Trojans and software viruses

We never intentionally distribute viruses, trojans or any form of malware.

Unfortunately current virus scanning software using their default setups employ a scan and detection technique known as heuristic scanning. In addition to the standard scanning for malware code using a blacklist, heuristic scanning looks at the program for malware-like behaviour. Many scene intros and cracktros implement self-decrypting and decompressing techniques which unfortunately is standard behaviour for malware that is attempting to infect your system.

Scanning for behaviour is never going to be 100% accurate, and an over sensitive heuristic scan can report what are known as false positives. Where a scan has incorrectly claimed, there is a potential threat but cannot pinpoint what that threat is and instead gives it a generic name.

Some files offered on Defacto2 are listed as a possible virus or trojan threat, and this is why. We do not believe they are dangerous, but some virus scanners are reporting otherwise.

An example of these false positive detections is an installation program Class created in 2000. It is compressed and encrypted using an arcane executable package called Shrinker. Many virus scanners do not recognise this legacy technique and flag it as suspicious.

The unmodified version of the Class installer triggers alerts with over 20 virus scanners.

Using Deshrink we remove the Shrinker encryption and compression used on the program executable, and there are no virus scanner alerts triggered.