antiwpa.dll and hijack.help

[nvb2009]

Hi,

The program detects antiwpa as Trojan.I.Stole.Windows. Actually, it's a patch to validate Windows.

And

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0)

I believe this is a modification I've made in the start menu of Windows. I've opened gpedit.msc and disabled the help link.

[nosirrah]

The program detects antiwpa as Trojan.I.Stole.Windows. Actually, it's a patch to validate Windows.

No , it is a hack to steal windows by exploiting the failsafe safemode logon loophole . It makes regular mode think it is in safemode thus not requiring windows to be activated .

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp

There is no way to tell if malware did this or if the user has so we opt to help less knowledgeable users assuming that expert users will see the detection , understand it and add it to the ignore list .

[nvb2009]

No , it is a hack to steal windows by exploiting the failsafe safemode logon loophole . It makes regular mode think it is in safemode thus not requiring windows to be activated .

So you mean isn't a matter of security, but honor? I thought that programs like Malware Bytes would detect just security issues.

[nosirrah]

People that crack software are a HUGE problem when it comes to security for several reasons :

Cracked windows often cant get updates and thus are less secure . These systems frequently become parts of bot networks adding to the global spam problem and participate in DDoS attacks .

People that crack software frequently infecting their system in the process contributing the problems mentioned above .

The help forums are overloaded already and we as a whole have a policy to NOT help those who use cracked software , this detection helps ALL forums enforce this .

[John Darrow]

Let's get a few things straight:

No , it is a hack to steal windows by exploiting the failsafe safemode logon loophole . It makes regular mode think it is in safemode thus not requiring windows to be activated .

The first sentence's implication ("steal windows") does not necessarily follow from the second sentence. Not everyone who uses a tool which is sometimes used by crackers is a cracker. Some might even be security people themselves.

The fact is, Windows' activation system is fairly braindead. Among the things it doesn't handle well are major hardware upgrades, and transferring of licenses from one system to another - the latter of which is a right of the end user as a corollary to the "doctrine of first sale", and has been upheld repeatedly by the courts in explicit repudiation of licensing clauses which may try to prohibit it.

As long as Microsoft refuses to fix activation to reasonably handle these cases, said end users are basically forced to use tools like AntiWPA in order to make legitimate use of their legal rights.

Cracked windows often cant get updates and thus are less secure . These systems frequently become parts of bot networks adding to the global spam problem and participate in DDoS attacks .

People that crack software frequently infecting their system in the process contributing the problems mentioned above .

AntiWPA does not prevent updates. I've got a computer which has been running AntiWPA 3.3 for a couple of years now, in order to make use of the Windows XP Professional license from an earlier laptop which had died (the license key/COA is sitting on the desk in front of me, still attached to the plastic memory cover from the old laptop). It has never had any trouble obtaining updates, and receives the same set of updates as other computers I have which do not run AntiWPA and were activated the normal way.

A user carefully installing AntiWPA for the purpose of making legitimate use of their legal rights is no more likely to infect their system with other malware than a user who has activated the usual way. In fact, they are probably less likely to have malware, as they have shown enough of a modicum of computer savvy to search out and vet AntiWPA and decide it is the appropriate tool for their needs. They might in fact even have read the publicly-available source code, tested it in a sandbox, and continued to monitor its activity after installation to make sure it isn't doing anything wayward.

The simple fact is, labeling AntiWPA as "Trojan.I.Stole.Windows" is both technically incorrect and legally questionable (and, be aware, there are jurisdictions where knowingly making a false accusation of criminality is itself a criminal act), not to mention inappropriately snarky.

[exile360]

Among the things it doesn't handle well are major hardware upgrades, and transferring of licenses from one system to another - the latter of which is a right of the end user as a corollary to the "doctrine of first sale", and has been upheld repeatedly by the courts in explicit repudiation of licensing clauses which may try to prohibit it.

If it's illegal then why did MS not change the EULA with 7? Also, on the subject of these specific tools, they serve no real purpose anyway since a simple FREE call to MS will fix such issues. I've had to do it myself to transfer a license from one system to another or even reactivate Windows on the same system after a reformat (yes, I'm inclined to agree with the "braindead" part of how Windows Activation works, at least in many cases ).

[John Darrow]

If it's illegal then why did MS not change the EULA with 7? Also, on the subject of these specific tools, they serve no real purpose anyway since a simple FREE call to MS will fix such issues. I've had to do it myself to transfer a license from one system to another or even reactivate Windows on the same system after a reformat (yes, I'm inclined to agree with the "braindead" part of how Windows Activation works, at least in many cases ).

Note that I didn't say the clauses were "illegal" (which would imply an actual law was passed making it a crime simply to write a license which attempted to apply such limitations); what the courts have repeatedly said is that such clauses are not legally enforceable, that if it looks like a purchase, it is a purchase, and that, as such, "licensing" terms cannot abrogate the rights that come with making a purchase. It's just that you're unlikely to get Microsoft people to admit as such, including many of the people you might talk to when calling to change the license - many will still pressure you to get a new license (at the very least burning up your time and running up your phone bill for this supposedly "FREE" call). It's along the same lines as their moving the COA/license key to unremovable stickers on the cases of the computers (instead of a card at the front of the software packet that comes with the computer, where they used to be) - they hope that if they make it difficult enough to actually carry out what is your legal right, you'll give in and do it their way even if they can't actually legally force you to do so. And maybe they even hope that somewhere down the line some court will actually side with them (and completely change the nature of consumer law) - but it hasn't happened yet.

Look, if Malwarebytes wants to keep identifying AntiWPA using a misleading label, it's entirely within your rights to do so, just as it's within Microsoft's rights (in a legal, if not moral, sense) to prod users to follow license terms that aren't legally enforceable. Just realize that the justification for doing so is far more political than technical.

[exile360]

I agree with you that licenses should be legally migrated to a new system, it's what's fair in my opinion. But the reason we are detecting this isn't for the cases that someone foregoes a call to MS to get a new activation key because they don't have the time to deal with them, it's for the cases (that are far more common in my experience) where a user is attempting to activate a license that either does not belong to them on their own computer, or to activate a single license on multiple computers, both of which are examples of theft, and the reason MS created this clause in their EULA and the Windows Activation technology to begin with.

Should things be better for the user vs the way they are now? Certainly, I gladly concede that and I agree with you that it should not be so difficult to activate Windows on a different PC when you've removed it from the old PC. But that doesn't mean that I'm personally willing to violate the EULA that I agreed to when I first installed Windows, regardless of the legallity of it.

If you look at fair usage rights with digital media it falls along the same lines. As a consumer you have the right to make a single backup copy of any media you purchase, yet there is a law (that is actually upheld in courts unfortunately) that you can not break the encryption on encrypted copy protected media, thus overriding your right to make a backup copy.

In my opinion that should not be the case, I'm personally on the side of the consumer and I do see your point, but given the volume of pirated keys and hacks being used out there because people aren't willing to pay for Windows far outweighs those willing to track down the tool you used simply in order to do something more legitimate with it like install it on a new PC after having removed it from another, it is my opinion that this detection should remain.

[mannynavida]

Naming AntiWPA as "Trojan.I.Stole.Windows" is both technically incorrect and legally questionable. antiwpa.dll is not a Trojan, but a very useful tool to validate windows and make it a legitimate copy so the user will be able to receive updates,and activate their copy of windows.In fact, we should be thankful to the guys who made this program possible.I quote this passage from someone who also post on this topic,he say's that:

"People that crack software are a HUGE problem when it comes to security for several reasons :

Cracked windows often cant get updates and thus are less secure . These systems frequently become parts of bot networks adding to the global spam problem and participate in DDoS attacks .

People that crack software frequently infecting their system in the process contributing the problems mentioned above ."

Well sir, actually you're technically wrong and you're misinformed about your assumptions. antiwpa.dll is not a harmful entry on your windows.It's not a Trojan or a virus that other people says it is.but rather a modification tool to pass all WGA Checks and make your copy of windows legitimate.Because Microsoft only allows Genuine Windows to receive updates,patches and freebies for those "who Legally bought their software as based on EULA included on every software package.

The discussion and conflicts regarding its functionality and legality will only go on and on,but in short, i would like to point out clearly that this is not a worm,a trojan or a virus that other spoke of and make assumptions without having any technical proof,It's not a malware that will spread and multiply on your system registry as others think of,but a very useful tool for others who cant afford to buy original copies of windows and for IT enthusiast who who would like to explore its capabilities.but in legality,it clearly violates the EULA on Microsoft.It's not harmful or dangerous as it may be,but always remember,use it at your own risk.(antiwpa.dll is not a threat on your system,scan it with ESET Smart Security 4 and Windows Defender,you will see.but Microsoft Security Essentials detects it as a malicious code on your windows.but aside from that,it won't bring any conflicts or pop ups on your system)

MannyNavida

[nosirrah]

Naming AntiWPA as "Trojan.I.Stole.Windows" is both technically incorrect and legally questionable. antiwpa.dll is not a Trojan, but a very useful tool to validate windows and make it a legitimate copy so the user will be able to receive updates,and activate their copy of windows.In fact, we should be thankful to the guys who made this program possible.I quote this passage from someone who also post on this topic,he say's that:

You are misinformed (or misinforming). The dll in question tricks the OS into thinking it has booted into safemode without networking thus triggering the activation bypass fail safe. It makes nothing legitimate, but you likely already knew that.