Virus attack during Auto Update

TheCorsair · Post by **TheCorsair** » Wed May 06, 2009 5:41 pm

Adam4 wrote:QUOTE (Adam4 @ May 7 2009, 12:33 AM) NOD returns nothing, and NOD doesnt have "false positives"

Which NOD do you use that works with allegiance? I don't really like Avira and those damn popups!

Adam4 · Post by **Adam4** » Wed May 06, 2009 5:48 pm

V4.0.424.0 if that helps.

This is on XP x64

sgt_baker · Post by **sgt_baker** » Wed May 06, 2009 6:59 pm

Why has nobody pointed out that the false-positive in question concerns a file which has absolutely nothing to do with allegiance?

It has absolutely nothing to do with Allegiance.

There.

guitarism · Post by **guitarism** » Wed May 06, 2009 8:07 pm

So that means.... what then exactly?

parcival · Post by **parcival** » Wed May 06, 2009 8:22 pm

What baker says.
Also, a filename doesn't mean the real thing always.

Nevertheless, it's either a false positive or a smart virus sitting somewhere (probably not in Alleg AU itself) and listening for the right opportunity to attack (specific open ports etc). I have AU many times in the past and never had something similar.

Jonan · Post by **Jonan** » Wed May 06, 2009 9:11 pm

Got it today for the first time on autoupdate. Antivir.

Sure it's false positive. What's changed?

peet · Post by **peet** » Wed May 06, 2009 9:30 pm

If you suspect your anti virus system is compromised you can use one of the free LiveCD's from known brands. You boot your computer from a cd completely ignoring Windows startup.

You must make sure that boot from cd is supported on your computer.

Make a backup of the important data, and have the Windows and application software cd handy.

Burn the images to a cd on a clean computer.

Follow the directions on the manufacturers website. The three LiveCD's most easy to use are:

F Prot LiveCD
Dr Web Live CD
Avira

F prot is the only one with an update feature if you have a working internet connection. The other 2 must be thrown away if a new version is published.

Grimmwolf_GB · Post by **Grimmwolf_GB** » Thu May 07, 2009 9:24 am

sgt_baker wrote:QUOTE (sgt_baker @ May 6 2009, 08:59 PM) Why has nobody pointed out that the false-positive in question concerns a file which has absolutely nothing to do with allegiance?

Looking at the folder of the file I see:
Xenocode\Sandbox
I guess it has to do with Allegiance/ASGS.

raumvogel · Post by **raumvogel** » Sat May 09, 2009 6:12 am

It's easy to say it's a false positive or to "get another game",but that isn't going to stop this from chasing away players.
It just happened to me..same directory:
C:\Documents and Settings\E\Local Settings\Application Data\Xenocode\Sandbox\2.2.3337.18747\2009.02.19T16.33\Native\STUBEXE\@PROGRAMFILES@\COMMON~1\MICROS~1\DW\DW20.EXE
I'll ignore it,but it's giving us a bad name.

Grimmwolf_GB · Post by **Grimmwolf_GB** » Sat May 09, 2009 7:38 am

For the people with some knowledge, it is giving the av programmes a bad name.