VA1DER 0 Report post Posted December 15, 2020 Both the WICReset utility and the License program show up as having malware in them. Also, the fact that License.zip is encrypted with the password just given unencrypted is a tactic used by a lot of people who distribute malware to prevent it from being detected by malware scanners, because the scanners can't see inside the encrypted file. Can you explain why malware is being detected? Can you also explain why the license.zip file is encrypted with the password given unencrypted, since this makes absolutely no sense. Share this post Link to post Share on other sites
wic.support 30 Report post Posted December 15, 2020 Good day. According to the virus total both WICReset installer and executable file are clean: http://www.2manuals.com/WIC/wicreset.exe https://www.virustotal.com/gui/file/90d424c84ab21e57b4b9e0db7410948753e110d0019c7dace8a1d9b1810a5f21/detection https://www.virustotal.com/gui/file/6186c1698dae223af9564e4ad78bfb5a116034674ef78a844afd8931768cdc6f/detection you can download the files and check that SHA-251 from the scan results matches file hash or just rescan it yourself again. If you got different results on your local PC, please, try to update antivirus databases first and check again. If this does not help then report what type of the antivirus you are using and what message exactly it shows. As for the license.exe I scanned extracted executable and got 2 out of 69 (SecureAge Apex and DrWeb): http://chiplesssolutions.com/download/License.zip https://www.virustotal.com/gui/file/b034aefcf2714786cdcc43a0ef2ac8b6502b9f584b20c064103be2e762466a7a/detection in my experience Apex produces a lot of false results especially if application is not signed, in the current results it shows that application is "malicious" without listing any specific threats. Actually it does this after every single update and this is the main reason why activator is encrypted. Anyway I will send false positive reports for license.exe to both of them and I hope it will be cleared soon. Share this post Link to post Share on other sites
VA1DER 0 Report post Posted December 15, 2020 The WICReset installer gave two hits on VirusTotal before, and it still gives one now. I don't know what installer you are linking the results to above. I am using the installer that extracts from a zip file and is linked to right on the 2manuals.com home page. I get different hashes for that extracted installer and the installer you linked to above. I understand false positives, we all have run into that, but I don't understand why you encrypted license.exe within license.zip and stuck the password unencrypted in the outer zip file. You understand, this is almost solely a tactic that malware distributors use to fox scanners. Of course, no one who is distributing malware is going to say, yes, I am distributing malware. All will say "oh it's a false positive". So we as consumers base decisions on several factors. The nature of the product, being a grey-market item, already increases the risk level. Add in detections on VirusTotal and the fact you are using a malware distribution technique that defies an innocent explanation, and it makes things suspect at best. What is license.exe actually doing? Is it communicating with the printer? From what I have read it is just generating a hash code that you enter into the printer's modified firmware. If this latter is the case, then why can't you generate that hash code from your web site, or email it to the purchaser? Share this post Link to post Share on other sites
wic.support 30 Report post Posted December 15, 2020 It seems that archive from the link you provided contains old version of the application (5.40), this link will be fixed, correct version (5.59) is the one I provided above: http://www.2manuals.com/WIC/wicreset.exe Actual activation sequence is generated remotely, license.exe only exchanges data between the printer and the server. Even if it wasn't the case, activation data must be written to the printer somehow, it would be useless if we just send it in the email. Share this post Link to post Share on other sites
VA1DER 0 Report post Posted December 15, 2020 Thank-you very much for clarifying which wicreset is the current one. Thank-you for also explaining the activation sequence. I would still really like an explanation of why a malware distribution technique is being used to encrypt license.exe. You might also consider one of more of the following suggestions: make license.exe as a 32-bit binary rather than 64-bit, so it could be run from REACTOS which unfortunately is not remotely stable in 64 bit yet Make license.exe as a Linux binary, so that it can be easily run from a live CD Release the source code for license.exe - if the activation sequence is remotely generated, then there is little magic in license.exe that could be harmed by releasing the source The first two above would make it easier to run from VirtualBox in a way that is safe for the user even if there is malware in it. The last option above is just good practice for something like this. That being said, can you still please explain why you are using zip encryption the way you are, because from an outside perspective it is shady. The only other people who do things this way are malware distributors who are trying to hide the payload from scanners. Thank-you. Share this post Link to post Share on other sites
wic.support 30 Report post Posted December 29, 2020 Quick update on the situation, both Dr.Web and Secure Age Apex cleared their false positive results after submission:https://www.virustotal.com/gui/file/b034aefcf2714786cdcc43a0ef2ac8b6502b9f584b20c064103be2e762466a7a/detection Share this post Link to post Share on other sites