I'm convinced that you work for the FBI.

 

If you have a clean system, make a complete backup of your hard disk C./ on a second hard disk, if you are infected by viruses / Trojans etc., you can restore your system completely with your emergency start CD. You save time and are then on the safe side.

 

Lol, nah, I bet they don't offer jobs in europe
It's just exciting for me to take a look into suspicious files.

 

@r4e - Bro, you are always helpful - whether here or Audioz !! Big respect

Quick Query -
I sometimes download from other sites than Audioz.
Nothing Fancy happened with me, but how to be 100% sure that Im NOT Hit by any Lethal Virus? that I may not be aware of

Can I run -
1) Windows Firewall Full Scan (updated base daily) + 2) WF Offline Scan + 3) Malwarebytes Free Full Scan ?
Does that suffice.

Also, I have so much stuff - I dont know what Anti Viruses might delete - and what VSTs might stop working

Please advice

 

Proceed strategically and first make a complete backup of your hard disk C:/ so that you can restore your entire hard disk in an emergency.

Back up your important files to an external medium. Remember that if you have a virus, it will usually be on the C:/ hard disk, i.e. your operating system. Try not to have any personal data on the C:/ hard disk. If you don't have a 2nd hard disk, you should think about buying a 2nd SSD hard disk that is slightly larger than the C:/ hard disk to put your backup and personal data on.

Please only download from secure sources such as the sister site.

Almost every keygen is misinterpreted by the antivirus software as a false alarm and before you download you must turn off the antivirus software or Defender otherwise it will eat your keygen.

Never try to open file attachments in emails that you do not recognize, this is now also a gateway for identity theft.

If you are infected, unplug the Internet cable immediately, shut down your PC, set the boot options in the BIOS, boot from the CD ROM, insert your emergency rescue CD ROM and boot your PC and restore your complete backup of the C./ hard disk.

For 16 $ you can get Ashampoo® Backup Pro 26, with this program you can also create the emergency backup CD ROM
here : https://www.ashampoo.com/en-us/backup?currency=usd

 

And very interesting for us to get a look at your brain second-hand
It's amazing not only the tech, but the diligence required to learn and do it

 

Thanks a ton bro! Really appreciate the Detailed reply

I forgot to mention but I do use - Macrium, do incremental backups of my Windows SSD every 2-4 days.

For other Imp data/library - I really want to backup those as well but it's HUGE and spread across. Let me see if I can prioritize and backup Imp

BUT I want to check "If my current Windows has Lethal Virus" - how to check that? Will below suffice for it ?

METHOD - 1) Windows Firewall Full Scan (updated base daily) + 2) WF Offline Scan + 3) Malwarebytes Free Full Scan ?

Thanks again :D

 

On "Complete Defender Scan" (updated base) , it detected below -

HackTool:Win32/Keygen!MTB
HackTool:Win32/Keygen!pz
HackTool:Win32/Vigorf.A
PUA:Win32/GameHack

I had already "Allowed" before - 1) Win32/Keygen , 2) Win32/Vigua.A

 

The Windows firewall can be imagined as a house with several doors (ports), you have some doors that open to the outside, open so that you can go out and some doors that open to the inside are only allowed for certain programs. It is configured by Windows by default so that you can work safely with Windows.

Your Internet browser should recognize malicious websites and warn you about them. You will sometimes see SSL in your browser window. An SSL certificate is a security measure used by all reputable websites to establish encrypted connections and protect visitors' data.

First of all, virus guards are never as up to date as the people who circulate Trojans and viruses. Virus software manufacturers have several PCs open on the Internet and then allow themselves to be infected with viruses etc. and write a program against this. They write a program against this and then update their anti-virus software via updates.

Some viruses/Trojans are not detected and sometimes they are already part of a botnet without knowing it. There are also boot viruses that are detected and then deleted, but are there again the next time the PC boots up.

I've had about 4 serious threats in 26 years online, each of which I got rid of by backing up the C:/ hard disk. I don't have an antivirus program or Defender running. The firewall does what it needs to do. I use the free Malwarebytes AdwCleaner.

There is no absolute security on the internet, the companies promise you great things but they can't deliver and a lot of money is made on fear. Sometimes even your modem is hacked, for example your Cisco modem is not secure.

If it makes you feel safer, just do a daily scan with Malwarebytes, that's all you can do.
It's nice that you always have an up-to-date backup, but expect the worst, that even a backup can go wrong.

 

Thanks Sir !

Precious Information

So to summarize, Backup is the best strategy - that too if it doesn't go wrong. So for that I use Macrium (tho if I use it to restore if needed, not sure if backup will also be corrupted with virus)

Nothing fancy is happening to my PC - to my knowledge. I just wanted to be sure if no Lethal Virus is currently affecting the windows.

I have Malwarebytes Free, so prolly will scan from it more often.
Also I use MB windows firewall control - its pretty good/clean

Thanks a ton for your knowledge and effort - sir. Big Respect :D
Good day

 

I usually use virtual machines (VMware Workstation) to test downloads I'm not sure of.
I also use them for compatibility tests of my patches and stuff. Have almost every main/final version of Windows as a VM around,
as well as Linux distributions and MacOS and even a russian Windows XP to get cyrillic characters displayed correctly when checking
stuff coded in russian language.

The malicious code contained in the file in this thread btw. also had some russian lines.

For fast/quick tests I'm using Sandboxie Plus (Free - just click Next when they ask for a donation license).
You can create several sandboxes there for several situations. I have a "VST" sandbox and a "VST NoNet" sandbox where no connection
can go out to quickly test if a plugin works without internet - if it doesn't, I wont use it. There is also an "AntiDel" plugin that prevents processes from deleting files which is very useful for monitoring malware that runs temporary scripts that are getting teleted as quickly as they were created. That way thay stay in the sanbox.

Those sandboxes are also very useful to get files from installers that you can't unpack. Team VR for example
protects their installers from unpacking for meaningless reasons as you still can take a look into their installers
with some inno setup unpacking tools and a hex editor and if the files are password protected as well,
I simply install it into a sandbox and extract the scripts with to other tools to get a fully unpacked installer.

With the Sandboxie GUI you then can simply empty the sandbox and start over again and no file can leave the sandbox
while working in it.

 

Last edited: Feb 17, 2025 at 8:59 PM

Damn, that's some Sherlock level shit brother :D Too Intense and thoughtful.

Tho ive heard about VMs - never tried. Im not so techie, tbh.

Thanks a lot for sharing your process, hopefully peeps here will learn and try to implement the same.

Good day bro

 

By any chance do you recognize below, these 4 are showing in my Protection History (asking action)
I checked their locations - mostly R2R versions

HackTool:Win32/Keygen!MTB
HackTool:Win32/Keygen!pz
HackTool:Win32/Vigorf.A
PUA:Win32/GameHack

I had already "Allowed" before - 1) Win32/Keygen , 2) Win32/Vigua.A

 

If you download from the sister site, you have to disable Defender, otherwise it will eat your keygens, after installation, turn your Defender back on. All keygens from the sister site are recognized by defender as malicious viruses, they are always false positives.

If you unpack and then install a file and use the keygen, you should delete the unpacked files after the installation, so that the keygen is always packed with WinRar, then your antivirus software won't attack either. Also empty the recycle bin on the desktop.

You should not allow anything, scan your whole PC again, if it finds anything send it to quarantine.
If you scan the hard disk C:/ and it finds something, send it to quarantine. Never make exceptions on the C:/ hard disk

Do you only have one hard disk installed?

 

Last edited: Feb 18, 2025 at 9:02 AM

Have you tried Kaspersky? I'm not really a fan, but of all the antivirus programs I've tried, it's the one that had the best detection rate and the fewest false positives. I eventually stopped using it because I wasn't particularly happy giving it kernel access and allowing it to spread thousands of files throughout my system. However, it was pretty good; it rarely flagged cracks. The only ones it flagged were a few U-he keygens from R2R. It also saved me from a FUD Ransomware once.

 

It's pretty easy. Once you've installed VMware, just click on "create new virtual machine" and then follow the steps.
You'll be asked for some virtual hardware settings, the windows image you want to install, etc.

When the VM is set up, just boot it and it'll start the usual installation process like you would install Windows on your PC.
After installation you'll get offered to install VMware tools, which contains gfx/audio drivers for the vm and a driver to
exchange files with your host machine.

After a restart you can just drag and drop files to the VM and from the VM to your PC. You also can load iso images into the virtual dvd drive,
enable/disable the virtual network card and do basically everything you can do with your real PC.

HackTool:Win32/Keygen!MTB
HackTool:Win32/Keygen!pz
HackTool:Win32/Vigorf.A
PUA:Win32/GameHack

Keygens usually get flagged as "HackTool" or "RiskWare" as they allow you to license software without spending money.
Some Keygens also contain a patch engine to patch RSA keys or similar which is basically "hacking" as it modifies binaries.
Mostley such things are getting flagged because their binaries are packed using UPX, MPress, VMProtect,...
which prevents most people from taking a look inside of the code to replicate it or whatever.
But it also helps to keep the crack working because the software dev's also cannot see what the cracker did.

The GameHack could be a cheat tool/trainer for a game you're playing. Cheat tools usually modify the games memory
to enable special functionalities and that is also a kind of hacking.

Don't know what the Vigorf.A signature means. I'd need a sample of the file flagged as such to get some knowledge about it.

In the current situation I don't really trust companies from russia. Don't know whats going on over there and if russian authorities
are allowed to force russian developers to leave some backdoors open in software like this, especially stuff that runs deeply in the system.

 

Last edited: Feb 18, 2025 at 3:12 PM

Im so Stupid I thought let me just allow at least VST keygens forever ! :D
Thanks for reminding sir! I removed all from Allow access and will only allow now while installing
Just 1 .dll file for ableton is in "exlusion list" - rest all is cleared. Thanks a ton

 

Thanks Bro, VM solutions sounds dope ! Near to perfect , if poss will surely try this to be safer.

As for now, Ive Disabled all files from my Allow list - in exclusion list only 1 ableton.dll is present.
When I will install new vsts, then I will allow for that time being
This solution should suffice.

For Gamehack I dont play any game :/ Just CS 1.6 sometimes but no hack in that
So ive quarantined all these file.

Thanks for all your help and expert advice brozai ! \m/ :D

 

VIRUSTOTAL ---> www.virustotal.com/gui/home/upload

Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.

 

Last edited: Feb 19, 2025 at 10:23 AM

It is!



I can run MacOS to find solutions for my mac friends while doing other work on my Windows machine or I try critical system file modifications before I apply them to my physical machine or debug software without the fear that my system crashes because of a faulty patch. You also can use this if you work for a software company that has special requirements but you don't want to buy a separate machine just for work. And in case I screwed up, I delete the VM and replace it with another. For this case I always archive my VM's after successful installation with 7zip as a backup.

 

Last edited: Feb 19, 2025 at 8:48 PM