files were undetected. I can give you a link to a security site the only thing it's in Dutch: http://www.security.nl/forum/i/145122/ If you first take a look when they uploaded it for checking Kaspersky didn't find anything first. Scroll down and you will find an answer where someone of Kaspersky lab say they going to add a detection file.

Upload the files to virustotal and post the result link. For link see my previous post. If BitDefender is the only one than it's likely a false positiv.

Regards

Niels

AndreiASM

Well Eric just because an AV doesn't detect a file as beeing infected this doesn't mean it's not. You have to be carreful, because even the bets AV's make mistakes sometimes... even BD makes sometimes.

Kasperksy ain't some kind of a supreme AV which detects all malware.

Andrei

bluesprite

If Kasperky doesn't find any viruses, then it's not a virus. Bottom line.

Huh? Man, you really need to get back to the ground and perhaps check out some antivirus tests. Not one antivirus product detects 100 % of all viruses. What's with the Kaspersky worship?

Niels

Hi Eric

What bluesprite said is right. Every antivirus misses sometimes a virus. Mostly when it is a new variant. I uploaded the infected files so Softwin can add them to their signatures. I was referring to the example of that msn virus.

Regards

Niels

earnolmartin

Hi Eric

What bluesprite said is right. Every antivirus misses sometimes a virus. Mostly when it is a new variant. I uploaded the infected files so Softwin can add them to their signatures. I was referring to the example of that msn virus.

Regards

Niels

Ok then... Let's put it this way. If both Kasperky and AntiVir (www.free-av.com - Best free virus scanner from the Germans) do not see it as a virus, it's not a virus. IN all of my cases BitDefender thinks I have a virus in those files. That's wrong though because I've run the WIndows Product Key Viewer thousands of times. You have even reassured me that there is no virus in that file.

Are you trying to tell me that BitDefender's AV Engine is the best because it can label files incorrectly?

AndreiASM

We're not trying to tell you that, and we aren't trying to tell that other AV are bad. What we're trying to say is that just if some AV didn't detect a program as a malware, this dowesn't mean it isn't malware. Every time a new virus/worm/trojan appears, no AV can detect it until a deffinition is added. Let's suppose that BD guys were faster and they add the deffinition faster for that malware than Kaspersky, Avira etc etc. What does that mean? That BD detects a FP (False Positive) just because some other AV's don't detect it as well?

Andrei

vladx

[f both Kasperky and AntiVir (www.free-av.com - Best free virus scanner from the Germans) do not see it as a virus, it's not a virus

Even if KA,Antivir,Nod32,Norton etc. wouldn't see it as malware, it could still be possible that the file is malware.There can be even malwares detected by no AV.

P.S. I'm not speaking here about the key viewer, wich of course is not malware.

earnolmartin

Even if KA,Antivir,Nod32,Norton etc. wouldn't see it as malware, it could still be possible that the file is malware.There can be even malwares detected by no AV.

P.S. I'm not speaking here about the key viewer, wich of course is not malware.

The whole point of this thread is that virus definitions:

Trojan.Crack.Stylexp.B

Trojan.Activcrk.A

DO NOT EXIST. Only one other website that has a security product that I have never heard of also has these virus definitions. Obviously, they are flaud, as we saw that my files are not infected. Therefore, I recommend the removal of these definitions as they only apply to XP key views and XP anything that is not stock.

I also do not think that the first definition I listed in post 1 exists either.

vladx

The whole point of this thread is that virus definitions:

Trojan.Crack.Stylexp.B

Trojan.Activcrk.A

DO NOT EXIST. Only one other website that has a security product that I have never heard of also has these virus definitions. Obviously, they are flaud, as we saw that my files are not infected. Therefore, I recommend the removal of these definitions as they only apply to XP key views and XP anything that is not stock.

I also do not think that the first definition I listed in post 1 exists either.

Well the detection samples which you attached here will be remove if are FPs, you just have to wait.

vladx

I'm sure you're not a beginner, but you have to calm down and wait...insisting on a thing won't remove the detections quicker.

bluesprite

Ok then... Let's put it this way. If both Kasperky and AntiVir (www.free-av.com - Best free virus scanner from the Germans) do not see it as a virus, it's not a virus.

........

The fact that you are taking BitDefender's word is scary.

This is very frustrating.

You don't seem to be willing to understand, that a file CAN contain a virus even if the "God-chosen" Kaspersky and Antivir say it's clean. That's what we need to clear up first. Take a look at some tests and you'll see that Kaspersky isn't always the top-performing product, and neither is Antivir. You're going as far as saying that the tests that they scored less than 100 % are actually incorrect, and the missed samples weren't actually viruses.

On the subject with your particular files, I'm sure they're not infected, and that they're false positives. Kaspersky detects some cracks or keygens as viruses as well, if you use the extensive database, which includes "potentially unwanted programs". It even detected mIRC once, which is not even illegal. So it's really unnecessary to make such a big deal because BD detected your cracks. Exclude the folder where you keep them from scanning and voila. I would imagine that software developers pay antivirus vendors to include cracks for their products in the virus definitions database, and I can't blame them. If you're going to use their software for free, at least bear with their efforts to protect themselves.

Niels

Hi Eric

Counterspy from sunbelt-software is a very known antimalware vendor. They won lots of prices for their work.

Also the keyfinder is detected by spyware doctor because malicious person can gather your key.

http://www.pctools.com/mrc/infections/id/ProduKey/

Ad-aware detects it also for the same reason. Detects it as hacktool.keyfinder Again BitDefender is not the only one who detect it because it can be used without any notice. Also sometimes they (other virusvendors) didn't detect it because nobody gave that files to check them. Sophos is also a good antivirus that also detect the windows vista crack. So the files that BitDefender finds are also marked as infections by other security vendors. I've posted the links to prove it.

The files aren't labelled incorrectly because as I said they could include risks. Each vendor decides what he will label as a threat.

Regards

Niels

bluesprite

The files aren't labelled incorrectly because as I said they could include risks. Each vendor decides what he will label as a threat.

Regards

Niels

Niels, I agree that the key finder could pose a risk because someone else could see your key, but can it be done remotely? Does the file start a server? What about the other files mentioned? I don't think so, they never try to access the internet. So the risk of someone using the tool to steal your cd-key is close to none if he would have to start it manually on your computer. It's easier to steal it from the hologram sticker on the PC case. Yet, the files are labeled as "Trojan", which is misleading. They should be labeled as hack tools or cracks, which they are.

Niels

Niels, I agree that the key finder could pose a risk because someone else could see your key, but can it be done remotely? Does the file start a server? What about the other files mentioned? I don't think so, they never try to access the internet. So the risk of someone using the tool to steal your cd-key is close to none if he would have to start it manually on your computer. It's easier to steal it from the hologram sticker on the PC case. Yet, the files are labeled as "Trojan", which is misleading. They should be labeled as hack tools or cracks, which they are.

Hi bluesprite

I just wanted to clarify that other vendors detect also some of these key retrievers. That was my point. I also know that the chance is little that they(=hackers) retrieve the key. I also agree that trojan is indeed misleading. Riskware can also be a name or the ones you suggested.

Regards

Niels

bluesprite

Agreed.

miekiemoes

I think BitDefender just doesn't want users to have any kind of crack... This information should be kept confidential anyway, and it's the users choice. Therefore, telling me that some files have a virus when they do not is biased information trying to influence users.

Imho, cracks/keygens whatever should be detected by any Antivirus - even though some are "safe" to use. After all, can you really tell they are safe?

People who are used to download/use and search for cracks and pirated software will get infected anyway. Maybe not today, but the next crack, or search for the crack will result in a totally infected/compromised computer.

The attitude: "It is my computer and it is mainly my problem if I get infected" is so wrong. This is our problem as well; because malware acts in different ways.

That's why.. if more scanners would detect cracks/keygens whatever - then maybe people will be more cautious and stay away from pirated software/illegal sites...

Because after all, how do you think that 80% of the infected computers got infected?

People "steal" software, may become responsible for infecting other computers, sponsor malware and then they complain that their cracks are detected by an Antivirus? That's sad, isn't it?

Just my little rant

earnolmartin

BS. Most cracks are designed and coded for one purpose.

~

For BlueSprite: I sure hope BitDefender does not have a secret bribe going on with Microsoft or any company. I bet they do, but that not only violates our privacy, but also the 4th amendment.

Looks like I was right. Nothing can beat ZoneAlarm Internet Security Suite. Panda couldn't, Trend Micro couldn't, and all the others ######. BitDefender has potential, but until these agreements for making up virus signatures and the firewall leak have been resolved, I think I'll stick with my buddy. The firewall also has to show the amount of intrusions blocked as well as a persistent IP ban.

--------------------------------------------------------------------------------------

What, am I right with my assumption? Is that why no one responds?

Where is that virus guy to test my clean files?

--------------------------------------------------------------------------------------

Tell me about BitDefender 11;

- Does the firewall use signatures to prevent a virus from renaming a trusted program to get full access?

- Does the firewall show how many intrusions have been blocked?

- Does the firewall have a persistent IP ban for hackers and sniffers? Also for people trying to break in over p2p.

Thanks for all your help mods. I'm just angry with these untrue virus signature results.

AndreiASM

Hi, Eric.

Zone Alarm is a resource eater compared to BD. It takes about 200Mb of RAM. In addition, the firewall of ZoneAlarm isn't as good as it seems. You can't create persistent rules or advanced rules for applications. However, as a plus, it has Intrusion Detection which can block or accept an entire range of IP addresses.

I don't try to make ZoneAlarm look lame, but he is more for average users. I personally wouldn't be satissfied with it (and I think I'm not the only one). And I don't try to make BD look good either, because when I find a bug, I post it!

I'm sorry you got angry because of those (maybe) false positives, but please wait for VR to analyze those files. There could be false-positives indeed (this wouldn't be the first time), but take into consideration that they could actually contain malicious code.

Andrei

AndreiASM

Hi Eric.

I was trying to say that you can't create advanced rules for applications, as far as I know. Corect me if I'm mistaken.

Andrei

Niels

Hi Eric

You must have a little more respect for miekiemoes. She is very knowlegded in security and malware removal and also active on several well known security forums.

Nothing can't beat zonealarm security suite isn't true gdata internet security 2007 is also very good. If you perform some searches and look at the results. They are equal. The virus reseachers aren't always on this forum. During the weekends the chance is very small that someone of them are active. I suppose that you also will find in your law a reference that you don't are permitted to download piracy (software,cracks,keygens,...) If you really don't want these files found exclude them by opening BitDefender go to antivirus,shield,adjusted level (custom level) select don't scan this path on all levels,new item and browse to the folders you don't want to be detected but it will still be detected when you perform a scan.

Regards

Niels

Cd-MaN

The batch file (the one detected with Trojan.Bat.Hdkill.A) was a FP (False Positive) and will no longer be detected as of the next update. The detection for the other file (the key viewer) stays, because it is not detected as a malware, but as a possible undesired program (BD should say detected application..., not infected). If you wish to run the program, exclude it from the real-time monitoring system as described by others.

Best regards.

vlad

Eric, you've made some unbelievable and rather offensive statements.

the antivirus needs to have fake virus definitions removed

BD does not have "fake virus definitions". The ones you mentioned may very well be false positives, but no serious antivirus has fake definitions. Such an attempt would be penalised by organisations comparing AVs, so it would be a rather dumb thing to do on purpose.

We are not trying to censor anything, but we DO NOT condone piracy. Although it is not in our policy to have detection for cracks & keygens, I personally do not consider it a bad thing. miekiemoes had an excellent point on this.

Speaking of which, on we go:

BS. Most cracks are designed and coded for one purpose.

You'd be surprised. There are several "crack & serial" sites which ONLY provide malware, and most of the other such sites add a little bonus to the package (the "bonus" then calls home and brings a lot of friends along).

I would also kindly ask you to refrain from foul language.

We all know ZoneAlarm Internet Security is great, right?

Ummm... no, we don't. Personally, I don't know anything about it. It may be great or not, but the fact that no major AV comparative site (AV Comparatives, VB, Checkmark, ICSA Labs) has anything to say about it is a bad sign. If it uses the KAV engine, it's a good thing. But on one hand, KAV doesn't have 100% malware detection (no AV has, check above comparisons) and they have their share of false alarms; all AVs do. On the other hand, ZA using the KAV engine doesn't mean ZA achieves the same detection rates as KAV (an AV is a complex system, detection is usually not just signature based).

Either way, whether it is the best AV or not, the fact that ZA identifies a file as infected or clean does not make it so.

Jotti has an excellent point on this; see here, the first paragraph.

I think BitDefender just doesn't want users to have any kind of crack...

Well... actually we don't, because it's illegal. But as I explained, it's not our mission to do police work, and we have no intention in controlling your use of such software. It is a best security practice to avoid such products, for reasons already stated, but it's pretty much your choice. If a false alarm appears on such a product and it is harmless, it will most likely be removed. Do note however that software which reads the serial of your Windows installation could be used by a spyware program, and you most likely would like to be warned if you had one on your computer without your knowledge. And the AV can't tell whether you know about it without asking you, which is what it does.

Basically, if you set up the AV not to scan your "underground software" folder, it won't. But detections on software which reads serial keys from the registry are not a bad thing, unless you want them hidden from the... ummm... victim.

This information should be kept confidential anyway, and it's the users choice. Therefore, telling me that some files have a virus when they do not is biased information trying to influence users.

It IS kept confidential, and as I've already stated, it IS the user's choice. It isn't biased information, it's probably an honest mistake (if the detections are actually FPs).

If Kasperky doesn't find any viruses, then it's not a virus. Bottom line.

Dear God... and you're accusing other users/companies of being bribed to advertise BD (and I quote: "The fact that you are taking BitDefender's word is scary.", "I sure hope BitDefender does not have a secret bribe going on with Microsoft or any company. I bet they do, but that not only violates our privacy, but also the 4th amendment.")... no further comment on this one.

Nothing can beat ZoneAlarm Internet Security Suite. Panda couldn't, Trend Micro couldn't, and all the others ######.

What rational argument do you base this statement on?

The whole point of this thread is that virus definitions [...] be removed.

Someone is currently looking into that.

Well, maybe I can continue to give suggestions in the suggestion forum to help improve it... lol

Suggestions are appreciated, and are treated seriousely. But it's a basic sign of mutual respect to refrain from false and somewhat offensive allegations, and to maintain a respectful tone.

As you've properly noticed, your problem has received prompt attention, and had it been formulated in a less offensive manner, it probably would have been solved a lot faster.

bluesprite

For BlueSprite: I sure hope BitDefender does not have a secret bribe going on with Microsoft or any company. I bet they do, but that not only violates our privacy, but also the 4th amendment.

Looks like I was right. Nothing can beat ZoneAlarm Internet Security Suite.

That was a pure speculation on my part, but I don't know how else to explain that fact that clean files, which don't pose any kind of threat to a computer, are marked and deleted automatically. On the other hand, not ALL cracks or keygens are detected by BitDefender, so my guess is that some have been added upon request by the respective software vendors.(Could be a false positive, of course). Like I said, Kaspersky, as well as Norton (I haven't tried with all possible products), also detect and delete some, but not all cracks or keygens. However, I don't see how that violates your privacy, if the findings are not reported. As for the 4th amendment, you apply quite broad an interpretation, detecting viruses is not different, as one may want to keep them on purpose.

And as usual, your fascination with Zone Alarm, as was the case with Kaspersky, is irrational. There is no program that is 100 % secure, all defences can be bypassed, and Zone has its own problems.

@miekiemoes - it doesn't make sense to have clean files labeled as trojans and deleted, when they're in fact not. There are cracks which contain trojans. That's the job of the antivirus program, to detect the infected files, and leave the rest intact. It's not illegal to download such a file, it's illegal to use it unlawfully. But that's the job of the justice to enforce, not the antivirus programs. Mind you, laws vary from country to country, and in some places it's not a criminal offence to use cracks, but only an administrative infringement. Other than that, it's true that cracks download sites are a major source for infections.

[Edit] Removed a speculation about false definitions that was already refuted by Vlad.

miekiemoes

it doesn't make sense to have clean files labeled as trojans and deleted, when they're in fact not

I didn't say to have them labeled as Trojans. I did say to have them detected - and in this case as an unwanted tool/application/riskware. By default, such detections are not removing the files - it's users choice.

As I said previously, my main concern is not because it's illegal, but mainly because they are ALWAYS a risk and is the cause why so many systems got infected.

bluesprite

True, you didn't say they should be labeled as Trojans. I meant that in this case, they were labeled as Trojans instead of Riskware or something like that. Also, with some files, the only risk is to have the FBI after you, so I'd like a more precise detection of real riskware, instead of general detection of all cracks/keygens. This is about the detection concept though. Thanks for your input.

miekiemoes

Yes, you're right about the Trojan detection here, but I guess there's maybe a reason why the "Trojan" name is included.

Imho BD is quite precise in detection here:

Trojan.Bat.HDkill.A

Trojan.Crack.Stylexp.B

Trojan.Activcrk.A

Better than a general "riskware" detection.

But, I agree that for example Riskware.Crack.Stylexp.B etc may sound better...

AndreiASM

@Vlad: you said it just perfect. There are too many factors to take into consideration when speaking about IT security. Just because ZA let's you do i-don't-know-what this doesn't mean it's the best.

There isn't any AV which is perfect, nothing is perfect.

@miekiemoes: I think too that the label "trojan" should be put only if the program certainly has malicious activities. Else, I think that "riskware" would be enough.

Andrei

bluesprite

I checked the Naming Conventions section of the BD site, it's pretty clear there:

Crack.Program.Version - Program crack/patch (programs that register illegally commercial kits)

Trojan.Family.Variant - Trojan Program (Trojan type programs)

So in this case, we have an incorrect labeling.

earnolmartin

@miekiemoes: I think too that the label "trojan" should be put only if the program certainly has malicious activities. Else, I think that "riskware" would be enough.

Andrei

Well said. And perhaps if it's labeled as riskware, the user can have the option of telling BitDefender what to do with them just like it can for viruses.

bluesprite

If Kasperky doesn't find any viruses, then it's not a virus. Bottom line.

Just found this report by accident, but take a look anyway. So much for the mythology.

http://www.itnews.com.au/newsstory.aspx?CI...p;src=site-marq

paulb100

Hi

Kaspersky is tops but it did miss a Trojan.pakes that 12 out of 32 other AVs spotted inc. BitDefender and Norton

I knew the file was infected as norton spotted it AND AVG anti-spyware (not AV) so i submitted the file to VirusTotal for scanning

and 12 of the 32 engines found the infection...so Kaspersky isnt as solid as it seems... however im sticking with it and AVG AS as BitDefender 10 is very problematic...BDv9 is great but BDv10 has loads of problems for me..

HOWEVER i managed to get 1 of the files you had and also uploaded it to www.virustotal.com and 10 of the 32 engines found infections in the file....

here is the resulting page...

http://www.virustotal.com/resultado.html?6...159a1aa185acaf9

so 10 other anti-viruses cant be wrong????

(2 VIRUSES IN 1 NIGHT THAT KASPERSKY HAS MISSED AND LOOKING AT LINK IN POST ABOVE PERHAPS I (WE) SHUD CHANGE)

also I dunno about ZoneAlarm being 'great' or having kasperskys engine ???? I was under the impression that ZA was poor AV!