Friday, April 11, 2008

Cracks, Rawshooter, and Trojans

So I cozied up to the computer to do some exposure blending (more on that in a later post about HDR) and I realized that my images needed to be reconverted from RAW to get a better exposure range. So I clicked on RawShooter Premium only to get me an error telling me the shortcut didn't point to anything.

That's odd
, I thought.

Time to look on the disk where the executable should be -- it was gone... My next thought was, Maybe Windows XP automatically removes cracked software... I wonder if I can put a new copy on?

So, I located the zip file on my desktop which included the executable and decompressed it... everything else got decompressed, but not the executable. So, I tried only extracting the executable -- but it didn't actually land in the folder I dragged it to?!!?

Now I was officially confused...

What was keeping the file from being decompressed?

And then I remembered my antivirus software, Symantec Antivirus.

Checking the logs, it turns out my cracked version of RawShooter Premium included a nice little trojan horse called InfoStealer.Gampass that Symantec didn't pick up right away. And when it realized it was a danger, it quietly removed the file. I suppose it could be worse. After all, InfoStealer.Gampass has a low Threat Assessment in pretty much every category and is probably harmless on my machine since I don't play any of the games it steals accounts for. FYI, my cracked copy was from a group called ICU. Although the crack is dated 11/30/2005 which should precede the first discovery of the Trojan, and especially the updated Trojan I contracted... Note also the 11/30 date doesn't match the date listed on ICU's site.

On one hand, I'm inclined to just disable that virus scan and keep working with RawShooter. It is very unlikely that InfoStealer.Gampass will cause me trouble since I don't play any of those online games. But on the other hand, I'm not wild about ANYTHING polluting my computer, even if it is most likely harmless.

So, I think it is an ideal time to give Bibble and Lightroom test trials to see which I like better, and then actual pay for one of them :)


Anonymous said...

I got exactly same problem today, so it must happened with the last virus definition update.

I don't think its a virus, Symantec just confuses this file with a signature of a virus. To fix it you can exclude your Rawshooter folder from the file scan (or just Rawshooter.exe afterwards).

Sean said...

It definitely happened with the update from 4/11, which is really odd considering the file (and the viruses) are dated from two years ago. So I'd be inclined to agree with your assessment...


I'm still hesitant to put my machine at risk, even though the risk is small. So I'm downloading Bibble tonight, but if it doesn't cut it, I may risk it again :)

Anonymous said...

I think you can get a version here

that's the last one that was made and doesn't have this problem.

Anonymous said...

In case you can't read the previos URL, here's a shorter version

Sean said...

Thanks for that link, Mr Anonymous. I downloaded that version and scanned it and it is clean according to Symantec and Spysweeper!

Ishmael said...

My Avira Antivirus just identified Rawshooter.exe as containing Trojan/436936. Again, a bit odd that it's only picked this up now (14th July).