kkrunchy "virus"

category: general [glöplog]
We made our last 64k demo (and probably the next) with kkrunchy. (GREETS to farbrausch!)

Unfortunately, a program which is designed to irreversibly compress 200k programs down to 64k has become rather popular with virus writers.

"ephemera" and its 64k demoscene siblings are a "virus".

How about a scene.org "officially signed" SSL key?

Even malwarebytes, which is a bloody useful shitware removal program tried to remove my own bloody demo :-)
added on the 2010-10-09 18:19:34 by MeteoriK MeteoriK
and what exactly would warezkiddies stop from taking the exact same tool with the SSL key to sign their keygens/cracks/viruses?
added on the 2010-10-09 21:51:37 by hcdlt hcdlt
4k and 64k intros will "always" be marked as virus/suspicious because it's simply easier for the anti-virus companies to do so than to actually investigate the files. At Scene.org we get many a "DUDE! You're hosting VIRUSES!!1111" e-mails every month. The only way to affect this is to report them as false positives to the respective software manufacturer (of the anti-malware) and hope they wake up.
added on the 2010-10-09 22:46:58 by gloom gloom
i wouldn't mix keygen/cracks with virus guys. But yea virus scanners have a real issue nowadays...without a unpack routine they tag everything as virus lately. NOD and Sophos are the worst in my eyes.

Just because a tool is used by virus authors doesn't mean its a virus.
And a signature will change nothing as it will leak sooner than themida or vmp.

just get used to it that most virus scanners simply tag anything as virus they can't unpack. Use virustotal.com to see if its a false positive or not.
the demoscene is kinda 'virus'. now spread it again. It's nearly rotted out. -.-
added on the 2010-10-10 00:46:06 by yumeji yumeji
hope they wake up

The scene is too small for that to happen.
added on the 2010-10-10 00:53:13 by xernobyl xernobyl
maybe it would help if there were easy uncompress tools/algos made availabe or even send to the anti-virus companies, so they dont have to sandbox and run the exe to check its content...
but then again i think they may just not care.
added on the 2010-10-10 01:00:51 by wysiwtf wysiwtf
they might, as soon as they are convinced that a 4k/64k demo is a non-replacable software used by their clients for their everyday work routines.

added on the 2010-10-10 01:04:13 by hcdlt hcdlt
"The execution of this application is not approved.

Please only use approved applications to ensure the proper function of your computer, such as Microsoft Word, Microsoft Excel, Microsoft Minesweeper or applications developed by our certified partners.

Thank you for your co-operation"

added on the 2010-10-10 01:21:50 by moT moT
"This file is too damn cool for your computer"
added on the 2010-10-10 09:53:11 by 4mat 4mat
a) don't use antivirus software. It tends to cripple computers anyway.


b) write a utility that does something semi-useful. Then sell it for €10 online, but make sure there's a trial version for download which is packed with kkrunchy. Wait a while, then send strongly-worded emails to Norton, Kaskersky, Trend Micro and so on, explaining how you just discovered that they are falsely accusing you of distributing malware, that you have lost a lot of revenue as a result, and demand that they cease and desist because you're losing revenue. They may whitelist just your application, but if so then change enough of it in the next version that it gets flagged again because of kkrunchy. Rinse and repeat. Eventually, accuse them of "playing games" with you, and start demanding compensation for their "smear tactics". Works better if your utility is anti-virus related, as then you can claim that they're trying to suppress fair competition with slander. Maybe eventually they'll stop checking for the kkrunchy signature.


c) Deal with it.
added on the 2010-10-10 10:33:08 by doomdoom doomdoom
A side-note: M$ security essentials & e*et never yell at me whenever I launch a kkrunched 4k/64k. The second one works hard on it for about 15 secs before letting it run though. I suppose you should give those a try if you are tired of your current antivirus' behavior.
added on the 2010-10-10 10:47:14 by kbi kbi
I can recommend Avast as its free and not slowing my pc down. i hardly have any false positives with that.
doom: you dont even have to use kkrunchy, we've had enough problems with simply using NSIS. wrote mails, got whitelisted, changed binary, rinse, repeat.
added on the 2010-10-10 13:05:51 by Gargaj Gargaj
On that note, has anyone tried a digital signature on a kkrunchied exe before? Does it even work and what does it do to the filesize?
added on the 2010-10-10 13:07:06 by BoyC BoyC
I second Microsoft Security Essentials. I use that on my Windows 7-machine, and I don't really have any execution issues with demoscene intros at all. I don't have any issues with viruses either.
added on the 2010-10-10 13:32:40 by gloom gloom
3rded, MSE on Win7 has proven to be quite helpful and not jumping ontop of every 4k or 64k i try to run.
added on the 2012-01-20 12:14:00 by keito keito
I reckon the anti-virus companies have it right. Think about it: you run one of these kkrunchy-packed demos on your system. What happens? You watch more of them, and the number of these things on your system multiplies. Worse, you go around recommending that other people try them, infecting their systems too. Classic viral behaviour!
added on the 2012-01-20 12:33:46 by psonice psonice
haha, as if.
added on the 2012-01-20 12:59:00 by Gargaj Gargaj
added on the 2012-01-20 13:10:01 by raer raer
psonice: except for a few notable exceptions (that animated mountain wallpaper comes to mind), they are not very efficient at spreading.
added on the 2012-01-20 13:44:11 by Zavie Zavie
Heuristic scan (and of course signature scan) of AVs doesn't work on compressed/packed executable, so most of script kiddies used demoscene packer to make their malwares "undetectable"...
added on the 2012-01-20 15:40:43 by stfsux stfsux
*Sorry - I'll crawl back under my bridge now*
& yes I know linux is vulnerable, just not to windows executables!
added on the 2012-01-20 21:58:27 by ringofyre ringofyre
say HI to antivirus. I've got once a virus alert on VGA screen dump(chars+attrs)