pouët.net

PC demos and malware detections...

category: general [glöplog]
I am a demonstration/demo. fan. Lately, I noticed many more new PC graphic demos are compressed and lots of antimalware scanners are detecting possible malwares.

For examples with two latest top of the month PC/Windows graphic demos:
http://pouet.net/prod.php?which=55300
http://pouet.net/prod.php?which=55336

I extracted them and ran Malwarebytes' Anti-Malware (free) and it found their EXEs infected.

I compressed them into a zip file to save extra time and uploadings to online multiple file scanners and got these results:
http://virusscan.jotti.org/en/scanresult/890ca2bc925b8d02def95ff1af06bc93b2f00 d35
http://www.viruschief.com/report.html?report_id=0d6340eb71ee7e6f290c2b8a3ad4ff 98cf3542b2
https://www.virustotal.com/analisis/69b5e1382e5cef213c2eeb9454991ddf9d55a5977d b48f428f16fba8ac57db41-1279388930
http://www.virscan.org/report/a89f93cde80a9170c0fc3011b181f4f7.html

What do you guys usually do? Do you risk them? I remember back in the late 90s, I got hit by a DOS demo that resetted my CMOS to defaults after rebooting. :( I don't think I scanned it too back then. What do you guys usually do? I usually try to find captured videos to stay clean. I don't have another fast PC to try them and doing backups of my big HDDs and restores is a pain.
added on the 2010-07-17 19:58:32 by AntDude AntDude
just add your download dir where you put intros to the ignore-list of your AV
BB Image
added on the 2010-07-17 20:03:39 by havoc havoc
Maali: No, I am talking about the risks of running them. How do you know they don't jack up your system like I had back in the late 1990s/90s?
added on the 2010-07-17 20:04:29 by AntDude AntDude
if the group name doesnt really ring a bell.. just wait till a prod got a few comments? if they arent going like 'YOU FUCKER. YOU FLASHED MY BIOS' i assume it's safe to watch it :D
Maali: I can't keep up with group names and also people can make fake releases. ;)
added on the 2010-07-17 20:12:05 by AntDude AntDude
in that case i'll just refer to havoc's post
Havoc's post? Please kindly elaborate.
added on the 2010-07-17 20:17:45 by AntDude AntDude
BB Image
added on the 2010-07-17 20:20:37 by havoc havoc
lol
added on the 2010-07-17 20:38:06 by Pulsar Pulsar
### police report: demoscene prods trigger AV scanners illegaly ###
added on the 2010-07-17 20:55:13 by wysiwtf wysiwtf
BB Image
added on the 2010-07-17 21:01:41 by blueflame blueflame
BB Image
added on the 2010-07-17 21:03:55 by teel teel
BB Image
added on the 2010-07-17 21:04:29 by T-101 T-101
BB Image
added on the 2010-07-17 21:06:04 by T-101 T-101
antdude: both are 64k intros packed with Kkrunchy. Most exe files packed with it, if not all, are flagged as malware/trojan/virus by a lot of AV softwares.

And since most 64k use it as well... :)
added on the 2010-07-17 21:21:41 by keops keops
Keops: So antimalware companies need to flag Kkrunchy's code as OK? Or is each KKrunchy compiled EXEs different from others? I am not a programmer so I don't know how that works.
added on the 2010-07-17 21:40:13 by AntDude AntDude
it's called false positives. AV just associate tampered exe headers as smth bad per se, while packers mean no harm they just get flagged by AV as such.
i think you should only be worried if a flagged 64k intro actually exceeds 64kb :P
added on the 2010-07-17 22:41:33 by red red
dude, just use a mac
added on the 2010-07-17 23:14:50 by plaf plaf
plaf: Use a Mac? Then, I won't be able to watch most of the newest pure Windows demos! And running in virtual isn't nice. And Macs are expensive. :P
added on the 2010-07-18 04:24:05 by AntDude AntDude
How about running demos on a friend's computer, then for some other reasons he gets a virus or screws up something and he accuses you of infecting it with virii with your bloody demoes :P
added on the 2010-07-18 09:49:26 by Optimus Optimus
My AV just detected a severe lack of a sense of humour in antdude.exe but I don't think it's a false positive this time.
On a more sensible note, I can't believe all that money some people waste on Norton et al. has been used to make such a lazy product. They can only scan for tampered headers rather than check if the tampering is malicious? Shit, I don't even fucking use anti-vi"($)("L::"<":£P"(I"(I)"(I$)("$ ("":"£"£<£?"?"£~####DO YOU REALLY WANT TO REMOVE MOBO BATTERY? [OK]####
added on the 2010-07-18 10:07:41 by MagikGimp MagikGimp
HAHAHAHAHAHA
added on the 2010-07-18 10:44:12 by 9M4N 9M4N
Quote:
And running in virtual isn't nice.

Oh, but watching captures on YouPoop is better?

login