massgravel / Microsoft-Activation-Scripts

A Windows and Office activator using HWID / Ohook / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.
https://massgrave.dev
GNU General Public License v3.0
85.61k stars 8.36k forks source link

This activation contains something malicious? #475

Closed TestTikkles closed 3 weeks ago

TestTikkles commented 3 weeks ago

Español: Me he dado cuenta que desde que active el windows y el paquete de office con tu repositorio de GitHub, mi Pc funciona mas lento, estoy seguro que contiene algun tipo de malware, el cual esta minando el PC, al abrir el administrador de tareas, sin estar ejecutando aplicacions, se puede observar como el rendimiento de la CPU cambia de estar trabajando al 70% al 5-10%, entonces con esto sabemos que hay un proceso que cuando detecta que se abre el adminsitrador de tareas, deja de trabajar No me digas que eso es culpa de descargar otras cosas y que escanee mi Pc con malwarebytes o kaspesky por que los 2 sabemos que no es detectado con estas aplicaciones

Me gustaria recibir una respuesta, ya que el codigo infecta con un recolector de cookies, un minador de PC y aun estoy tratando de descubrir el 3r trojano

English: I have noticed that since I activated Windows and the office package with your GitHub repository, my PC works slower, I am sure that it contains some type of malware, which is undermining the PC, when opening the task manager, Without running applications, you can see how the CPU performance changes from working at 70% to 5-10%, so with this we know that there is a process that when it detects that the task manager is opened, it stops working Don't tell me that this is the fault of downloading other things and that I scan my PC with malwarebytes or kaspesky because we both know that it is not detected with these applications

I would like to receive an answer, since the code infects with a cookie harvester, a PC miner and I am still trying to discover the 3rd trojan

This is the task manager right at the moment it opens, observing how the CPU is working at 80% AdminTask

This is the task manager once it is loaded Task_Manager_Loaded

ave9858 commented 3 weeks ago

You are wrong about this being MAS, MAS is fully open source and you can read every line of code for yourself to see it has nothing malicious. If you want help with any malware issues, there are some places online that can help including our discord server, but don't accuse MAS of being malware without proper evidence. If you do think there is malware, show the exact line(s) of code that contain the malware.

ave9858 commented 3 weeks ago

Also, taskmgr showing high CPU usage before it fully loads is completely normal and not a sign of any malware on the system. Until task manager has fully loaded, it shows inaccurate results

TestTikkles commented 3 weeks ago

853 / 5.000 I would love to be able to tell you the exact line or lines where it is, since I don't fully understand the code, I have decided to ask a question, which everyone can read, and if someone who understands code perfectly reads it, Maybe you find something that I don't The only thing I have been able to do with my knowledge has been to create a script with python which detects the following > Malware detected in the file C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_11.2310.8.0_x648wekyb3d8bbwe\ActivationStore .dat.LOG2 by hash signature. Hash of file C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_11.2310.8.0_x648wekyb3d8bbwe\ActivationStore.dat.LOG2: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca 495991b7852b855

And this is one of the infected routes, I have more

ave9858 commented 3 weeks ago

?? what does that detection have to do with MAS? MAS is malware-free, you are wrong if you think MAS infected you. I've read through every line of MAS to confirm this.

TestTikkles commented 3 weeks ago

Well, please review it again, because both the mining program and the cookie collector are there, I have checked it in several environments and telling me that it is OpenSource is no less indicative of malware, but until several people with knowledge prove otherwise, MASS is innocent at the moment

ave9858 commented 3 weeks ago

Well, please review it again, because both the mining program and the cookie collector are there, I have checked it in several environments and telling me that it is OpenSource is no less indicative of malware, but until several people with knowledge prove otherwise, MASS is innocent at the moment

show me where the mining program and cookie collector are. the burden of proof is on your to provide actual evidence for your claims. We have already proven MAS is safe by showing the full source code, which multiple people have read. So far you haven't given any evidence at all MAS is malicious, and thousands of other people run MAS with no problem.

TestTikkles commented 3 weeks ago

Sergei Strelec, is a Russian, who has created a version of Windows, a Pocket Edition, which is used on a USB, this particular Windows is designed to analyze malware in the OS. and this is capable of showing you the 3 trojans I'm talking about I do not have the necessary knowledge and I would love to have it, but I know that this type of attack is designed to hide, and be very difficult to detect. What I can answer is that my python script uses Yara rules to determine if it is malware, and with the results obtained we pass them to a library with quite a few known malicious hashes.

ave9858 commented 3 weeks ago

As I said, you need to prove that any malware you detect is RELATED TO MAS. You really don't seem to know what you're doing, since your script is outputting files completely unrelated to MAS and you haven't shown any link between the things you have detected and MAS itself. Read through the source code and you'll see it is impossible that the official MAS infected you. You might have gotten a fake version of MAS from another site, or ran something else that infected you. If you want to discuss this more, join the discord and provide some actual evidence. If you keep baselessly accusing MAS of malware, you will probably be blocked from this issue tracker.

ave9858 commented 3 weeks ago

Looking at the file hash you sent, it literally is a zero byte empty file. clearly your script is broken, you need to do better checks before you accuse a program of being malware.

TestTikkles commented 3 weeks ago

As I am not able to understand all the code perfectly, I have recorded the problems that have arisen on my computer after using the following github to activate my windows and office packages > https://github.com/massgravel/ Microsoft Activation Scripts

If you are feeling that you are being attacked by my words regarding the activator, I do not understand why, it is just a question, which I would like to be answered by one of the collaborators of the same project.

And my malware script works perfectly, thanks Since I have infected various virtual machines with different programs to check to what extent it works, but you are right, it is a shitty script, I am still developing it and I would like to be able to do it much better, which is why I am so interested in this

thecatontheceiling commented 3 weeks ago

MAS doesnt have malware. Don't you think if MAS had malware a lot more people would report it except you? Planting malware in the script would be idiotic on our part as it is literally open-source and you'd see it in the commit history. Please educate yourself before making false accusations (you didn't "just" ask a question)

WindowsAddict commented 3 weeks ago

@TestTikkles Where's the proof? The whole script is open to be reviewed by anyone, and it's a batch, try to read, you can. If you can't, you can take help from ChatGPT or something, or share the exact code part that you think is malicious.

ave9858 commented 3 weeks ago

If you are feeling that you are being attacked by my words regarding the activator, I do not understand why, it is just a question, which I would like to be answered by one of the collaborators of the same project.

I am on the MASSGRAVE team and can confirm it has zero malware. From the info you have posted, it is clear you are not qualified to determine whether the script is malicious, so you shouldn't have accused us of spreading malware in public like this. You should have contacted us privately first, false accusations of malware hurt our reputation and can lead users to pick worse options for activation. There is nothing for us to answer since it is already clear from the source code that MAS is not malicious, and any problems you might have are not related.

JonnyTech commented 3 weeks ago

@TestTikkles please state exactly where you obtained MAS from as I suspect that your copy is compromised.

TestTikkles commented 3 weeks ago

Could you tell me then why after activating window and the Office packages, on 3 different computers, the same thing that happened to me happened to them? We have observed that after activation, the performance of the PC increases considerably, which should not be the case, and since I do not know why it happens, it is best to ask whoever designed it in part to try to find an answer.

WindowsAddict commented 3 weeks ago

That task manager thing? That's normal, when you open task manager, CPU usage shoots up for some moments and then goes back to normal. It has nothing to do with MAS.

thecatontheceiling commented 3 weeks ago

Is that seriously why you think MAS has malware?

Try opening task manager on literally any Windows 10 or 11 install and see what happens.

ave9858 commented 3 weeks ago

Could you tell me then why after activating window and the Office packages, on 3 different computers, the same thing that happened to me happened to them?

Most likely you either aren't actually infected, and just think you are infected, or you are making some other mistake on all those computers leading to the infection. Thousands of people including run MAS on their computers and don't have any issues.

ave9858 commented 3 weeks ago

Try doing your "malware" tests on a machine before you run MAS, you'll probably see the exact same things happen even without running MAS

TestTikkles commented 3 weeks ago

If I am saying that after executing the command, I notice performance problems > irm https://massgrave.dev/get | iex That's why we have done testing before and after activation, and problems arise after activation. Before activating, I have no performance problems on the computer or in the task manager or anywhere. After activation, a notable slowness is observed when searching, accessing system files, etc.

I dont know what is happening, but i think that something is wrong there

TestTikkles commented 3 weeks ago

In the future, I will try to indicate everything with more details, to try to find a solution to this problem. In the meantime, thank you for your help, as it is an opensource project I want to trust it, even though at the moment I have my doubts

ave9858 commented 3 weeks ago

Slowness does not mean there is malware. There are plenty of things that can cause computers to slow down, though I doubt it is related to MAS as MAS does not run in the background for most activation methods, and even when it does it only runs briefly to maintain activation.

TestTikkles commented 3 weeks ago

In the case of the typical PC user, I understand that the slowness is due to other types of circumstances. But I know that in my case, I am 99% sure that it is malicious code.

ave9858 commented 3 weeks ago

Then provide evidence that it is related to MAS, or this issue is going to be locked and if you continue you will be blocked from the issue tracker. "I ran MAS and something happened" is not evidence, since MAS is ran hundreds of times a day and nobody but you has any issue with it. You need to explain exactly how MAS could be causing issues, or at least clear instructions so people can reproduce the issue in a VM. So far you've just given vague statements about slowness and output from a script so broken that it literally showed an empty file as malware. We don't have access to your PC so we have no idea what you could be doing that caused the issues you are reporting.

TestTikkles commented 3 weeks ago

Do you want proof of a file, which according to my shitty script, is empty?

image

another screenshot > image

@ave9858 I am trying to solve an incident that occurs to me after using this activator and your response is that you are going to close my ticket due to false accusations??? Thank you very much for your wonderful contribution

WindowsAddict commented 3 weeks ago

@TestTikkles are you saying that those 0KB files are malware where some of them are months old? Open VM or any other clean machine and run the MAS script in there, let me know if you can reproduce the same result.

ave9858 commented 3 weeks ago

Your screenshots literally show the file size as being zero, meaning no content. You can also google the hash you provided and you'd see it is the hash of an empty (0 bytes) file.

ave9858 commented 3 weeks ago

@ave9858 I am trying to solve an incident that occurs to me after using this activator and your response is that you are going to close my ticket due to false accusations??? Thank you very much for your wonderful contribution

So far your contribution has been nothing but false accusations based on misunderstandings due to your lack of knowledge on how malware and MAS work. The files you are showing are related to an app included with Windows itself and would be there even if you didn't run MAS, and they are completely safe. You still have provided zero evidence anything that happened on your system is related to you running MAS

TestTikkles commented 3 weeks ago

@ave9858 In fact, since I have no idea, I'm researching it. Stop feeling accused, as you said, it is an open source project which "does not represent any threat" As a user without knowledge, I have postulated my question in search of answers Later, I would like to be able to resume this same conversation by contributing the new things I have found or with the doubts I have about it if it is not a bother.

ave9858 commented 3 weeks ago

You shouldn't make a post like this in public, where you say you are sure it is malware, before you finish researching. This can mislead users and result in them using less safe options like fake KMSPico, resulting in actual malware infections. If you had questions, you could have joined the discord and asked, we would have explained anything you were unsure of and check your conclusions.

TestTikkles commented 3 weeks ago

@WindowsAddict > @TestTikkles are you saying that those 0KB files are malware where some of them are months old? Open VM or any other clean machine and run the MAS script in there, let me know if you can reproduce the same result.

As soon as I have the results, I would love to discuss it with you and finalize the matter.

TestTikkles commented 3 weeks ago

@ave9858 I hadn't seen that you had a discord server, my fault

FiorenMas commented 3 weeks ago

Do you want proof of a file, which according to my shitty script, is empty?

image

another screenshot > image

@ave9858 I am trying to solve an incident that occurs to me after using this activator and your response is that you are going to close my ticket due to false accusations??? Thank you very much for your wonderful contribution

Can you share your script?

TestTikkles commented 3 weeks ago

@FiorenMas Why do you want to see the code?

WindowsAddict commented 3 weeks ago

Becoming offtopic, closing here.