AVG deletes KeyGens

[DepecheNode]

AVG just deleted my XP KeyGens (more than 2 years old) from my HDD!

keygens used for research only.

[zbeast]

Oops.. that's interesting.
I've had some anti-spyware try and delete windows serial number capture programs but at lease
it would tell you that it was thinking about deleting it.

Tacky AVG, very Tacky.

[Nutty-Slack]

Yeah, you must have confirmed the delete somewhere, either manually or within automatic settings.
Can't remember exactly what happens when it finds something naughty, it's been a while....

XP keygens are prime carriers of malicious code, so it's probably done you a favour.
(You should be able to find plain text lists and random serials all over the net - for research purposes.)

AVG is also one of the better brands of security software at protecting itself from being cracked, which is a good sign I think.
Shows that its makers are on the ball.
(For the record, I use the free version since I have no need or desire to run any real-time security software [except a very old, light-weight firewall]).

[Artie]

That sucks.

I don't use AVG, but I heard it works pretty good for what it is. Some of the scanners I use recognize KeyGens too, but I just choose not to delete them, in addition to other stuff I don't want deleted.

If you need the KeyGens back, there's a bunch of data-recovery programs which'll work, freeware and shareware.

I'm not sure how you were researching it, but good luck with gettin' it back.

[olephart]

Check in AVG's virus vault. It has an option to restore "deleted" files, but if it has a virus, why would you want to?

[KingGeorge]

I assume your using the free version of AVG maybe? It keeps up that kind of behavior try avast or another scanner and toss it.

[zim]

ya know.... over the years i've run thousands of cracks and keygens... all sorts of programs people say are malicious and illegal..

i dont worry about them at all. ive never felt the need to scan anything or question what they are doing.

i trust pirates. they've never screwed me over.



companys however... i pick apart any new app i get. and may even scan it 12 diffrent ways...

i dont trust companys. they are always trying to screw me over.

[velatire]

If I even need a virus for whatever reason, I just go to a random crack/serial site and download the first .exe I can find.

AVG tends to do this, try uploading the file here to make sure it's not a virus

[Fartingbob]

I get my cracks from a few trusted sites providing that one isnt included with the program.
Havnt had a virus since i got my own PC (not shared). If you know where to go, you dont need to worry about viruses, and the scene as a whole is getting more trustworthy.

[thejynxed]

It's the detection policy of AVG, Norton, Avast! and quite a few others to delete keygens as "Potentially Unwanted Programs".

This of course has no bearing on if they are infected or not, but on the fact that they are used for pirating software, and corporations, being corporations, want to be nice and get rid of those pesky things for you

[DepecheNode]

AVG (free) has been on my computer for 3 years.

The key gens have been there longer.

Didn't delete till last week.

This is when I figure they sold out completely to MS.

[SwordOfZork]

I have an Adobe CS2 keygen on my hard drive that I've had for a long time. One day, out of the blue, AVG started detecting it as a virus. It wouldn't even let me run it at all, and I couldn't figure out how to get around it to let me run it. I knew there wasn't a virus in it, and I even tried redownloading it to be sure. Then, a few weeks later, it stopped being detected as a virus. It was really weird...

[ntscuser]

I installed two new keygens last night. AVG (free) didn't attempt to delete either of them. It did however warn me of a backdoor trojan concealed within the autopatch file associated with each of the keygens. I deleted those voluntarily by selecting "heal".

[Curmudgeon]

Go to Shell extensions > Settings and un-check "Automatically Heal Infected Files".

[laha]

This must be a behind the scenes agreement among antivirus vendors that they start to act as moral police.

I just got a message from Norton Internet Security 2009 software that after scanning at least 3 year old zip archives on a temporarily connected usb disk it deleted the tnt-acdsee.v3.0.b1209_crk.exe file being "trojan". Similarly a keygen.exe was deleted which belonged to an ancient game software. Furthermore one DOS joke program (mirror.exe, mirroring each character on the screen) was deleted too.

My advice: if you are fond of older cracked versions, do not store them on hard disk, use only CD/DVD for archiving, because the antivirus software deletes them without asking any question. During installation of such cracked version (from your archive CD) disable temporarily your antivirus software.

I don't like this type of evolution at all. I pay for the antivirus function (including all other stuff potentially harmful for me) and not for the antipiracy, anticracking, antikeygen etc. I believed that Norton is on my side and is not acting as a selfmade police watching the interests of the multimillion software lobby. To hunt keygen for ACDSEE v. 3 is ridiculous when the actual version is 9 at the moment. The software gigants has no understanding that there is a type of user who prefers the well-known simple interface and refuses to enter this crazy spinning upgrade caroussel. I do not see that such old cracked versions are doing economic loss for the software business, it is more a moral question.

We started to hate Microsoft because the frequent patching was more and more used to promote MS, to f.ck up rivals software, hunt down pirate copies, to collect information on users behaviour etc, shortly a lot of things we not payed for, and strongly dislike.

The antivirus software branch now made a point and acting moral police. This wouldn't be a serious problem if the message you are getting would be truthful saying e.g. "Erasing keygen.exe, a software creating illegally user keys". Instead we get a lie claiming that the ancient keygen is a trojan (a malicious software masquerading a useful function).

The only sympathetic gigant Google still resist the temptation to play the role of the eager moral police. A search after keygen still results 75 million hits. I don't mind at all that a search after "child pornography" do not lead to such pictures, but rather to discussions about it. I suppose there is a delicate manipulation of the search engine, but not too much yet. The temptation must be enormous, things you don't find with Google does not exist for people in general.

It needs a delicate touch to know where the fine borderline is. Google with te motto "don't be evil" http://en.wikipedia.org/wiki/Don%27t_be_evil did not get caught yet (hm, there was something in China though) but Norton and probably the other antivirus companies too lost my sympathy

Don't get me wrong. I am a honest guy, when a police chases a robber I am on the police side. But software piracy is not that threat what the lobby tries to show us. The frequent new versions, the radical platform changes (16 to 32, than to 64 bits) are marginalizing the economic loss. If somebody, who can not afford to buy a legal license of let's say Microsoft Word do install an illegal copy, does very little harm to the giant, in fact by learning the functionality, getting used to the interface, the features motivates a license buy later on. The same philosophy is behind the cheap student licenses hoping that the student will advocate for the well-known software later privately and at the job.

Summa summarum: the antivirus software should do what it supposed to do and not playing police.
Laha

[MrFredPFL]

this has been going on for years. it may be reprehensible, but it's certainly not new. and i wonder why you included the removal of the "DOS joke program" in your discussion. do you believe it was unfairly targeted because of some improper behind the scenes agreement by A/V companies? or could it be that it's simply an example of a much less sinister problem - a mistake? why would anyone deliberately target a joke program for removal?

[sunnyd]

While is it a known fact that most antivirus programs detect false/positives quite often, you do have choices. You can tell Norton (or which ever product) to ASK before removing the threat, and you can still maintain control of what your AV program does.

Once the AV program detects a threat that you know is not a threat, you then have the option to add it to a list of ignored files so when the next scan happens, it will not be an issue.

I suggest to you Laha, that you review all your settings. Cracks and keygens will always come up as trojans in a scan, yes, keep those on a CD or DVD, or what I do, is keep them on an external drive that is not included in the scan. You can also always tell your AV program what you want it to scan. If you have a folder called "downloads" on your "C" drive, that you want to keep setup files in, or keygens, then simply exclude that folder from the scan. That will not change the effect of a mouseover on a file that your AV program "thinks" is a threat, so when going to a file that is a keygen, disable your AV temporarily or it will indeed bark at you for the threat.

For Norton, open the Automatic Protection Settings tab in the Virus & Spyware Protection Settings window, review them, and uncheck those you don't want to be automatic.

AV programs are obtaining new definitions daily, and those new definitions are meant to protect us, however, many times I will agree totally, it's a pain in the arse when an AV program wants to be in control and you know for sure a file is not an issue.

[laha]

Thanks guys for your reply.
To mrFredPFL: deleting the DOS joke program is inherent part of the discussion. I mean that Symantec goes beyond all reasonable borders and regards a lot of things as threat which are not. You say that this has gone a long time.
Let me take an other example. I have a Garmin gps and installed the original software on my PC two years ago. This week my Norton 2009 suddenly erased the file mapsettoolkit.exe claiming it contains the very dangerous heuristic.ADH trojan. As I see on the net the mentioned trojan was created a year later (in 2009) as my original installation. Norton can't be right deleting it and havocing my Garmin setup. Why suddenly now? I had updated Norton on the PC all the time, I guess the latest update made a false assumption about originality/infectation.
Maybe hunting of keygens has a long history, But antivirus firms continuously update their target lists and beyond false positives even morally not correct software (DOS joke) ends up on the list. I can stress my opinion: an antivirus software got to kill just the harmful stuff, let the conscience problem for me to bother.

To sunnyd: thanks for your suggestions. The easiest way is the CD/DVD for archives, you explained excellently that even in excluded drives/catalogues the mouseover would trigger the antivirus action. Very good post

As I mentioned before I suspect a cartel between antivirus firms, maybe following a Microsoft initiative. How can otherwise all companies at the same time came on the very same idea (erasing keygens) which was not on their original target list. Here is an extract of similar discussions.
http://www.techmanch.com/vista-deletes- ... n-malware/
http://in.answers.yahoo.com/question/in ... 432AAGbknN
http://www.recipester.org/solution-kasp ... eygen.html
http://www.seasonsecurity.com/a/what-wo ... 37274.html
http://thepiratebay.org/torrent/3881870 ... X___Keygen
http://www.raymond.cc/forum/software/10 ... 008-a.html

[MrFredPFL]

it may be an inherent part of the discussion, but i think you're working with a handful of false assumptions. do you really think symantec, or anyone else, specifically added your "DOS joke program" to some blacklist? if so, why? you think there is some kind of conspiracy. ok, fine - now, please tell me how blacklisting that particular program furthers the goals of this conspiracy.

perhaps you don't realize how anti-virus software works.

[MrFredPFL]

just to be clear: please don't misunderstand me. i agree that anti-virus vendors often do things that they should not do. i just don't see where what happened to your mirror.exe file is proof of that. i suspect it was a far more innocent issue which caused that file to be deleted. i find it very hard to believe that norton/symantec, or any other A/V vendor, would specifically and deliberately target that particular file.

i think what is far more likely is that that file was an innocent victim of what was probably a legitimate addition to your A/V's definitions. these programs do not identify programs by name, they use other methods. it is fairly common for an innocent program to be targeted because something about how it is coded makes it look like one of the bad guys to the A/V program.

even if i agree that symantec is evil, i cannot think of any reason for them to knowingly and deliberately choose to target that program.

[thejynxed]

AVG, Avira and a few others don't discriminate when it comes to DOS Joke Programs, they just delete them if they are detected as such.

So does Spybot S&D. So does several other anti-malware programs.

If the program gives you the option to set custom ignore types or uncheck certain things to detect, then that is where you want to manually set things to ignore certain files that you don't want removed.

This is more an issue of them programming their security/av suites for corporate use, but instead of removing such detection features for home users, they just leave it in and basically say "you're on your own if something breaks".

[MrFredPFL]

you say "detected as such". detected as what, exactly? are you saying these programs are looking for any DOS programs? or only jokes?