I am going to post this here in case any noobies are curious like myself

What purpose does the "R2RNIKG3.dll" serve along with other .dlls in AppData? Found one thread about similar dll files (https://audiosex.pro/threads/what-is-r2rls7hp-dll-file.57256/). Just curious as to how it works and why Windows Defender detects it as "Trojan:Win32/Tnega!ml" as opposed to the other "Trojan:Win32/Wacatac.DF!ml" false positive mentioned in that thread too. It's Team R2R so of course I am not debating that it's unsafe! Just wanted to learn something and maybe this thread can be used to relieve some panic for new people too who will google/browse here.

It was R2R Kontakt 6 v.6.6.1 on the sister site with verified scene release tag directly from the sister site (posted this to comply with a pinned thread about detections)

Was gonna delete this post but don't think I can, so I guess maybe we can turn this thread into one on information about them to prevent panic? Then again I would not be surprised if I missed some that did.

 

Last edited: Feb 9, 2022

It is a false alarm from Windows Defender. Don't panic - just ignore it and move on.
https://hybrid-analysis.com/sample/...4e0c7eb73f986d9fe1a541964a7?environmentId=120

 

just a guess... R2R Native Instruments Key Generator 3

 

Did you de-compile the dll or is it your opinion like 1000+ other users that this is a false/positive? Did anyone de-compile stuff from our beloved and 'trusted' release groups? So if you didn't de-compile or look exactly with a Process Monitor what this stuff did you can't be 100% sure if it is a false/positiv!

But hey, we have trusted KI/AI/META Virus/Trojan/POP/Adaware scanner..

..that could make sense!

 

Last edited: Feb 9, 2022

Nothing is certain. I've also had a lot of alarms and people keep saying here, download from safe sources like our sister site. The people who crack and/or upload would otherwise be putting their livelihood or earning potential at risk.
In short, anyone who provides their users with viruses / Trojans will then be shunned.

I have had 3 real viruses and trojans so far. These pests all came from untrustworthy websites. My anti-virus software has
not protected me from them either. 2 times the screen froze asking me to transfer some bitcoins. 1 time I had a polyphonic
virus that ate away the files. I had a full backup of the C./ hard drive and in 90 minutes my system was restored.

 

Do you know about BIOS-Rootkits?

 

Yes, it's a nightmare.
If an unauthorised rootkit is discovered at the BIOS level, there is only one way to get
rid of it: The memory where the BIOS resides must be physically removed and replaced.

Many companies lost more than 220 billion euros in the last few years due to hacker attacks.

 

I am not worried.
I always wear clean underwear just in case.

 

it is a part of the keygen.
you can open R2R keygen.exe with 7zip to see what is inside.



these file are crypted, or linked to execute, so the AV don't know how to read inside, it result an alert even if they are safe.

2 AV alerts on virustotal are only based on missing version info & icon group, a simple rar sfx exe without it will result an alert.
nothing is scaned. it is only a commercial issue to find something.

the R2R Kontakt keygen don't use version info.

usually all legit exe have one.

ESET is quiet on keygens, re installable after an advanced revo cleanup without reboot, all you need is a new fake mail to reset the trial.
maybe replace windows defender to stop this joke.

 

If anyone wants to have a pre-installed "security-oriented" VM with all the necessary tools, check out "Flare VM". I stumbled upon this while watching Malware Analysis videos on Youtube and it seems to be a good solution to quickly populate a secured VM with tools.
Always helped with unpacking binaries,etc

https://github.com/mandiant/flare-vm

 

Yeah I figured this one was a false alarm, I just wanted to know what the .dll did and how I can analyze them in the future (like with the way people did with Nexus 3 that got removed off sister site).

Thank you for the feedback though! I'll definitely use the tools here mentioned whenever I am curious about something.

Also, which of those other sites gave you those viruses? Were they just the random VST ones?

 

Last edited: Feb 9, 2022

Ahhh thank you, that makes sense now as to why Windows Defender gives off different readings too. It's not even scanning the file and just using machine learning to come up with an alert, which is why my alert was not showing up on the forums.

 

It was random search with a search engine for something - has been a long time ago, where then was not inside what is written on it. So a fake which is of course fraud. You should really only download from sources you trust.

 

some dev can modify the crack to spread shit over the internet.(not a virus but a not working version)
flux does it for their first matrix lock Air crack.

 

the people who spend a decade bringing us 10000 clean releases for goodwill and street cred are totally going to flush all of that away now for whatever momentary gains they can get from a botnet or credential stealing

(not to say virus total isnt your friend)

 

Of course. This was all just a post to help me understand more about the purpose of the .dll and how to properly analyze them in depth and why they raise false flags. I'm a new account here and wanted to delete this post as I thought it mightve been a silly question but I think it'll end up being useful for people who get false positives and spread knowledge of tools like the ones posted above

 

Thank you so much for this

 

So, If i download something from the sister site, say for example The Glue and my antivirus detects a trojan ( Bit defender) its still safe to run the key gen? Im finding this with a lot of keygens from R2R.