Why do scan results of hacked/hacker applications always indicate infection?

Whenever I scan a patch, keygen or a hacked application (using an online scanner service which scans with 20+ different antivirus software) the results always say that the file is infected. Do hackers intentionally embed virus in their software, or these scan results are false positive (e.g.; antivirus software detects that the hacker tool is for changing something in the system, so says that it is infected).

I want to learn the general opinion about this matter. I am not concerned about exceptional occurrences or incidents. Do hackers use their tools to infect people, or antiviruses overreact to these tools?

hkBattousai

Posted 2012-12-31T13:08:15.957

Reputation: 2 711

Hackers do not use their tools to infect people. Crackers often do. Stay away from keygen.exe's, but downloading a tool such as nmap from a trusted website is safe. – Hennes – 2012-12-31T14:58:38.863

1You're right, using the professional Hacker's definition set, but the general public doesn't distinguish between hackers and crackers (not to mention phreaks). A pity, but true. (See, for example, this questioner's reference to "a hacked application" - he really meant "a cracked application".) – yosh m – 2012-12-31T15:26:51.497

I am voting to not reopen, on the basis that it would still be open ended – Canadian Luke – 2012-12-31T23:47:12.540

Answers

Hacked application are frequently infected - a good reason to avoid them (aside from the legal reasons).

Hacker tools are also suspect, since someone who is hacking is often (but not always) involved in activities that are questionable at best. A would-be-criminal is a good target for an already-is-criminal.

That said, I share your frustration when using legitimate tools for legitimate purposes and having them flagged as malware. For example, the highly-respected site, www.nirsoft.net has a tool, Produkey, to show the Product Keys for software installed on the computer. While it can be used to steal a product key, it does nothing bad to the computer and certainly has legitimate uses, like when you need to re-install software, but don't have the product key sticker handy (or it's worn off the bottom or your notebook). My anti-virus flagged it until I added it to the exclusion list. I felt safe doing that because of Nirsoft's reputation.

Bottom line - it's best to stay away from software used for shady activities, and cracked, hacked software and keygens. They're often infected with viruses or spyware and your antivirus is right to call your attention to it. (Not to mention the attention you may attract from law enforcement folks.)

If you have a legitimate software from a reliable source and you are certain it has not been infected along the way, you can tell your antivirus to ignore it.

yosh m

Posted 2012-12-31T13:08:15.957

Reputation: 2 048

+1 - from having to clean a machine, one of the no-cd cracks for Far Cry 3 has a FBI Moneypak malware installer. btw, I removed the software, and told the user to buy the software, as it was less expensive than paying me to remove the results of using no-cd software

– SeanC – 2012-12-31T16:28:50.830

If you are talking about a crack or keygen, it has to do with the way they interact with the system. Cracks usually modify the executable which virus scanners usually flag because they behave the same as malware. Same goes for keygens, they usually interact with the registry in a hacky way.

Now, you can never really be sure there is not a virus in a crack or keygen unless you know the source.

Also, pretty sure SU doesn't like this types of questions.

BroScience

Posted 2012-12-31T13:08:15.957

Reputation: 1 773