Forum

Trojan (Mal/Behav-053) in crack.exe?


#1

Hi,

I heard about vvvv a few month ago while writing an audio visualitazion. Sadly I had not enough time to get into it, but I’m still interessted in testing it out now; so I downloaded it. When I unzip it, my antivirus software recognized a trojan in crack.exe (Mal/Behav-053).

Since I’m a bit careful with files named “crack.exe” and with my antivirus ringing I thought it might be a good idea to ask what thats all about.

I’m using Sophos antivirus; I’m goning to try it with another antivirus software when I’m at home later. Someone else got that problem?

greetings


#2

it is only sophos that ever complained. but that on every computer i had that used that antivirus software.

this got me into trouble with a potential customer. he was anxious to install any new software onto his precious system anyway, and then there was a virus warning in something called crack.exe


#3

hi

that’s kind of good news - many thanks so far.

Too bad that the university uses sophos to protect its network. I worry being barred from it when installing.

greetings


#4

would be interesting to hear what exactly makes crack.exe suspicious. we’d like to fix that of course. if it is only the name though, then hollodaro…


#5

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Behav-053/detailed-analysis.aspx

maybe it’s the registry edits, maybe the name, maybe you used something in it, that has been used by evil-doers in the past, maybe sophos just doesn’t like midi tunes…

since it is only sophos that complains your best shot would be to send it to them and tell them, that the program is legit.


#6

naice, i got immediate answer from sophos

Hello joreg.

Thank you for the file sample submission.

You are correct; this was a false positive detection. The file crack.exe is clean (not malicious). Our apologies for the inconvenience.

We have updated our IDE files to prevent this detection; please ensure the Sophos IDE files are up to date on all end point computers.

We issued gowfi-a.ide to prevent this detection.

Regards,

Gary Ellwood
Sophos Technical Support

scael or velcrome can probably update their IDE files and confirm this?


#7

hi

nice work there !
crack.exe is no longer rejected by sophos.

thanks alot

greetings