Anyone else get this message after the latest windows update?

 

even before update was that warning from different security apps....

 

no.. the other antivirus say nothing found (malwarebytes and kaspersky)

 

https://audiosex.pro/threads/refx-nexus-3-mac-win-workarounds-fixes-crashes-etc.58392/page-43

DJK say:
if you check on virus total 32 security vendors flagged this file as malicious,
go check, and as this seems to come from chinese source its a worry and ill remove it.

https://adwareremoval.info/trojanwin32-ymacco-aadf/

 

windows defender keeps flagging this as a trojan, i am not sure why,if it was a .exe file then i can understand the worry, but its a .dll which is only active when using nexus 3, maybe others can put some light on this.

 

Last edited: Aug 12, 2021

It depends on where you downloaded Nexus 3. With the Chinese sources they have probably packed a Trojaner with them. So please download from the Sister website and not from dubious sources. He doesn't have the virus alert on C: / but on D: / (see the photo of him in the file attachment).

 

Last edited: Aug 12, 2021

I was sceptical to, but as far as I know that is because the code in dll is obfuscated to protect crack code from alternating it. So Windows defender and other AV maybe sees that as a virus because of that. BTW, you have on the sister site more recent version Nexus 3.4.4. So you should download that version just in case.

From point of view with Kaspersky there is nothing to worry about, and that is the most reliable AV in the market, so yes I can say that is clean.
Malwarebytes says nothing, as HItman pro and HItman alert, so don't worry, just download from sister site another version.

 

It seems to no longer be on the sister site?

 

You can add it as an exclusion in the windows defender.

 

Due to a DMCA takedown request.

 

Almost all kracks are a virus in some way.
They have to beat out certain security protocols.

 

Companies and even users have the option of sending in hashes of the cracked files to the AV companies to so they get tagged.

one example would be https://www.virustotal.com/gui/home/upload The thing is, it doesn't need to be an actual virus.

 

Not really a virus, they just have the aspect of a virus, but they are harmless, at least from trusted sources.

 

it is an old "problem" of some anti-viruses.

in this case (if this happened after few months after installation) I think file was marked as virus because it was packed with "yoda's crypter" - packer for windows executable files (that using for viruses too). check file with another anti-viruses at virustotal.com


P.S.

not quite right. dll file (not only if it is a virus!) may receiving commands (and/or additional files from web), sending commands to system (or any other) files/apps/services to execute code, reading and sending any data (including data from any files), without any running host application at same time and controled in realtime mode too.

 

you are describing magic. a dll cannot execute arbitrary remote code just by sitting on a hard drive.

 

yes, dll need a "master" process, but it is can be any process. only the one first calling of dll (also during an installation, also it can be other temp dll that setting up all components) can execute all needed commands for future. for installed dll (vst plugin) it can executing commands from joined code section right after loading dll by host application, and then redirect to original code of dll and plugin will be loaded as usual.
I saw a lot of viruses as dll and ocx. one of them workiing as internet explorer component (can be joined and installed by user with any software installer) and loading only after user authorisation at specified address (web app), it changing value and address for money transaction (but showing user original entered data) to stole all money from account, it also sending some info to authors of virus. and it can be uninstalled by remote command from authors using running internet explorer. and this was possible more than 10 yaers ago.

so you should update your knowledges about dll, start with main at https://en.wikipedia.org/wiki/Dynamic-link_library

 

The version which is/was in sister site was the original one, which originated from the chinese source. AFAIK there is no an other version. I tried the files from sister site and the original source and they both get flagged as viruses.

 

The best solution is never to go online with the computer you use to make music, and then to use either Shadow Defender (Or some other sandbox software) to work on a snapshot of the C drive, so no changes are ever made to it when you reboot.

 

so what you're basically saying it that every single chinese cracker out there will probably insert a trojan into software only being used by a very small part of the population, the original source is infact chinese, if i'm not mistaking, and was selling this version online. yeah sounds like a great business model.

it's totally not logical, think about it: chinese gov "we need to know if those damn musicians are making anti communism music" one of the nerds being commanded to do this "but winnie only 0.002% (yes i made this number up,could be more could be less) use this software, couldnt we better infect windows 11?" winnie "guards, execute this man for correcting me"

is this racist paranoia or paranoid racism

 

insert a virus can any other person from any country, not only cracker or crack team.