[ratww]

Cracking tools often compress their code for whatever reason. Some antivirus apps often report every compressed executable, such as anything using UPX, as being infected. That also happens with demoscene-style code, like MOD players that tend to be included in cracking tools.

The reason for that is that once upon a time some virus used UPX (or some demoscene tool), and the antivirus associated that with the virus. But some antiviruses also often detect cracked stuff and report it as being virus, purely because they're killjoys.

Commercial antiviruses are a plague as bad as virus themselves, unfortunately.