Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   Reverse Code Engineering (http://www.reteam.org/board/forumdisplay.php?f=23)
-   -   Multikey V0.19.1.8 have virus Why? (http://www.reteam.org/board/showthread.php?t=4706)

chanvaidan 05-21-2012 05:41 AM

Multikey V0.19.1.8 have virus Why?
 
I have download multikey V0.19.1.8 at link www.testprotect.com and my pc have kaspersky and report multikey have virus why? i don't sure and scan online at http://virusscan.jotti.org and i have a result

Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.


Filename: MultiKey.sys
Status:
Scan finished. 12 out of 20 scanners reported malware.
Scan taken on: Mon 21 May 2012 11:22:02 (CET) Permalink

Additional info
File size: 1265160 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 71e25013e97455abee07f6485959c6a7
SHA1: 029c83a5075ae98a94d821cd3c30efcd42e5a640




Scanners
[ArcaVir]
2012-05-21 Found nothing
[Frisk F-Prot Antivirus]
2012-05-21 Found nothing
[Avast! antivirus]
2012-05-21 Found nothing
[F-Secure Anti-Virus]
2012-05-21 Trojan.Generic.4961249
[Grisoft AVG Anti-Virus]
2012-05-20 Win32/PolyCrypt
[G DATA]
2012-05-21 Trojan.Generic.4961249
[Avira AntiVir]
2012-05-21 TR/Drop.Agent.ddqa
[Ikarus]
2012-05-21 Trojan-Dropper.Agent
[Softwin BitDefender]
2012-05-21 Trojan.Generic.4961249
[Kaspersky Anti-Virus]
2012-05-21 Trojan-Dropper.Win32.Agent.ddqa
[ClamAV]
2012-05-20 Found nothing
[Panda Antivirus]
2012-05-19 Found nothing
[CPsecure]
2012-05-21 Found nothing
[Quick Heal]
2012-05-21 TrojanDropper.Agent.ddqa
[Dr.Web]
2012-05-21 Found nothing
[Sophos]
2012-05-21 Found nothing
[Emsisoft Anti-Malware]
2012-05-21 Trojan-Dropper.Agent!IK
[VirusBlokAda VBA32]
2012-05-21 TrojanDropper.Agent.ddqa
[ESET]
2012-05-21 Win32/TrojanDropper.Agent.BNVJBF
[VirusBuster]
2012-05-20 Trojan.Agent!v/BAa/mMUt8

BfoX 05-21-2012 05:55 AM

he is vmprotected =)

gnerogeem 05-22-2012 01:43 AM

It's a false-positive response from the antivirus.
Latest Multikey wrapped with VMProtect.

If you think it can harm your PC, don't use it.

user1 05-22-2012 09:04 AM

Just wonder is there a tool to unVMprotect?

gnerogeem 05-22-2012 04:22 PM

OllyDbg, some script and skill. Good luck.

chanvaidan 05-24-2012 11:50 AM

Somebody can help me upload file multikey.sys V0.19.1.8 no virus. Thanks

user1 05-24-2012 01:30 PM

http://www.multiupload.nl/WXHBAOGTTL

Git 05-24-2012 05:07 PM

It is NOT a virus, it is compressed and encrypted.

Git

chanvaidan 05-27-2012 04:01 PM

Thank Git
I hope you can open source multikey for all member.

Git 05-27-2012 05:08 PM

Multikey is not mine. Well, parts are, but that's another story... I use my own emulator which I am not going to open source because the algorithms are not public.

Git


All times are GMT -4. The time now is 12:19 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.