el el amiril 0 Posted April 5, 2023 Share Posted April 5, 2023 Hello dear admin and eset community i ran a checking with the comodo free av and uploaded it on virustotal it shows 2 av detection but when i open it with hex editor and removed some zeros that were in group and save it and uploaded it on virustotal now it shows 4 av detection here is the link https://www.virustotal.com/gui/file/ff8dfc588b2116bb62928af3cc12e0d4f4f714763cd1064572eb54dc8bef5e97/detection im planning to used it on my company office desktop and my internet security does not detect it also i have a bunch of crack games from popcap but i no longer used them and removed them from my pc after editing those exe in hex editor there were bunch of greyware and trojan result mostly six result in virustotal but not being detected by eset?? What can i adjust in the settings for it to deeply scan through those files?? those zeros where significant threat😔 Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 i will upload a screenshot of those crack games and virustotal result after removing a bunch of zeros in hex editor Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 here is the virustotal result for the crack https://www.virustotal.com/gui/file/e7c96bc6b689f38e14d73b2389b568f85c397b7d6ff911de4ba109bbb954a869 Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 i was hoping i could find legitimate cracks since those company does not provide additional payment method which i can used Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 here are some screenshot Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 and here the virustotal result after removing those zeros in hex editor https://www.virustotal.com/gui/file/bbc22d3ed2c070f1abdbe133c1ed8f1d07866380843fe3fa94e9da0ce46da947?nocache=1 Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 dear eset admin is there an option to scan thoroughly those code as it might put risk in computer system which eset is protecting not just for crack but for genuine apps whose website might have been hijacked as not all website gives their apps sha1 or md5? Link to comment Share on other sites More sharing options...
ESET Insiders stackz 115 Posted April 5, 2023 ESET Insiders Share Posted April 5, 2023 By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely). New_Style_xd and el el amiril 2 Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 3 minutes ago, stackz said: By removing the zeros, you've turned turned all those executables into binary junk that doesn't even run. That some AVs detect these things, shows that those AVs are not very good (to put it nicely). im not really good at programming i only assume it since pc security channel claims it So those files are fine im trying to install av that is free for my office desktop currently i don't want to pay . Link to comment Share on other sites More sharing options...
karlisi 26 Posted April 5, 2023 Share Posted April 5, 2023 Also, where you get the file cispro_installer.exe? Free Comodo installer is called cav_installer_blahsomething.exe. Out of curiosity I uploaded it to virustotal and there are no detections on it. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 Just now, karlisi said: Also, where you get the file cispro_installer.exe? Free Comodo installer is called cav_installer_blahsomething.exe. Out of curiosity I uploaded it to virustotal and there are no detections on it. from their website @https://antivirus.comodo.com/ Link to comment Share on other sites More sharing options...
karlisi 26 Posted April 5, 2023 Share Posted April 5, 2023 OK, I see. This is paid product, not free. Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 5 minutes ago, karlisi said: Also, where you get the file cispro_installer.exe? Free Comodo installer is called cav_installer_blahsomething.exe. Out of curiosity I uploaded it to virustotal and there are no detections on it. originally the virustotal result is https://www.virustotal.com/gui/file/956b78ee9a10a0135ea4109e9005eb6be548278b8f5eb954f919a13405c381c2 Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 5, 2023 Author Share Posted April 5, 2023 3 minutes ago, karlisi said: OK, I see. This is paid product, not free. no there were 2 option to clik Link to comment Share on other sites More sharing options...
Most Valued Members Solution Nightowl 206 Posted April 5, 2023 Most Valued Members Solution Share Posted April 5, 2023 (edited) Since you modified it brother , you broke the signature, you modified the contents as then the signature of the maker is broken This will give an indicator to A.I scanners that this file might be malicious. Because the A.I usually knows this software/installer as trusted and signed , then suddenly you uploaded it differently and unsigned , it will look suspicious to the Bots(A.I). The new un-modified installer that you uploaded got 2 detections , those are false-positives , the A.I might detect them because installer is new , it might feel it's a bit suspicous once you played with the HEX and added ZEROs, 2 more A.I hated your modification and found it suspicious and also you broke the signature of the developers. Since I was marked as a solution , I may be wrong or not 100% accurate , if I am mistaken , please correct me Edited April 5, 2023 by Nightowl el el amiril and itman 2 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted April 5, 2023 Administrators Share Posted April 5, 2023 2 hours ago, el el amiril said: originally the virustotal result is https://www.virustotal.com/gui/file/956b78ee9a10a0135ea4109e9005eb6be548278b8f5eb954f919a13405c381c2 A clean file with a valid Comodo digital signature, not subject to detection. el el amiril 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted April 5, 2023 Administrators Share Posted April 5, 2023 4 hours ago, el el amiril said: here is the link https://www.virustotal.com/gui/file/ff8dfc588b2116bb62928af3cc12e0d4f4f714763cd1064572eb54dc8bef5e97/detection Corrupt, not subject to detection. el el amiril 1 Link to comment Share on other sites More sharing options...
Recommended Posts