Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I.stole.Windows Entry In Malware Bytes


  • Please log in to reply
9 replies to this topic

#1 shashman

shashman

  • Members
  • 179 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 29 August 2010 - 01:23 PM

What the crap is this. When I run malware bytes, i get one result 'AntiWPA(I.stole.Windows) trojan.

I have windows xp, rather had windows xp on my computer until my hard drive died. I replaced the hard drive and also added some memory and a new processor. After that my xp os disk wouldnt validate when i installed it on the new hd. I took it to a techie and he said he was able to validate it. Now I can get into windows, but I run mbam, I get this trojan. how do I get it either not to say I.Stole.Windows or stop it from showing up as a trojan

i could buy a license but why should i pay for the software again just because the hard drive crapped out on me

I need to find a way to make the trojan undetectable or to somehow remove the 'I.Stole.Windows' string when it is detected.

This is just so I get peace of mind. If MS would give a new license number for free, I would follow your advice and go that route, but I doubt they do anything for free

can someone please help? What is the I.Stole.Windows text called anyway, is it a called a trojan signature or a trojan name or trojan identifier or ...?

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:45 PM

Posted 29 August 2010 - 01:47 PM

From Malwarebytes Forum.

Louis

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:45 AM

Posted 29 August 2010 - 01:58 PM

Your original install of XP should have come with a COA sticker and install numbers

If your hardware changed enough that it wouldn't validate, then you should have called and done it manually.

The tech should not have used a hack, I would try to validate for several reasons, future updates etc.
Chewy

No. Try not. Do... or do not. There is no try.

#4 shashman

shashman
  • Topic Starter

  • Members
  • 179 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 29 August 2010 - 03:03 PM

dachew
i called them but they lwanted to charge me for a new license. Thats probably why the tech also didnt call them. And they woulnt even give me a free license when I read them the COA on my computer showing that I had a genuine copy of windows on the old hard drive. This is a really sucky way for microsoft to make its money

anyway , thats the reason I want to see if there is a way I can either stop my auto virus scan from detecting that or a way to change the text associated with it

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:45 PM

Posted 29 August 2010 - 03:14 PM

Since it appears that this feature is intentionally built into Malwarebytes...and you've read their response to such...I don't know what anyone here can suggest to overcome a programmed instruction in Malwarebytes.

I'm not the smartest person in the world...or even on my block...but your "issue" is with Malwarebytes, not with Windows.

<<I replaced the hard drive and also added some memory and a new processor.>>

When you did this...Microsoft says that you created a new system, to which your old license (if OEM) does not apply.

Those have been the rules for several years. Your actions seem to say that you understood this, IMO and took steps to circumvent proper PA.

Louis

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:45 AM

Posted 29 August 2010 - 03:55 PM

When you did this...Microsoft says that you created a new system, to which your old license (if OEM) does not apply.


I have never heard this so strictly applied, even in the MS newsgroups 8-10 years ago.

Just tell MBAM to ignore the file but I would get this fixed.

edit

Edited by DaChew, 29 August 2010 - 05:17 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:45 PM

Posted 29 August 2010 - 04:36 PM

I didn't say anything about "applied"...MS has documented this interpretation on their website...their application of this interpretation when it comes to PA...may vary.

Most of us who have changed out components...have had no problem at all with telephonic PA and an explanation of what happened.

But the policy stance by Microsoft exists...which should explain why the system is flagged by Malwarebytes.

I've never seen it, but I also believe that MS keeps a list of "compromised licenses." If the license used for activation of that system is on that list, there's probably something in Windows that allows the flag thrown up by Malwarebytes.

Louis

For systems with "name brand" volume licensing...I suspect that the PA standards are more stringent...than those practiced for system builders installing MS OEM editions of XP.

Edited by hamluis, 29 August 2010 - 04:43 PM.


#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:45 AM

Posted 29 August 2010 - 05:21 PM

an explanation of what happened.


I would call again and be diplomatic.

MBAM is flagging the crack only, not cracked windows installs.
Chewy

No. Try not. Do... or do not. There is no try.

#9 shashman

shashman
  • Topic Starter

  • Members
  • 179 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 29 August 2010 - 09:21 PM

dachewy,

so how do i make the exception in mbam for this file. i looked at the mbam interface but didnt find any placaltere to specify the exception


alternatively, can i somehow make the file itself undetectable as a trojan or a virus

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:45 AM

Posted 30 August 2010 - 03:36 AM

The file is an illegal crack, no argument about that.

Read Hamluis's link again
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users