xmoezzz / KrkrExtract

A tool that can extract and pack krkr2 and krkrz's xp3 files
1.25k stars 123 forks source link

kaspersky virus alert #41

Open kanink007 opened 6 years ago

kanink007 commented 6 years ago

well kaspersky forced me to delete some krkrextract.dll and krkrextract.exe because its a malware. is ther a proof its not a virus?

marcussacana commented 6 years ago

the proof is visible when you aren't a idiot.

This repo have 37 forks, 211 stars (actually) and the source included, need more?

I'm really mad in see this issue, i know this isn't my tool but the xmoe is a guy that have no obligation to publish he tool.

If he publish is because he wants help the world-wide translation comumminty without request any payment or recive any thanks a part big of the time.

... Sad... Xmoe, I hope you do not get frustrated seeing this, if I were in your place I would stay, and sorry to do this angry comment here.

Ileca commented 6 years ago

And no need to be a douche. Pieces of software like this one are doomed to trigger AV and even if, yes, KrkrExtract is not a malware, still, it's definitely a problem when the software is SO hostile that Firefox prevents you from downloading it, and your AV becomes so crazy, throwing you alert on alert, that you have to disable it to work with it, because using exceptions doesn't work. I am really grateful to xmoeproject but I can't say this situation is convenient. Having to constantly redl the files the moment I forget to disable my AV is not the way to go. I reported the files for false positive with Avast.

marcussacana commented 6 years ago

It's possible just use downloaders managers, like the internet download manager. Anyway, nothing wrong in use AV but It's better don't trust, AV scan some algoritms defaults and the executable imports, this can be bypassed with tools like the VMProtect or themida... 2018 isn't a year to trust in AV softwares, the most trustable AV is you know where are you downloading and what are you executing. you just don't is infected by some obfuscated virus because the AV have the sandbox feature, and to a good devloper is possible detect and prevent the malware code execution that allow the detection... anyway, to me, AV isn't trustable, keep in mind. It's for situations like this when my tool can be recognized as malware i don't publish the executable, only the source, who have a minimum of knowledge just compile and run it.