Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-21-2012, 05:41 AM
chanvaidan chanvaidan is offline
Member
 
Join Date: Jan 2009
Posts: 30
Default Multikey V0.19.1.8 have virus Why?

I have download multikey V0.19.1.8 at link www.testprotect.com and my pc have kaspersky and report multikey have virus why? i don't sure and scan online at http://virusscan.jotti.org and i have a result

Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.


Filename: MultiKey.sys
Status:
Scan finished. 12 out of 20 scanners reported malware.
Scan taken on: Mon 21 May 2012 11:22:02 (CET) Permalink

Additional info
File size: 1265160 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 71e25013e97455abee07f6485959c6a7
SHA1: 029c83a5075ae98a94d821cd3c30efcd42e5a640




Scanners
[ArcaVir]
2012-05-21 Found nothing
[Frisk F-Prot Antivirus]
2012-05-21 Found nothing
[Avast! antivirus]
2012-05-21 Found nothing
[F-Secure Anti-Virus]
2012-05-21 Trojan.Generic.4961249
[Grisoft AVG Anti-Virus]
2012-05-20 Win32/PolyCrypt
[G DATA]
2012-05-21 Trojan.Generic.4961249
[Avira AntiVir]
2012-05-21 TR/Drop.Agent.ddqa
[Ikarus]
2012-05-21 Trojan-Dropper.Agent
[Softwin BitDefender]
2012-05-21 Trojan.Generic.4961249
[Kaspersky Anti-Virus]
2012-05-21 Trojan-Dropper.Win32.Agent.ddqa
[ClamAV]
2012-05-20 Found nothing
[Panda Antivirus]
2012-05-19 Found nothing
[CPsecure]
2012-05-21 Found nothing
[Quick Heal]
2012-05-21 TrojanDropper.Agent.ddqa
[Dr.Web]
2012-05-21 Found nothing
[Sophos]
2012-05-21 Found nothing
[Emsisoft Anti-Malware]
2012-05-21 Trojan-Dropper.Agent!IK
[VirusBlokAda VBA32]
2012-05-21 TrojanDropper.Agent.ddqa
[ESET]
2012-05-21 Win32/TrojanDropper.Agent.BNVJBF
[VirusBuster]
2012-05-20 Trojan.Agent!v/BAa/mMUt8
Reply With Quote
  #2  
Old 05-21-2012, 05:55 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,251
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

he is vmprotected =)
__________________
... Either you work well or you work much ....
Reply With Quote
  #3  
Old 05-22-2012, 01:43 AM
gnerogeem gnerogeem is offline
Senior Member
 
Join Date: Aug 2009
Location: Kalimdor
Posts: 553
Default

It's a false-positive response from the antivirus.
Latest Multikey wrapped with VMProtect.

If you think it can harm your PC, don't use it.
__________________
Pink is the new black.
Reply With Quote
  #4  
Old 05-22-2012, 09:04 AM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 327
Post

Just wonder is there a tool to unVMprotect?
Reply With Quote
  #5  
Old 05-22-2012, 04:22 PM
gnerogeem gnerogeem is offline
Senior Member
 
Join Date: Aug 2009
Location: Kalimdor
Posts: 553
Default

OllyDbg, some script and skill. Good luck.
__________________
Pink is the new black.
Reply With Quote
  #6  
Old 05-24-2012, 11:50 AM
chanvaidan chanvaidan is offline
Member
 
Join Date: Jan 2009
Posts: 30
Default

Somebody can help me upload file multikey.sys V0.19.1.8 no virus. Thanks
Reply With Quote
  #7  
Old 05-24-2012, 01:30 PM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 327
Post

http://www.multiupload.nl/WXHBAOGTTL
Reply With Quote
  #8  
Old 05-24-2012, 05:07 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

It is NOT a virus, it is compressed and encrypted.

Git
Reply With Quote
  #9  
Old 05-27-2012, 04:01 PM
chanvaidan chanvaidan is offline
Member
 
Join Date: Jan 2009
Posts: 30
Default

Thank Git
I hope you can open source multikey for all member.
Reply With Quote
  #10  
Old 05-27-2012, 05:08 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Multikey is not mine. Well, parts are, but that's another story... I use my own emulator which I am not going to open source because the algorithms are not public.

Git
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.