Warning: Focusrite Fast by VR

Discussion in 'Software' started by hackerz4life, Aug 19, 2021.

  1. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    7,713
    Likes Received:
    3,931
    Location:
    AudioSexPro
    im using almost two decade of cracked software ;)

    you could try to analyse it, in a VM. are files dropped, which ones? Are registry key changed, which ones. Are the symptoms rly coming from the crack or from something else?!

    VR always did clean stuff, means only patched and redone into a setup.

    patching works upon changing opcodes, instructions in the binary. Packing extra malware or hiding stuff takes extra effort, which is just not conform, with how VR distributes his works.

    And he also had shown up in other releases - I guess.
     
  2. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    4,432
    Likes Received:
    3,570
    Location:
    Where the sun doesn't shine.
    Shame on them - no touching allowed! :)

    Seriously speaking that's why I always make my own "manual" installers in a VM. Because you never know, but mostly because I hate seeing 666 programs/plugins installed in "Programs and Features". Thankfully, VR makes great installers, but I still do mine to be able to choose what files to install. :wink:
     
    • Like Like x 3
    • Agree Agree x 1
    • List
  3. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    9,081
    Likes Received:
    7,006
    Is it possible that one of these uploaders: makaveli, hidera, deuces, alexfduch, Xaudios, HATSHEPSUT packed a virus in?

    In theory, you would have to download all of them and then do a virus check.
    Request for correction - was just an idea. Because I have the virus Win32 / Wacapew.C! Ml found in the file!
     
    • Like Like x 1
    • Useful Useful x 1
    • List
  4. 5teezo

    5teezo Audiosexual

    Joined:
    Feb 2, 2012
    Messages:
    2,062
    Likes Received:
    1,175
    I'm currently demoing the Fast Equilizer on mac and I've gotta say, I think it's pretty impressive as far as the implementation of AI and usefulness is concerned. Looks like a simplified version of Sonibles Smart EQ3
     
    Last edited: Aug 19, 2021
  5. hackerz4life

    hackerz4life Audiosexual

    Joined:
    Jan 6, 2020
    Messages:
    1,037
    Likes Received:
    566
    Location:
    Space
    Try to uninstall it and see if its affecting your purple plugin. lol
     
  6. hackerz4life

    hackerz4life Audiosexual

    Joined:
    Jan 6, 2020
    Messages:
    1,037
    Likes Received:
    566
    Location:
    Space
    Thanks for this message.
    This is what im talking about. Something is not ok with the installer.
     
  7. BambooPestle

    BambooPestle Producer

    Joined:
    Mar 14, 2020
    Messages:
    79
    Likes Received:
    81
    HA is mostly professional tool for RE experts. You can't just look at some scary words like "touches files in the Windows directory" or "identified as malicious" and say that there are viruses inside. You can see reason why files in the Windows directory was touched: just for API calls like any other software. And you can even upload any R2R installer and will see same warnings. :)
     
  8. DoubleTake

    DoubleTake Audiosexual

    Joined:
    Jul 16, 2017
    Messages:
    2,287
    Likes Received:
    1,231
    "...usually i get my stuff from sister site or the russians." is NOT good enough.
    The fact that you are not sure where you got it calls your competence into question and makes your anecdotal experience nearly worthless.

    You should be documenting origins of every piece of software.
    A simple copy/paste of link in text with date is all that's needed and you'll know where and when each came from.

    There are a bunch of people who have installed this and no reports on sister site.
    Plenty of comments on Russian site but again, no mention of any virus ,etc, false positive or not.

    In my 5 years or so using watching this site and sister site, i have only heard of ONCE that a virus got uploaded in some package for a short time before being removed.
    Warnings are fine, but to say you have lost trust in VR due to this?
    Seems like you should have lost faith in yourSELF, if you can't identify where you got it.
    If you have recent system backups +1 faith in yourself.

    So, we will see if anyone else can verify your symptoms from a KNOWN sister site download, or even a Russian download.
     
  9. hackerz4life

    hackerz4life Audiosexual

    Joined:
    Jan 6, 2020
    Messages:
    1,037
    Likes Received:
    566
    Location:
    Space
    Who the hell tracks and writes down all their downloads. I download a bunch of stuff and many times leave it in the folder.
    Sometimes you just forget what you have downloaded, may take weeks before you try something.
    Yes, i have sort of lost trust in his releases after this, what do you care what my personal stance is, are you the gate keeper of my hdds?
    I have plenty of competence to know something is not alright, have been doing this for a long time.
    But i question your competence in reading things trough, because there was at least one more member in this thread who confirmed the same thing happened to him as well.
     
  10. hackerz4life

    hackerz4life Audiosexual

    Joined:
    Jan 6, 2020
    Messages:
    1,037
    Likes Received:
    566
    Location:
    Space
    Why are people so surprised by this. Even R2R mentioned here and there that some of the software was not properly cracked by v.r

    I thought things trough and how i got it and i excluded the Russian source because it was in a destination that is reserved for direct downloads, not torrents, so i got it from the sister site.

    Could be its not a trojan, i immediately deleted the file and restored the pc, didnt risk by going into safe mode to analyze the file, as the threat of losing my HDD was the biggest issue and time was not on my side.
    Whatever it is it can still seriously mess up your essential directories. People should know there are certain risks involved.
     
  11. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    9,081
    Likes Received:
    7,006
    In order to present themselves better, arrogant people often disparage their fellow human beings. They do this not only with their demeanor, but also clearly with their words. Because blasphemy is the arrogant's specialty. He takes every opportunity to speak condescendingly and judge others. Although he is incapable of criticism himself, he has no problem judging others. This behavior in particular makes him unpopular with many.
    Arrogant people not only ignore advice, they always want to assert their own opinion. They always have to have the last word in discussions. They devalue the opinions of others, even if, viewed objectively, they would make more sense. However, they do not want to admit defeat, as this in turn would affect their lack of self-esteem.
     
  12. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    7,713
    Likes Received:
    3,931
    Location:
    AudioSexPro
    hmm it is hard to add viruses to a setup file, you would need to expose the setup file to virus or create a new setup file from scratch (thats what people did in p2p, its time consuming)

    Yeah i see. Look when i pack a dll with PE-packer, then no anti-virus can read the packed file, it just sees its compressed. Same method use for maybe viruses, its just that the virus really has no tool to unpack and verify.

    And you could always go to VR page and validate his uploads with the one you got from here. I know double time needed, but just to be safe if you dont trust the uploader from here.
     
    • Like Like x 1
    • Useful Useful x 1
    • List
  13. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    9,081
    Likes Received:
    7,006
    Thank you @ArcticStorm for the explanations and information. The question remains "Why" Windows Defender "classifies the file" Focusrite Fast "as malware and the message" Program: Win32 / Wacapew.C! Ml "is displayed!
     
    Last edited: Aug 19, 2021
  14. nism

    nism Ultrasonic

    Joined:
    Apr 5, 2020
    Messages:
    86
    Likes Received:
    21
    What software do you use to create an installation profile and capture the installation process?
     
  15. Arabian_jesus

    Arabian_jesus Audiosexual

    Joined:
    Jul 2, 2019
    Messages:
    974
    Likes Received:
    758
    Windows Defender doesn't find anything in the .rar's I have downloaded. I've tested a couple of links each from Sunny, hidera and makaveli so far, but I don't have the patience to test every single link from all of the uploaders.
     
  16. jarredou

    jarredou Guest

    The "Ml" at the end of the name of the "malicious" program means that it was detected by machine learning (ML.NET), this often gives false positives on cracks, keygens, etc.
     
    • Like Like x 1
    • Useful Useful x 1
    • List
  17. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    9,081
    Likes Received:
    7,006
    Thank You @jarredou for this information.
     
  18. Arabian_jesus

    Arabian_jesus Audiosexual

    Joined:
    Jul 2, 2019
    Messages:
    974
    Likes Received:
    758
    I've had the FAST bundle installed since it was released and I just re-installed it with one of the .rar's I downloaded today to see if anything happens, and it does fuck up your Visual C++. I guess it's the same as what happened with V.R's Arturia FX bundle installer. Nothing harmful though, you just need to re-install the Visual packages and everything is fine.

    Running a total virus scan right now just to be sure, but I don't expect it to find anything.
     
    • Like Like x 1
    • Agree Agree x 1
    • Interesting Interesting x 1
    • List
  19. BEAT16

    BEAT16 Audiosexual

    Joined:
    May 24, 2012
    Messages:
    9,081
    Likes Received:
    7,006
    Thank You @Arabian_jesus for the useful information !
     
  20. dbmuzik

    dbmuzik Platinum Record

    Joined:
    Apr 15, 2013
    Messages:
    540
    Likes Received:
    294
    Although this reply of yours was not to me (this is my first and only comment I will leave in this thread). I want to use your words to point something out to you and others here. When you say "Who the hell tracks and writes down all their downloads".. it clearly indicates you are in question of where you even downloaded it from. Let's say if the sister site was the "only" place you downloaded this type of content from, there would be no lack of knowledge where you got it from.

    You say you've been doing this a long time.. so no pun intended. But let me tell you something. Unlike R2R's custom installers.. V.R's custom installers are almost never encrypted which makes them super easy to unpack with even the most basic tools like innoextract, etc. V.R's installers are friendly for users who want to unpack them and for example: remove all the AAX drivers, 32 and 64bit VST2's, user manuals, foreign language docs, vcred apps you already have installed on your system, etc. because you only want the 64bit VST3. Then you repack the installers, and now all of your V.R installers may only be 1/3 of their original size if you want to hold on to them. And yes, on the flip side it's just as easy to unpack a V.R installer, add a "Wacapew.C" file to it, and close it back up. That's all that needs to be said.

    I took a look inside, and there is no "Wacapew.C" in V.R's release on the sister site, or that pertains to RET Ambi Bundle keygen as mentioned by someone else. "Doing this a long time" doesn't make any of us error-free. You still made the mistake of downloading from some untrusted source/torrent/etc. and not examining it's contents prior to installing it.
     
Loading...
Similar Threads - Warning Focusrite Fast Forum Date
Need Help with Unsafe Download Warnings PC Aug 21, 2024
Youtube warning regarding adblockers Internet for Musician Dec 3, 2023
Removing noise from live bootlegs (newbie warning) Mixing and Mastering Sep 16, 2023
Audionamix: user data leak warning confirmed Industry News Mar 2, 2023
A Warning On the Future of Music: with Author Ted Gioia | Podcast #1 Education Jun 10, 2022
Loading...