Question about potential trojan flags [solved]

Discussion in 'Software' started by Frunkenstein, Feb 2, 2024.

  1. Frunkenstein

    Frunkenstein Member

    Joined:
    Feb 2, 2024
    Messages:
    16
    Likes Received:
    8
    Lately I have been getting "severe" flags on Windows Defender from certain downloads from sister site. The one plug-in I tried downloading to try out, a very recent TCD offering, was taken down on sister site about 48hrs after it was posted, which kind of made me extra paranoid.

    Now I'm trying out another plug-in, an RKR release from an older post about 11 months ago, and the only available links are from a mirror. It also got flagged and quarantined by Windows Defender after download.

    Both of these downloads were marked as containing the following: Detected: Trojan:Script/Wacatac.B!ml

    What is "Trojan:Script/Wacatac.B!ml?" Is it a specific virus/trojan, or is this a generic attribute that keygens or cracked installers have in common with an existing trojan, and they are just generically lumped in and labeled "Trojan:Script/Wacatac.B!ml" and then flagged/quarantined?

    Are mirror links not as good as the original peeplink? Are they suspectable to being repacks of the original release and contain actual potential threats added to the original link posts?

    The thing is, I never got this specific warning until a few days ago.

    I'm not very fluent in malware things, so forgive the silly questions. I've been googling this stuff, and nothing but bad things come up about Trojan:Script/Wacatac.B!ml, and I don't really get any results searching this forum other than "typically kegens are false flags" and it never goes into anything more specific than that.

    Appreciate any advice/education on the subject.

    Cheers

     
  2.  
  3. Choosename

    Choosename Platinum Record

    Joined:
    Nov 24, 2023
    Messages:
    515
    Likes Received:
    217
    Location:
    Milky way
    Not exclusive to audioz but if you use warez take some cautions. Whatever answer you receive here, take your own considerations. Warez exclusive machine, load offline, firewall+, sandbox, etc.
     
    Last edited: Feb 2, 2024
  4. OOM

    OOM Rock Star

    Joined:
    Feb 23, 2023
    Messages:
    451
    Likes Received:
    353
    Best Answer
    Antivirus software is designed to find malware, and virus scanners consider the keygens themselves as malware.
    Keygens that have been professionally engineered will still show false positives with Windows Defender and antivirus software because of how they work which is by manipulating the registry which Windows doesn't like and the antivirus protects against.

    All links on sis site are safe, I have been downloading from there for many years and have never had any problems.

    Is Trojan:Win32 Wacatac.B!ml a false positive?
    Yes, a Wacatac alert can be a false positive, especially if you are downloading compressed files.

    Maybe the TCD release got taken down due to a DMCA request, which is nothing to worry yourself about.
     
    Last edited: Feb 2, 2024
    • Agree Agree x 1
    • Winner Winner x 1
    • List
  5. stopped

    stopped Platinum Record

    Joined:
    Mar 22, 2016
    Messages:
    586
    Likes Received:
    209
    the 'ml' part of the name of the detection you're seeing stands for 'machine learning'. detections that are created by AI can be useful to catch brand new viruses & trojans, but they are also very prone to false positives
     
  6. Frunkenstein

    Frunkenstein Member

    Joined:
    Feb 2, 2024
    Messages:
    16
    Likes Received:
    8
    Thanks for the answers. My next question is I am new to sandboxing. I enabled Windows 11 sandbox, copied my DAW install, and the new R2R downloads over to it. I installed the DAW, then the R2R release. However, when opening the Keygen, nothing opens or happens. This is one of the flagged downloads I am testing with. Is there a reason why the keygen will not open in the sandbox instance?

    -edit- I answered my own question haha. I had installed malwarebytes to get a 2nd scan opinion in the sandbox and left it on so it was killing the keygen launch. Keeping the question up so it's searchable.

    Cheers
     
    Last edited: Feb 2, 2024
Loading...
Similar Threads - Question potential trojan Forum Date
Geometry Dash Full Version Question PC Dec 2, 2024
reFX - Nexus 5 | Questions, Answers, Comments Lounge Dec 1, 2024
A question about sister site, DMCA takedowns and life Lounge Nov 19, 2024
VPS Avenger question Software Nov 6, 2024
external hard drive question PC Nov 2, 2024
Loading...