ExtremeInjector icon indicating copy to clipboard operation
ExtremeInjector copied to clipboard
verified publisher icon master131

shows its a virus

Open omardaher1 opened this issue 1 year ago • 6 comments

windows says its a trojan

omardaher1 avatar Dec 27 '23 07:12 omardaher1

and?

n08i40k avatar Dec 28 '23 12:12 n08i40k

and it wont open the dang zip file

koi-aiVVy avatar Feb 14 '24 08:02 koi-aiVVy

look what i found

AhnLab-V3 HackTool/Win32.Injector.C4224306 Antiy-AVL Trojan/Win32.BTSGeneric Arcabit Application.Hacktool.ZQ Avira (no cloud) APPL/Injector.AH BitDefender Application.Hacktool.ZQ BitDefenderTheta Gen:NN.ZemsilF.36744.4n0@ayB2dwj Cynet Malicious (score: 99) DeepInstinct MALICIOUS DrWeb Tool.Inject.74 Emsisoft Application.Hacktool.ZQ (B) eScan Application.Hacktool.ZQ ESET-NOD32 A Variant Of MSIL/DllInject.XQ Potentially Unsafe Fortinet W32/DllInject.XQ!tr GData Application.Hacktool.ZQ Google Detected Gridinsoft (no cloud) Trojan.U.Downloader.ns Ikarus PUA.HackTool K7AntiVirus Unwanted-Program ( 004d38111 ) K7GW Unwanted-Program ( 004d38111 ) Kaspersky Not-a-virus:RiskTool.MSIL.Injector.v Kingsoft Win32.troj.undef.a Lionic Riskware.ZIP.DllInject.1!c Malwarebytes DllInjector.Trojan.Injector.DDS MAX Malware (ai Score=95) MaxSecure Trojan.Malware.7164915.susgen McAfee GenericRXVC-CY!EC801A7D4B72 Microsoft HackTool:Win32/ExtremeInjector NANO-Antivirus Trojan.Win32.DllInject.fjhtkg QuickHeal PUA.GenericFC.S6060072 Sangfor Engine Zero Suspicious.Win32.Save.a SentinelOne (Static ML) Static AI - Malicious Archive Skyhigh (SWG) GenericRXVC-CY!EC801A7D4B72 Sophos Extreme Injector (PUA) Symantec Trojan.Gen.NPE Tencent Malware.Win32.Gencirc.1189c3ae Trellix (FireEye) Application.Hacktool.ZQ TrendMicro TROJ_GEN.R002C0DF921 Varist W32/Trojan.IXD.gen!Eldorado VBA32 TScope.Trojan.MSIL VIPRE Application.Hacktool.ZQ WithSecure Program.APPL/Injector.AH Xcitium Malware@#khuyon6cxb3x Yandex Trojan.Igent.bTKAcV.64 Zillya Trojan.DllInject.Win32.1584

yeah, its a virus

qwertyhacks avatar Mar 05 '24 03:03 qwertyhacks

the av's mark it as a virus because they see it's a dll injector, if you look at the labels you can notice they're all referencing HackTool or dll injection [https://www.virustotal.com/gui/file/b65f40618f584303ca0bcf9b5f88c233cc4237699c0c4bf40ba8facbe8195a46](vt scan)

Weigurde avatar Mar 09 '24 17:03 Weigurde

No, it's not a virus. Windows as well as any antivirus marks it as a virus because of the dll injection function. This is normal for cheats, injectors, etc. However you are "breaking the process and putting your load into it (just adding tasks to it)".

shizamuru-dev avatar Mar 27 '24 22:03 shizamuru-dev

Obviously. It uses a memory hacking library and the injector supports manual mapping and even injection via a kernel driver. Malware can utilize the same features, it makes sense

dmitry-js avatar Mar 16 '25 01:03 dmitry-js