Today I was trying to download Affinity Photo 2 from the websites listed on the megathread, as normally I do exactly that and everything goes just fine.
But when scanning the downloaded files. Windows Defender detected it as hacktool.win32.keygen and malwarebytes as Generic.Malware.AI.DDS.
In the case of Windows, I am guessing that it is not detecting a virus but the actual crack right? That’s what that means as far as I’m aware. But what surprised me was malwarebytes, it has sometimes warned about cracks but it’s not something it does often, and I don’t recognize the detection code, but it seems to be using AI to detect malware now?
Is this something that is known to happen? Malwarebytes AI seems to be detecting cracks as malware… Or is this actually a virus?
I put it in quarantine just in case, but I am guessing this has to be false positives, as it happened with 2 different downloads from 2 different websites.
VirusTotal results also flagged it as “malware”, but seems to be also detecting the crack. https://www.virustotal.com/gui/file/127540f7b3558a94f6e8a4ce9c695231e8715e20a17da4584d5df99035a79d49/detection
This is why I always disable Windows Defender and everything Windows does to protect my machine. Because it will throw a fit the moment I even downloaded a pirated game and knows something is up with it. It won’t let me run EXEs and purge the file.
If I were in your position, I wouldn’t have installed it. VT got 37 vendors to flag it.
And it’s very common for cracked programs to contain some malware, so my trust wasn’t high to begin with. I’m always skeptical about this kind of thing.
Pretty much every cracking tool or cracked EXE will trip anti-virus packages because they will either A. Has code to overwrite another program’s bytes, which is a typical Trojan, or B. A known common program exe doesn’t match the saved hash that the AV has stored for it, since a cracker has modified it.
I’ll typically scan my games and tell it to ignore any EXE or single dll it registers as “bad” after doing a quick research on how the crack works. If other files begin showing up bad I might question it. But otherwise you’re largely left trusting the cracker, so be very particular about where you download cracks from.
i trust anonymous internet people way more than i trust “ai”
