08-13-2008, 08:20 AM
I wrote this tutorial for a friend who got infected. As far as i know the methods described usually give you a good indication of the trustability of the file and indeed the webiste.
Hope you may find this usefull.
Hope you may find this usefull.
Code:
How to tell if a crack is real or fake - The complete guide
BY OXY.
Is it real or is it fake. Well, the detective work begins at search engine page.
SO you search for windows vista crack. Loads of results come up but you notice this one:
Oxy Cracks
windows xp crack, windows xp serial,
windows xp keygen, windows xp patch,
windows xp activation crack...
www.oxycracks.ws
Is it real or fake? Well i'll give you a hint, some websites are crack search engines and will display this type of result and find you a genuine crack but some sites that display like this are fake. So what else can we look for? Well lets look at the url. Uh Oh! It ends in ws, most crack sites which end in ws will give you viruses. Examples include, dailykeys.ws, bestserials.ws, bestcracks,ws etc. Also be very very very carefull of crack sites hosted on free servers such as lycos.com etc. These sites often have cracks which contain viruses.
So now you click on a result. Well i'm afraid there is more things to be noticed here as well. Look at the page. Is there just one download on that page? If so be carefull, it might be a virus. Also look, does there seem to be a crack, serial, keygen and patch all listed on the same page for the software? If so it could be that the cracks are fake! You will very rarely get a crack, serial, keygen and patch for the same software on the same site. Ok, so you still want to proceed? Well look again, does the crack have an author or uploader displayed? EG: "Windows xp crack By NQR TeAm". If it doesn't the crack is likley to be fake as most real crack sites which real software crackers will put there name in the title of the crack.
Ok, so now lets look at the download. DOn't click anything yet!!! Just click it ready to download and it should say you are downloading crack.zip or something. SO lets look at what it says. Does it have the extension .exe? Yes? FAKE!!! All or most real cracks come packed in a zip, rar or other archive format. Ok there is a couple more obvious give aways to do with the download. If it comes in an exe it is so fake, no crack maker puts his downloads in exe format, he always includes a readme.txt or readme.nfo file or there may be multiple files to the crack. Ok so lets say it is a zip file. Seems safe? Think again. Look at the filename... it might say something like crack.zip. FAKE!!! Most real cracks include the name of the crack in the filename, EG: "windows xp crack by NQR TeAm.zip" etc. If it is the same filename crack.zip, kjeygen.zip then on the website all of the downloads might be linked to one file on the server which is obviously the virus.
So you decide to download the file, it is called "win xp crack.zip". You extract it and your antivirus does not detect anything. So we can now look at the exe in detail. Does the package contain a readme file or a cracked by file? If not its likley to be fake! Most real crackers will want to put their name on their work so look out for it! next giveaway, is suprisingly the icon of the file. Is it a generic exe file icon? If so its fake fake sucking fake!!! And i can bet you 100% it is. Most virus writers write console applications, and i bet you can guess what the default icon when compiled is! Yes its a generic exe file icon. Usually virus writers are too lazy to change the icon or may bind the file to another with their own custom binder that will change the icon to the generic one. Anyway whatever the reason for the icon is it makes it 100% fake and means it will be a virus! Lets look closer then. Download uniextract. try to extract the exe file. If it is binded with a shit binder then you will be able to extract the virus but if not uniextract may return a file type. Lets say this is "Borland Delphi Overlay". FAKE! No cracks are made in Delphi, they ae made in Visual C++ usually. So what else can you do to be sure? Well submit the file to virustotal and it will scan it with many different virus scanners. What one scanner doesn't detect another might. So the file comes back clean, but your still not sure even now. Well then get a virtual machine and run the crack in the virtual machine. Or if you have sandbox run the crack inside sandbox. TIP: When you do run the crack on your own computer make sure you have task manager and regedit open before you run the crack. That way if they get disabled and it is a virus you can have a chance of removing it or stopping it starting up.
Anyway i hope this tutorial has covered most of the bases. Now you should be alot wiser as to what is real and what is not. Anyway, have fun, get a quality crack, and safe surfing...
-[OXY]-