PC demos and malware detections...

category: general [glöplog]
I am a demonstration/demo. fan. Lately, I noticed many more new PC graphic demos are compressed and lots of antimalware scanners are detecting possible malwares.

For examples with two latest top of the month PC/Windows graphic demos:

I extracted them and ran Malwarebytes' Anti-Malware (free) and it found their EXEs infected.

I compressed them into a zip file to save extra time and uploadings to online multiple file scanners and got these results:
http://virusscan.jotti.org/en/scanresult/890ca2bc925b8d02def95ff1af06bc93b2f00 d35
http://www.viruschief.com/report.html?report_id=0d6340eb71ee7e6f290c2b8a3ad4ff 98cf3542b2
https://www.virustotal.com/analisis/69b5e1382e5cef213c2eeb9454991ddf9d55a5977d b48f428f16fba8ac57db41-1279388930

What do you guys usually do? Do you risk them? I remember back in the late 90s, I got hit by a DOS demo that resetted my CMOS to defaults after rebooting. :( I don't think I scanned it too back then. What do you guys usually do? I usually try to find captured videos to stay clean. I don't have another fast PC to try them and doing backups of my big HDDs and restores is a pain.
added on the 2010-07-17 19:58:32 by AntDude AntDude
just add your download dir where you put intros to the ignore-list of your AV
added on the 2010-07-17 20:01:11 by Maali Maali
BB Image
added on the 2010-07-17 20:03:39 by havoc havoc
Maali: No, I am talking about the risks of running them. How do you know they don't jack up your system like I had back in the late 1990s/90s?
added on the 2010-07-17 20:04:29 by AntDude AntDude
if the group name doesnt really ring a bell.. just wait till a prod got a few comments? if they arent going like 'YOU FUCKER. YOU FLASHED MY BIOS' i assume it's safe to watch it :D
added on the 2010-07-17 20:09:14 by Maali Maali
Maali: I can't keep up with group names and also people can make fake releases. ;)
added on the 2010-07-17 20:12:05 by AntDude AntDude
in that case i'll just refer to havoc's post
added on the 2010-07-17 20:12:58 by Maali Maali
Havoc's post? Please kindly elaborate.
added on the 2010-07-17 20:17:45 by AntDude AntDude
BB Image
added on the 2010-07-17 20:20:37 by havoc havoc
added on the 2010-07-17 20:38:06 by Pulsar Pulsar
### police report: demoscene prods trigger AV scanners illegaly ###
added on the 2010-07-17 20:55:13 by wysiwtf wysiwtf
BB Image
added on the 2010-07-17 21:01:41 by blueflame blueflame
BB Image
added on the 2010-07-17 21:03:55 by teel teel
BB Image
added on the 2010-07-17 21:04:29 by T-101 T-101
BB Image
added on the 2010-07-17 21:06:04 by T-101 T-101
antdude: both are 64k intros packed with Kkrunchy. Most exe files packed with it, if not all, are flagged as malware/trojan/virus by a lot of AV softwares.

And since most 64k use it as well... :)
added on the 2010-07-17 21:21:41 by keops keops
Keops: So antimalware companies need to flag Kkrunchy's code as OK? Or is each KKrunchy compiled EXEs different from others? I am not a programmer so I don't know how that works.
added on the 2010-07-17 21:40:13 by AntDude AntDude
it's called false positives. AV just associate tampered exe headers as smth bad per se, while packers mean no harm they just get flagged by AV as such.
added on the 2010-07-17 22:06:58 by Maali Maali
i think you should only be worried if a flagged 64k intro actually exceeds 64kb :P
added on the 2010-07-17 22:41:33 by red red
dude, just use a mac
added on the 2010-07-17 23:14:50 by farfar farfar
plaf: Use a Mac? Then, I won't be able to watch most of the newest pure Windows demos! And running in virtual isn't nice. And Macs are expensive. :P
added on the 2010-07-18 04:24:05 by AntDude AntDude
How about running demos on a friend's computer, then for some other reasons he gets a virus or screws up something and he accuses you of infecting it with virii with your bloody demoes :P
added on the 2010-07-18 09:49:26 by Optimus Optimus
My AV just detected a severe lack of a sense of humour in antdude.exe but I don't think it's a false positive this time.
On a more sensible note, I can't believe all that money some people waste on Norton et al. has been used to make such a lazy product. They can only scan for tampered headers rather than check if the tampering is malicious? Shit, I don't even fucking use anti-vi"($)("L::"<":£P"(I"(I)"(I$)("$ ("":"£"£<£?"?"£~####DO YOU REALLY WANT TO REMOVE MOBO BATTERY? [OK]####
added on the 2010-07-18 10:07:41 by MagikGimp MagikGimp
added on the 2010-07-18 10:44:12 by gman gman
And running in virtual isn't nice.

Oh, but watching captures on YouPoop is better?