Trainers and anti-vir softwares
0
Recreating Geri's tutorials and articles before his site got wiped out. Wealth of information in it!
-----
I know that some anti-virus programs are picking up the trainers as viruses. I have written it down a few times already but no one ever reads the comments, so here is an article about it.
First of all, what is a trainer? A program which is hacking into another program to modify it's codes. If You think about this with pure logic, You already understand that trainers can be considered to be "potentially unsafe" programs as they are hacking into another program. They are using code injection to modify the game code and achieve the desired effect which is in this case, some cheat.
Most viruses are basically doing the same. Hacking into another program, sometimes with code injection and modify it.
Trainers and viruses are therefore using similar methods, but the reason or goal is different of course. Your anti-virus software however does not bother to check what is the purpose of the hacking, they can't check that You are just cheating in some game with a trainer or some virus is hacking into Your programs without Your knowledge. This is why some anti-vir is picking them up as a Trojan.
The second usual report is that the trainer is a keylogger. In fact, trainers are using APIs to check if a key is pressed and as they have to do this while You are in the game and not just in the trainer, they are using APIs to check keypresses system-wide. Otherwise the trainer would not know if You press a key to activate a cheat, while You are in the game.
I hope this makes clear why are trainers sometimes mistaken to be a keylogger. They check if You press a key, but they don't store the results and send over to some hacker, like a real keylogger would do. They don't even connect to the internet. You can even monitor this with the appropriate program.
The 3rd usual report is that the trainer is a Hacktool. Do I need to say more? Yes, the trainer is a hacktool. You hack into the game with it. It is just obvious if it is picked up as a hacktool by an AV.
And finally, my trainers are made with Cheat Engine. They contain large parts from the original Cheat Engine program. And as You may or may not know, Cheat Engine itself is detected as a virus by some anti-virus softwares. As Cheat Engine is flagged as a virus, the trainer which has been made with it is also flagged as a virus.
Cheat Engine is used by hundreds of thousands if not millions of people for every kind of reverse-engineering purposes. It has many advanced tools which can be used to change another program, therefore it is flagged as "dangerous" by AV companies.
Moreover, game publishers probably also try to get rid of cheaters, therefore they convince AV companies to flag it as a virus and scare people away from using it.
Now You know why are trainers (every trainer, not just my trainers) are blocked/flagged/deleted by some anti-vir softwares. Other trainer makers would probably just send You to hell if You would ask them why, as they are sick of hearing this bullshit all the time.
I am however a very patient guy so I have written this article and everyone can see how things are working.
On a side note, let me tell You that these trainers are newly generated files and they have been never used on any computers before. Not even on my computers. I use copies to test my trainers but I never run the original file so even if there would be a virus on my comp, it wouldn't get into the file. And yes, as You see I am fuckin paranoid and careful so You can be sure that I have taken every neccessary step to avoid infection both in my trainers and on my computers.
Also, the source code for the cheats are usually (which means always so far) available on the Cheat Engine forum if You search for it, so You don't even need to use my trainer if You know how to use Cheat Engine.
If You have read this article and understood it, probably You will not feel it neccessary to post another "it's a virus" comment somewhere on the site. If You still feel that my trainers has some virus that doesn't fit into these descriptions, send a full virus report with Your AV software's name so I can check it in details.
You can send an e-mail to:
[email protected]
You don't need to send a virus report which contains:
Dropper.Agent.ABYJ
Win32:Malware-gen
Trojan.Dropper-26973
Trojan-Dropper.Agent!IK
Riskware
Heuristic.BehavesLike.Win32.Suspicious.H
a variant of Win32/HackTool.CheatEngine.AB
W32/Obfuscated.I
Medium Risk Malware
Trojan.Win32.Delf.abt (fs)
HackTool.CheatEngine!/Rvf5d7ZQPYtrojan
or similar names. It is full of gen, generic, suspicious, riskware. In human language, they mean "I don't know what the fuck is this file but I don't like it". This still doesn't mean it is a virus. It is just suspicious. Which is a big difference.
If You send a virus report, make sure to check on the virus name and verify that it is really a virus and not just some heuristic scanner bullshit like the ones above.
You can also leave a comment for this article below.
Peace!
Geri
Reply With Quote
