bitdefender free edition false alarm?

simonz93

Estimable
Nov 17, 2015
9
0
4,510
I don't know much about antivirus softwares. I recently downloaded a zipfile with an application file inside. Everytime upon scanning it, bitdefender detects the app as a virus and quarantines it. Upon checking with the author and several ppl who used it, they said it's safe and not a virus.

So my question is, is it possible for bitdefender to make a mistake and label a safe file as a virus? Under what circumstances does it do that? Should I use that file?

Thanks!
 
Solution
You still are missing the point. Most game mods/hacks will use some generic code that normally triggers some sort of AV. It needs to manipulate things so this is what triggers the AV software. I would install web of trust, see if w.o.t has any feedback on the site, if it has pretty much all positive feedback and the author has all positive feedback I'm 90% certain it's an okay thing to use.

simonz93

Estimable
Nov 17, 2015
9
0
4,510


LOL I would too

But I asked several other people who used it and post videos of it, they say the author's tools are always safe.
The thing is basically an injector that allows you to freeze time in a game so you can take screenshots. It's nothing that tons of ppl download so I don't think there is much a point to put a virus inside.

But curiously, none of the ppl who used the file said their PC detected a virus. Only me. But we all downloaded the same file from the same link. So I'm wondering why just bitdefender detects it as a virus.
 

simonz93

Estimable
Nov 17, 2015
9
0
4,510


damn this doesn't look good...
https://www.virustotal.com/en/file/d4066e50b2da15e0f94d3b90b3fc1b7fe6b8669f66e4408f76216fe87f0e91e7/analysis/

I never used virustotal so I don't really understand what all the results mean. But it really doesn't look nice.
It seems that some products even detect a trojan???
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
No one bothered to ask what type of file you downloaded..... That can give a lot of information. Anything that acts a certain way can trigger something from the AV. Even really good AV products will give random names and not much information about what the code is actually doing on the system. looking at your upload it looks like you must of downloaded something like a mod or a cheat/hack for a game.
 

simonz93

Estimable
Nov 17, 2015
9
0
4,510



I downloaded an injector that allows you to freeze the game in a cutscene so you can take screenshots. The author has been developing cinematic tools for many games for many years and has a great reputation.

I'm pretty confused now. On the one hand it really seems that the case is one of false positive. But on the other hand that "trojan agent" really scares me...
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
AV's will still spit out random generic things just because with any game hack you're modifying data which in most cases AV products will flag as malicious. But if it came from an author and site that has good reputation you most likely can be sure its a false piece of malware. The AV was most likely detecting the code the author used to actually perform the injection. I could help you further but I think your question is kind of in the gray area. I don't think helping people with games hacks/mods like yours is permitted on here, but since you are only doing it to freeze a game it is more in that gray area.

Also Virustotal only uses signatures and doesn't provide any real analysis of the code being used. So a virus that is new or changes it signature will throw Virustotal off and come back as 0/32
 

simonz93

Estimable
Nov 17, 2015
9
0
4,510


Oh ok. Yeah strictly speaking it's not a hack at all. All it does it's that it force pause your game and gives you the opportunity to take pictures.
I guess I will use the file now, disable my bitdefender, and pray for the best :)
Thanks

In case you're curious, this is what the tool does. It pauses the game. It's not a cheat, and the game is SP only.

https://www.youtube.com/watch?v=tA05216h5zA

http://deadendthrills.com/gallery/?gid=141
http://www.deadendthrills.com/forum/discussion/457/guide-rise-of-the-tomb-raider
 

simonz93

Estimable
Nov 17, 2015
9
0
4,510


T_T argh....
I don't know....I really want to use it, but I know yours is a good piece of advice, better safe than sorry.
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
You still are missing the point. Most game mods/hacks will use some generic code that normally triggers some sort of AV. It needs to manipulate things so this is what triggers the AV software. I would install web of trust, see if w.o.t has any feedback on the site, if it has pretty much all positive feedback and the author has all positive feedback I'm 90% certain it's an okay thing to use.
 
Solution

simonz93

Estimable
Nov 17, 2015
9
0
4,510


Thanks :)
 

simonz93

Estimable
Nov 17, 2015
9
0
4,510


Ok just one last question. 4 AV products, e.g. CAT-QuickHeal, Dr.Web, detected some Trojan stuffs (Trojan agen, trojan hack, trojan killfiles)...is that normal?


https://www.virustotal.com/en/file/d4066e50b2da15e0f94d3b90b3fc1b7fe6b8669f66e4408f76216fe87f0e91e7/analysis/
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
If you look at the good AV companies Like F-Secure, bitdefender,Kaspersky they have it as Application.HackTool.Injector.K. This is the actual accurate definition for it. The other products signature databases are most likely not fully matured yet, and their engines most likely lack being able to give an accurate differentiation.
 

simonz93

Estimable
Nov 17, 2015
9
0
4,510


I see. Make sense! Thanks for all your inputs! Taught me a lot :D