Free Allegiance Forums

Space battles since 2000
https://www.freeallegiance.org/forums/

Virus attack during Auto Update

https://www.freeallegiance.org/forums/viewtopic.php?t=49909

Page 1 of 3

Posted: Tue May 05, 2009 9:49 pm
by parcival
I use Avast. During the auto update I got a popup from it stating that a virus was trying to run in my system.
Here is what Avast recorded in it's logs:
Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\...\Local Settings\Application Data\Xenocode\Sandbox\2.2.3337.18747\2009.02.19T16.33\Native\STUBEXE\@PROGRAMFILES@\COMMON~1\MICROS~1\DW\DW20.EXE" file.

I chose to permanently delete the file (one of Avast's options) and then ASGS popped a message box stating that it can no longer run. ASGS closed and I reopened it. From then on everything went fine and I could play CC04 normally. It seemed that auto update worked but at the same time a virus tried an attack. Has anyone else experienced this?

Posted: Tue May 05, 2009 9:51 pm
by Grimmwolf_GB
http://www.freeallegiance.org/forums/index...showtopic=49898

I think it is avast posting a false positive.

Posted: Tue May 05, 2009 10:05 pm
by Deathrender
Avira does the same.

Posted: Tue May 05, 2009 10:23 pm
by TheCorsair
Deathrender wrote:QUOTE (Deathrender @ May 6 2009, 08:05 AM) Avira does the same.
Same here... and now it keeps coming up every so often no matter how many times I select "ignore" I guess I'll have to delete it next time or move to quarantine.

Posted: Tue May 05, 2009 10:24 pm
by Cheezits
AVG as well.....

Posted: Tue May 05, 2009 10:44 pm
by parcival
The strange thing is that AU seems to worked although this file was prohibited from launching and was permanently deleted. Like it wasn't doing anything "useful". What does this file do?

Posted: Tue May 05, 2009 10:50 pm
by TheCorsair
parcival wrote:QUOTE (parcival @ May 6 2009, 08:44 AM) The strange thing is that AU seems to worked although this file was prohibited from launching and was permanently deleted. Like it wasn't doing anything "useful". What does this file do?
I don't know myself but this is what I found on google

http://www.processlibrary.com/directory/files/dw20/
http://dotnetwithme.blogspot.com/2007/04/i...ing-you_18.html

Posted: Wed May 06, 2009 2:33 pm
by Adam4
NOD returns nothing, and NOD doesnt have "false positives"

Posted: Wed May 06, 2009 3:26 pm
by sgt_baker
This has been widely reported, yet not universally. Either we're dealing with a small number of false positives, or everyone else is already infected with a virus that disables all known AV suites.

I know which is more likely.

Posted: Wed May 06, 2009 4:38 pm
by peet
Check for yourself who to trust.

First disable your poor AV product that gives a false positive :)

DW20.EXE is one of the few files M$ has digitally signed. Rightclick EXE, click properties, click tab Signatures, click on MIcrosoft..., click Details. Verify the file is not compromised.

Also you can upload the EXE to e.g. VirusTotal and have it analyzed for free by almost every AV manufacturer.

If you still doubt, get another game.
All times are UTC
Page 1 of 3

Powered by phpBB® Forum Software © phpBB Limited