This activation contains something malicious? about microsoft-activation-scripts HOT 35 CLOSED

?? what does that detection have to do with MAS? MAS is malware-free, you are wrong if you think MAS infected you. I've read through every line of MAS to confirm this.

from microsoft-activation-scripts.

As I said, you need to prove that any malware you detect is RELATED TO MAS. You really don't seem to know what you're doing, since your script is outputting files completely unrelated to MAS and you haven't shown any link between the things you have detected and MAS itself. Read through the source code and you'll see it is impossible that the official MAS infected you. You might have gotten a fake version of MAS from another site, or ran something else that infected you. If you want to discuss this more, join the discord and provide some actual evidence. If you keep baselessly accusing MAS of malware, you will probably be blocked from this issue tracker.

from microsoft-activation-scripts.

You are wrong about this being MAS, MAS is fully open source and you can read every line of code for yourself to see it has nothing malicious. If you want help with any malware issues, there are some places online that can help including our discord server, but don't accuse MAS of being malware without proper evidence. If you do think there is malware, show the exact line(s) of code that contain the malware.

from microsoft-activation-scripts.

Also, taskmgr showing high CPU usage before it fully loads is completely normal and not a sign of any malware on the system. Until task manager has fully loaded, it shows inaccurate results

from microsoft-activation-scripts.

853 / 5.000
I would love to be able to tell you the exact line or lines where it is, since I don't fully understand the code, I have decided to ask a question, which everyone can read, and if someone who understands code perfectly reads it, Maybe you find something that I don't
The only thing I have been able to do with my knowledge has been to create a script with python which detects the following > Malware detected in the file C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_11.2310.8.0_x64__8wekyb3d8bbwe\ActivationStore .dat.LOG2 by hash signature.
Hash of file C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_11.2310.8.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca 495991b7852b855

And this is one of the infected routes, I have more

from microsoft-activation-scripts.

Well, please review it again, because both the mining program and the cookie collector are there, I have checked it in several environments and telling me that it is OpenSource is no less indicative of malware, but until several people with knowledge prove otherwise, MASS is innocent at the moment

from microsoft-activation-scripts.

Well, please review it again, because both the mining program and the cookie collector are there, I have checked it in several environments and telling me that it is OpenSource is no less indicative of malware, but until several people with knowledge prove otherwise, MASS is innocent at the moment

show me where the mining program and cookie collector are. the burden of proof is on your to provide actual evidence for your claims. We have already proven MAS is safe by showing the full source code, which multiple people have read. So far you haven't given any evidence at all MAS is malicious, and thousands of other people run MAS with no problem.

from microsoft-activation-scripts.

Sergei Strelec, is a Russian, who has created a version of Windows, a Pocket Edition, which is used on a USB, this particular Windows is designed to analyze malware in the OS. and this is capable of showing you the 3 trojans I'm talking about
I do not have the necessary knowledge and I would love to have it, but I know that this type of attack is designed to hide, and be very difficult to detect.
What I can answer is that my python script uses Yara rules to determine if it is malware, and with the results obtained we pass them to a library with quite a few known malicious hashes.

from microsoft-activation-scripts.

Looking at the file hash you sent, it literally is a zero byte empty file. clearly your script is broken, you need to do better checks before you accuse a program of being malware.

from microsoft-activation-scripts.

As I am not able to understand all the code perfectly, I have recorded the problems that have arisen on my computer after using the following github to activate my windows and office packages > https://github.com/massgravel/ Microsoft Activation Scripts

If you are feeling that you are being attacked by my words regarding the activator, I do not understand why, it is just a question, which I would like to be answered by one of the collaborators of the same project.

And my malware script works perfectly, thanks
Since I have infected various virtual machines with different programs to check to what extent it works, but you are right, it is a shitty script, I am still developing it and I would like to be able to do it much better, which is why I am so interested in this

from microsoft-activation-scripts.

MAS doesnt have malware. Don't you think if MAS had malware a lot more people would report it except you? Planting malware in the script would be idiotic on our part as it is literally open-source and you'd see it in the commit history. Please educate yourself before making false accusations (you didn't "just" ask a question)

from microsoft-activation-scripts.

@TestTikkles
Where's the proof? The whole script is open to be reviewed by anyone, and it's a batch, try to read, you can. If you can't, you can take help from ChatGPT or something, or share the exact code part that you think is malicious.

from microsoft-activation-scripts.

If you are feeling that you are being attacked by my words regarding the activator, I do not understand why, it is just a question, which I would like to be answered by one of the collaborators of the same project.

I am on the MASSGRAVE team and can confirm it has zero malware. From the info you have posted, it is clear you are not qualified to determine whether the script is malicious, so you shouldn't have accused us of spreading malware in public like this. You should have contacted us privately first, false accusations of malware hurt our reputation and can lead users to pick worse options for activation. There is nothing for us to answer since it is already clear from the source code that MAS is not malicious, and any problems you might have are not related.

from microsoft-activation-scripts.

@TestTikkles please state exactly where you obtained MAS from as I suspect that your copy is compromised.

from microsoft-activation-scripts.

Could you tell me then why after activating window and the Office packages, on 3 different computers, the same thing that happened to me happened to them?
We have observed that after activation, the performance of the PC increases considerably, which should not be the case, and since I do not know why it happens, it is best to ask whoever designed it in part to try to find an answer.

from microsoft-activation-scripts.

That task manager thing?
That's normal, when you open task manager, CPU usage shoots up for some moments and then goes back to normal. It has nothing to do with MAS.

from microsoft-activation-scripts.

Is that seriously why you think MAS has malware?

Try opening task manager on literally any Windows 10 or 11 install and see what happens.

from microsoft-activation-scripts.

Could you tell me then why after activating window and the Office packages, on 3 different computers, the same thing that happened to me happened to them?

Most likely you either aren't actually infected, and just think you are infected, or you are making some other mistake on all those computers leading to the infection. Thousands of people including run MAS on their computers and don't have any issues.

from microsoft-activation-scripts.

Try doing your "malware" tests on a machine before you run MAS, you'll probably see the exact same things happen even without running MAS

from microsoft-activation-scripts.

If I am saying that after executing the command, I notice performance problems > irm https://massgrave.dev/get | iex
That's why we have done testing before and after activation, and problems arise after activation.
Before activating, I have no performance problems on the computer or in the task manager or anywhere.
After activation, a notable slowness is observed when searching, accessing system files, etc.

I dont know what is happening, but i think that something is wrong there

from microsoft-activation-scripts.

In the future, I will try to indicate everything with more details, to try to find a solution to this problem.
In the meantime, thank you for your help, as it is an opensource project I want to trust it, even though at the moment I have my doubts

from microsoft-activation-scripts.

Slowness does not mean there is malware. There are plenty of things that can cause computers to slow down, though I doubt it is related to MAS as MAS does not run in the background for most activation methods, and even when it does it only runs briefly to maintain activation.

from microsoft-activation-scripts.

In the case of the typical PC user, I understand that the slowness is due to other types of circumstances.
But I know that in my case, I am 99% sure that it is malicious code.

from microsoft-activation-scripts.

Then provide evidence that it is related to MAS, or this issue is going to be locked and if you continue you will be blocked from the issue tracker. "I ran MAS and something happened" is not evidence, since MAS is ran hundreds of times a day and nobody but you has any issue with it. You need to explain exactly how MAS could be causing issues, or at least clear instructions so people can reproduce the issue in a VM. So far you've just given vague statements about slowness and output from a script so broken that it literally showed an empty file as malware. We don't have access to your PC so we have no idea what you could be doing that caused the issues you are reporting.

from microsoft-activation-scripts.

Do you want proof of a file, which according to my shitty script, is empty?

another screenshot >

@ave9858 I am trying to solve an incident that occurs to me after using this activator and your response is that you are going to close my ticket due to false accusations???
Thank you very much for your wonderful contribution

from microsoft-activation-scripts.

@TestTikkles are you saying that those 0KB files are malware where some of them are months old?
Open VM or any other clean machine and run the MAS script in there, let me know if you can reproduce the same result.

from microsoft-activation-scripts.

Your screenshots literally show the file size as being zero, meaning no content. You can also google the hash you provided and you'd see it is the hash of an empty (0 bytes) file.

from microsoft-activation-scripts.

@ave9858 I am trying to solve an incident that occurs to me after using this activator and your response is that you are going to close my ticket due to false accusations???
Thank you very much for your wonderful contribution

So far your contribution has been nothing but false accusations based on misunderstandings due to your lack of knowledge on how malware and MAS work. The files you are showing are related to an app included with Windows itself and would be there even if you didn't run MAS, and they are completely safe. You still have provided zero evidence anything that happened on your system is related to you running MAS

from microsoft-activation-scripts.

@ave9858 In fact, since I have no idea, I'm researching it.
Stop feeling accused, as you said, it is an open source project which "does not represent any threat"
As a user without knowledge, I have postulated my question in search of answers
Later, I would like to be able to resume this same conversation by contributing the new things I have found or with the doubts I have about it if it is not a bother.

from microsoft-activation-scripts.

You shouldn't make a post like this in public, where you say you are sure it is malware, before you finish researching. This can mislead users and result in them using less safe options like fake KMSPico, resulting in actual malware infections. If you had questions, you could have joined the discord and asked, we would have explained anything you were unsure of and check your conclusions.

from microsoft-activation-scripts.

@WindowsAddict > @TestTikkles are you saying that those 0KB files are malware where some of them are months old?
Open VM or any other clean machine and run the MAS script in there, let me know if you can reproduce the same result.

As soon as I have the results, I would love to discuss it with you and finalize the matter.

from microsoft-activation-scripts.

@ave9858 I hadn't seen that you had a discord server, my fault

from microsoft-activation-scripts.

Do you want proof of a file, which according to my shitty script, is empty?

another screenshot >

@ave9858 I am trying to solve an incident that occurs to me after using this activator and your response is that you are going to close my ticket due to false accusations??? Thank you very much for your wonderful contribution

Can you share your script?

from microsoft-activation-scripts.

@FiorenMas Why do you want to see the code?

from microsoft-activation-scripts.

Becoming offtopic, closing here.

from microsoft-activation-scripts.