I have a few programs where HackTool.crack is identified by AVG as a PUP spyware, usually in a file ending in Patch.exe.

I have left the infected programs quarantined, but is this a true spyware, or is it a misread by AVG?

If it is spyware, what does it do?

I will be grateful for any explanations since I am a relative noob.

I tried Google, but there is contradictory information and it gets worse, not better, as you go along.

I will be glad to mention the programs I got from the downloads here on BHW if this is spyware and bash any SOB who is doing this (if such is the case). I want to make sure of the facts first.

Thanks in advance.

One should always be careful with any patched or cracked program.

Now, having said that; many crack,patches and keygens are going to raise a red flag with your AV, especially if you are using AVG.

I know that this AV has many fans but I personally hate it. It gives way too many false positives for me to use it. I have tried nearly every available AV and security suite available and i always come back to the same thing: either n*or*ton 3*6*0 or endpoint protection by the same company. It has never failed me and only occasionally gives a false positive on some new app that I got from a torrent site or other shady place and want to try out.

I know when I used to used Norton on my windows partition it would identify cra*cks and pat*ches to well known programs as "hacktool" threats. If you know the programs are just cra*cks/patc*hes, you can ignore the AV. It's just policing where it's non of its business.

__________________
The Following 3 Users Say Thank You to BozoClown For This Useful Post:
Superman (06-29-1938), Batman (04-30-1938), Chuck Norris (03-09-1940)

usually hacktools aren't malware but just tools used for hacking, like port scanners, etc.

I have seen some posts where AVG has given false positives. I am wondering about something else in addition to this.

Just because a program is called "HackTool.crack," that doesn't mean it has anything to do with hacking or cracking.

Does anyone know anything about this specific program or resource? Some places on Google called it nasty malware. Others said it was light malware, but a good hacker could work it to obtain passwords and other information. In other places on reports posted from HijackThis scans, it appeared as "Not-A-Virus.Hacktool.Crack : No action taken."

All this is confusing.

Thanks again to those who comment.

An AV will rarely give a false positive as a hack-tool. That means if it says hack-tool then it is a hack-tool. Worst case scenario, it is a new virus for which the AV has no definition for. If you know the use of any of your files and it is not an HT but the AV says it is then there is need to worry.

Otherwise, if you know it is an HT and the AV says it is an HT you should not be surprised that it knows. Alternately to boost your confidence in a file a few MBs big you could submit it to the free online AVs for a check. Again, with HTs your judgment matters more than the AV. If you know what an HT is then you should know whether you should be having it or not.

__________________
The Following 3 Users Say Thank You to BozoClown For This Useful Post:
Superman (06-29-1938), Batman (04-30-1938), Chuck Norris (03-09-1940)

upload it to virustotal.com to see what all the major AV's say, then you can make a better decision as to what it is.

Thanks.

I will try virustotal.com if I can figure out how to get a file called Patch.exe uploaded without receiving a big honking rebuke.

For the record, the AV did not identify the program as a hacktool program. It identified the type of program as a PUP (potentially unwanted program). The name of the PUP was HackTool.crack.

You can hide Malware, trojans, viruses etc from software like AntiVir and others.
Virustotal is a Website that hackers use to check their trojans, etc.
I know many trojans where you will get a result of 0/33 from Virustotal, but the trojan works quite perfect.

@Stumickel: can you please send me the infected file?
I will disassemble that file and try to find out what it is.

just upload it anywhere and send me the link.
i would be very thanksfull

no its not, those sites distribute uploaded files to antivirus companies which kinda defeats the purpose if you are trying to get a trojan/backdoor undetected


@ Stumickel
that is nothing to worry about, that definition is also known as riskware and its just a generic term for low risk items like hacktools cracks and patches that would not be found on the average machine in a corporate environment for example.
if you are using installing a cracked application it will be flagged as a potentially dangerous item for this reason but should be safe enough.

Fear,

Thank you for the info. If I understand this correctly, HackTool.crack actually stands for a whole bunch of different things, and is a catchall phrase for whatever the antivirus programs think doesn't normally fit certain parameters (like a crack or patch wouldn't).

That means there is no such program or file as HackTool.crack.

Did I get that right?

Carlok,

Give me some time to fiddle with this and I will upload one or two for you.

yeah exactly mate it just means its either been identified as a hacktool or a crack but since it is actually a crack you downloaded then its fine.