Categories > WeAreDevs > Hangout >
I have a question about the 3rd party exploits in the "Exploits" tab
Posted
Recently my antivirus has been telling me about viruses inside these exploits. But before you conclude anything, yes I have read about what WeAreDevs had to say about this
"WeAreDevs is NOT a malicious website. Our exploits are misunderstood by antiviruses due to their nature of software manipulation. The websites and people who say otherwise are misinformed and wrong."
Now, I could understand where WeAreDevs is coming from. Since these exploits edit running programs in the RAM instead of on the Hard Drive, it is a pretty smart way of acting like a "File Replace" Malware without really being a FileRep Malware, and so, antiviruses would try to think 1 step ahead and clock those programs. But for exploits, you kinda have to do that in order to hack the game. So I get where they are coming from. But lets really think about this. Since these clients are supposed to be safe and all they do is edit program's with no intent of stealing data or acting like ransomeware, then Antiviruses (If they detect them) should have a very generic type of virus name in the prompt window. I use Avast and occationally Malwarebytes, and for eploits like Krnl, Avast either Gives "IDP.Generic" or "Win64:Malware-gen"/"Win32:Malware-gen", Both meaning: "This program is doing some suspicious stuff that you might not want / This may be a program that you didnt even know existed on your hard drive and now it's doing some stuff that you might not want" Now, this makes sense. Yknow, very generic A.I generated types for the blocked exploit. The antivirus doesnt say what spisifc virus it is, because it doesnt know for sure. So, if this is true. Why do some of the exploits in the Exploits tab give detections such as "FileRepMalware" and "Other:Malware-gen [Trj]" (Trojan). The antivirus isnt unsure about the virus. The antivirus knows for a fact that this is a Trojan and blocked it.
Now, it is true some of these clients would trigger your antivirus' alarms. But that doesnt mean that all antivirus deteced clients are safe. You should really look at what type of virus your antivirus said it was and use common sense. Also research what the spisifc names and codes for what they mean. What if an actual malicious hacker designed a client that hacks roblox and allows you to fly while also stealing your data. And if he wanted to market this client, he could use the same excuse that non threating client creators use. "Ohhh, your antivirus is just paranoid. Clients are designed to edit programs so your antivirus cant tell the difference. Just disable your antivirus and use my program. You wont regret it, I promise."
There's no real way of telling who is being true and who is being false, and all we have to go off of is what the antivirus says. If the antivirus says the program is just acting suspicious and it's a program used to inject and hack the game (of which you know). Chances are, it's not a virus. But if your antivirus is telling you it's confident it's a trojan, not any regular virus, but a spisifc kind called a trojan that steals your data while you use it. Chances are, it's probably a trojan.
I wanted to make sure WeAreDevs put a safe lock to make sure 3rd party programs dont contain any viruses. So I read what they on their front page "https://wearedevs.net/home" I read everything and was a little confused about the wording. "Our exploits are misunderstood by antiviruses due to their nature of software manipulation."
What do they mean by "Our"? Do they mean all the exploits in the Exploits tab? Or do they mean the exploits that the team (WeAreDevs) created? Like the JJSpoit client. So I read through the "Read more here."s to make sure that 3rd parties cant, by agreement, upload any malware or malicious programs. The first one (https://wearedevs.net/forum/t/572) just explains how anti viruses might misunderstand some of the clients. The second one (https://wearedevs.net/forum/t/19023) talks about, what I assume to be the rules in uploading exploits to the forums section, because it says "(Failure to comply will lead to your thread being hidden without warning)" but it doesnt talk about the exploits in the Exploits tab. The third one (https://wearedevs.net/forum/t/9765) talks about how to submit directly to exploits tab. It does mention about malware and adware, but it's not the clients themselves it's talking about. It's talking about the manner how you would download the clients and the kinds of viruses that might be installed from the file sharing website that have nothing to do with the actual client. It also doesnt bring up if the clients you were to upload must not contain malware of any kind.
Now. I am not saying that WeAreDevs is sharing any kind of malware on purpose. All Im saying is that the wording isnt clear and I just want to ask if there's a chance that any of the 3rd party clients in the Exploit tab might have any malware. WeAreDevs said "WeAreDevs is NOT a malicious website. Our exploits are misunderstood by antiviruses due to their nature of software manipulation. The websites and people who say otherwise are misinformed and wrong." Which is good enough for me on the JJSpoit exploit. I just want to know if this extends to the rest of the 3rd party clients. The general rule is to just be careful when using exploits of any kind, but Im asking just to make sure.
Sorry for the long *** story. Im not good at puting topics into small terms.
Thanks
Replied
They're false positives. I think it means that it does suspicious things and Windows thinks is bad when it isnt.
Cancel
Post
Replied
You forgot one key component to the virus detection, obfuscation. Obfuscation can cause antiviruses to relate exploits to other samples which used the same obfuscator or the same methods of obfuscation / whatever, you get the point.
And as a front page exploit owner I can confirm that the only exploits that actually get onto the front page are reputed ones which have to be made by respected developers. There's also other developers constantly checking if there's any suspicious activity going on with the program itself by reversing it (no matter how protected your code is, it'll always be reversable), running it in a VM, etc. And if another developer finds something malicious in your software do you really think they're gonna ignore it when they can gain more reputation themselfs by exposing you? Think about that for a second. The community basically keeps itself clean.
Edit: the exploits released in the Roblox section of the Forums can sometimes contain something suspicious but once someone has reversed it and reported it to the moderation team we'll instantly remove the thread from the forums and ban the user from posting anything ever again.
Cancel
Post
Replied
False Positives? Even the trojan prompts? I could understand when an antivirus thinks a programs is suspicious and marks it as suspicious, but for a program to see it as suspicious and prompt it as a trojan doesnt make any sence.
Cancel
Post
Added
@SirWeeb.
Ok, so. What you're saying is that the exploits that are on the Exploit page have no malware what so ever? I wanted to know if there's even a chance for there to be malware. But if you're saying that you reviewed through all of them are you also saying that there is no malware in any of them?
Cancel
Post
Replied
@Soniasinn I am 100% sure there is no malware in any of the front page exploits. I own one of them and like I said, your exploit needs to be known, respected and reputed. Otherwise there is 0% chance your exploit would ever come on the page.
Cancel
Post
Replied
@SirWeebs
Oh ok phew. That's good to know. Thanks for the answer ðŸ‘
Cancel
Post
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post