1. Synapse Audio The Legend v1.3.1 Incl.Keygen-R2R
2. Sister site (main link - uploaded)
3. Windows Defender
4.
Detected Threat: Backdoor:Win32/Bladabindi!ml
Alert Level: Serious
Category: Back door
Details: This software allows remote access to the computer on which it is installed.

1. exact name of the release, including version and team (no live link!)
2. where did you download the file from
3. name of your antivirus software
4. what warning message did you receive exactly

Link to Virus Total Results:
https://www.virustotal.com/gui/file...eff6813f5be8ef56ce95935e26e60fbe06d/detection

 

Install Sandboxie or similar, you can then run the Keygen (and any other dodgy executables) within that, it doesn't touch your PC files/OS.

 

Funnily, when doing a web search, I get plenty results from AV software and commercial malware removal tools.
Let's make up a new threat, fear sells better than ads.

 

Yes, should be routine to everybody already.

If you don't do this, please do, it's free for Windows. Also Windows Sandbox is very good, but it's Win 10 Pro/Enterprise only.

A clean VM from a snapshot also works (Hyper-V, VMWare, VirtualBox), but it's more work.

 

A false positive is not worth starting a thread, but I'm all for discussion about virii and malware. It would be a really short discussion, though.

1) Deinstall all the crapware AVs you're using. Yes, Windows Defender too. Your system will thank you. [there is a really nice script called "Windows Decrapifier" that you can use to clean your Windows of Microsoft malware and make it work faster]
2) run and install either VirtualBox or Sandboxie. Both are free ffs. There are even VHD images you can download of OSes you can run directly in Virtualbox!
3) Install the software inside VirtualBox with a test OS, started from a clean shapshot of it [the whole OS starts in 2 sec from a snapshot]
4) See if and how the software works, transfer the files, reg entries, folders to your real OS through a shared folder and install it "no-install" style!
5) Enjoy making music!

I recommend browsing the Internet from a Virtualbox if you don't use Linux or Mac for that. With Windows, you are such an easy target for all kinds of online malware even virii. Is it really easier to have an antivirus that can actually get disabled by a smart virus? I've seen it happen far more than once. People with AVs getting virii. It always makes me ... AV companies are fear mongering criminals. Kinda like those dodgy insurance companies. But what makes me mad the most is that AV software slows down any OS just too much. Get rid of it!

 

Last edited: Feb 21, 2021

I don't agree. You just need to learn how to use windows defender. It's one of the best antiviruses if you know how to use it, Microsoft knows best how to protect their OS, especially if you use pc for other things and not only offline for music.
In this case (as it is for most detections in stuff from sister site) there is final part of threat description to pay attention to:

Backdoor:Win32/Bladabindi!ml

The !ml (or maybe just the ml without the !) means it's Machine learning generated. It means this threat detection does not come from a stored database of threats, but rather from an algorythm that compares what you're scanning with other known threats and seeing some similarities decides that there's chances that it's the same threat (Win32/Bladabindi). Now, other than the fact that I'd like to know who the hell gives the names to these threats, and how do you come up with the name "BLADABINDI", you know it's R2R release, you know it comes from audioz, you know what program it is, you see only few detections of meaningless AV names on virustotal and you now know it's machine learning generated. So easy conclusion is it's a false positive and you don't need to worry about it. Just don't remove Windows defender, but temporarily disable it when you install R2R releases or, even better as users suggested, use a VM to run keygens and other exe, mostly to avoid dealing with antivirus false positives.

If R2R wanted to insert virus in their releases, they would add it inside VST dlls (if you open DLL you can see inside files named R2R that they use to avoid protections in ilok plugins). It would take them nothing to avoid writing their name in these files and just do whatever they want with our PCs, but instead they are the most trusted team.
Truthfully, these crackers have so much brain that if they wanted to do anything malicious, we wouldn't even see it, and whatever we see it's false positive as long as the download was from trusted source (sister site) and of a trusted release (R2R).

I hope I cleared some of your doubts.

 

I keep hearing this, but I'd be keen to learn exactly how? Do you get less open applications, less browser tabs, less audio tracks in your DAW, less plugin instances, what?

The amount of CPU power it uses is miniscule in my experience, so disabling it is more effort than keeping it running, and without any (marginal or not, arguably) benefits.

Personal preference, but I like to keep my system as vanilla as possible. Less compatibility issues with updates and so on.

 

Totally agree, 100%.
People that say defender slows PC down are 3 types:
1) Really noob Malware developer that is tired of getting his threats caught by defender.
2) Dude with pc from 2005, with old crappy cpu. (probably the same guy that says ableton indexer uses 20% cpu lol)
3) Dude that keeps reading in forums that defender is bad, and has brain like sheep so needs to repeat what he reads to fake-show that he knows stuff.

Obviously, people that are really good with computers (say, R2R crackers etc) will not have defender running on their main offline OS, it just wouldn't make sense, but for normal users without knowing every aspect of the OS and of programming in general, it would be idiotic to remove defender and mod OS. I hope people will stop giving these really poor advices to noob users, spreading disinformation.

 

Is there a way to prevent Windows Defender from immediately scanning downloaded files the moment you first click on them without turning it off completely?
It often happens to me that I download something from sister site, I want to pick it up to move it over to where I store my Plugin installers, and then Windows Defender immediately scoops it up and deletes it when I click on it. This even happens when it's inside a zip within a zip.
Kind of a pain to go into the Defender menu and restore it manually every time.

 

Add an exclusion to your desired folder(s)?

Settings > Virus & Threat Protection Settings > Add or remove exclusions

And yeah, Defender will scan archives as well, I'm not sure about formats but at least .zip and .rar.

 

The only way to put these files to safety from antiviruses, is with 7zip to do this, for example with a keygen:

1) Create 7z archive by splitting keygen into multiple parts (2 or more)
2) Create 2nd archive from these Archive parts that you created in step 1
3) Create 3rd archive with archive from step 2 + normal installer of the release, so that you can safely store it somewhere on your machine

This way the archive from step 3 will not be detected as virus.
It sounds complicated and long, but it's really easy and takes not more than 30 seconds after you understand what you're doing and how to do it.
That said, the best way is really what @phumb-reh suggested, to add an exclusion to folders. Defender has all the options that we need already incorporated.
The thing about archiving files as I said above is useful if you need to scan the whole drive also with other antiviruses or just more in general you want to be able to decompact file without decompacting keygen on main OS (you would decompact it in VM), and it's good to save storage space

 

ok i have issues with double posts by accident, I wish it would be possible to delete a message for users too...