*

Account

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 27, 2024, 03:52:36 am

Login with username, password and session length

Resources

Recent posts

[November 01, 2024, 12:46:37 pm]

[October 05, 2024, 07:29:20 am]

[September 05, 2024, 01:54:13 pm]

[July 16, 2024, 11:30:34 pm]

[June 22, 2024, 06:49:40 am]

[March 08, 2024, 12:13:38 am]

[March 08, 2024, 12:12:54 am]

[March 08, 2024, 12:09:37 am]

[December 30, 2023, 08:00:58 pm]

[February 04, 2023, 11:46:41 am]
Pages: [1] 2   Go Down
  Print  
Author Topic: Virus warning  (Read 9497 times)
0 Members and 8 Guests are viewing this topic.
ImmanioEiR Offline
Donator
*
Posts: 247


« on: February 09, 2009, 01:53:24 pm »

When I start up the launcher, I get the message box saying 1 file is missing or outdated, but at the same time, F-Secure reports that it's found a trojan in libcurl.dll in the Company of Heroes folder. If I say yes to updating EiR, it says it's updated successfully, but when it restarts the launcher I get the same message again (1 file missing or out of date). This happens no matter what I tell F-Secure to do (including canceling). It worked just fine earlier today. Anyone else had this problem?
Logged
gungunx Offline
EIR Veteran
Posts: 137


« Reply #1 on: February 09, 2009, 02:04:53 pm »

i also found a trojan in it   trojan.win32.agent.bpjr
Logged
ImmanioEiR Offline
Donator
*
Posts: 247


« Reply #2 on: February 09, 2009, 02:05:45 pm »

Yep, that's the one.
Logged
gungunx Offline
EIR Veteran
Posts: 137


« Reply #3 on: February 09, 2009, 02:07:55 pm »

libcurl.dll is part of the launcher? or coh file ?




if i delete the file will i have to reinstall coh ?
« Last Edit: February 09, 2009, 02:10:25 pm by gungunx » Logged
Unkn0wn Offline
No longer retired
*
Posts: 18379


« Reply #4 on: February 09, 2009, 02:10:24 pm »

I think that's the file needed for users to report the battle outcome?
Would explain why it gets reported as a 'trojan'.
Logged
ImmanioEiR Offline
Donator
*
Posts: 247


« Reply #5 on: February 09, 2009, 02:12:52 pm »

Would make sense. Are you using F-Secure as well, gungunx?

I'd definitely guess it's an EiR file, at least, since it shows up again when I say yes to download the missing file (which would imply that libcurl is the missing file, I guess, and the launcher thinks it's missing because F-Secure won't let it be accessed).

Edit: Ok, I told F-Secure real-time protection to ignore libcurl.dll, which seems to make it work.

« Last Edit: February 09, 2009, 02:16:20 pm by ImmanioEiR » Logged
gungunx Offline
EIR Veteran
Posts: 137


« Reply #6 on: February 09, 2009, 02:13:42 pm »

scanned with jotti malware

http://virusscan.jotti.org/

results :

File:      libcurl.dll
Status:    
INFECTED/MALWARE
MD5:    bfc51bbac7489d8bec19374551b81b4e
Packers detected:    
-


A-Squared     
Found nothing
AntiVir    
Found nothing
ArcaVir    
Found nothing
Avast    
Found nothing
AVG Antivirus    
Found nothing
BitDefender    
Found nothing
ClamAV    
Found nothing
CPsecure    
Found nothing
Dr.Web    
Found nothing
F-Prot Antivirus    
Found nothing
F-Secure Anti-Virus    
Found Trojan.Win32.Agent.bpjr
G DATA    
Found nothing
Ikarus    
Found nothing
Kaspersky Anti-Virus    
Found Trojan.Win32.Agent.bpjr
NOD32    
Found nothing
Norman Virus Control    
Found nothing
Panda Antivirus    
Found nothing
Sophos Antivirus    
Found nothing
VirusBuster    
Found nothing
VBA32    
Found nothing

only f-secure and kaspersky reported it as a trojan
Logged
gungunx Offline
EIR Veteran
Posts: 137


« Reply #7 on: February 09, 2009, 02:14:05 pm »

Would make sense. Are you using F-Secure as well, gungunx?

I'd definitely guess it's an EiR file, at least, since it shows up again when I say yes to download the missing file (which would imply that libcurl is the missing file, I guess, and the launcher thinks it's missing because F-Secure won't let it be accessed).

im using kaspersky
Logged
EliteGrens Offline
EIR Veteran
Posts: 240


« Reply #8 on: February 09, 2009, 02:16:17 pm »

Try running launcher with admin mode.
Wont say a file is missing then Smiley
Logged
ImmanioEiR Offline
Donator
*
Posts: 247


« Reply #9 on: February 09, 2009, 02:18:01 pm »

Well, it won't really help if the launcher does start if it actually is missing a file needed to report battle results.
Logged
Duckordie Offline
Community Mapper
*
Posts: 1687



« Reply #10 on: February 09, 2009, 02:18:29 pm »

Its calling it Virus due it takes files from your computer can send it to a server (aka back door taking stuff thing)
Logged

^<-- Duck ™ and ©


 We need more axis players!:
gungunx Offline
EIR Veteran
Posts: 137


« Reply #11 on: February 09, 2009, 02:19:13 pm »

but its not a virus right? its the eir report thingy?
Logged
ImmanioEiR Offline
Donator
*
Posts: 247


« Reply #12 on: February 09, 2009, 02:21:45 pm »

Well, in a sense it is a trojan, since it does quietly send information to the EiR server. However, it's one we want, since all it sends is the battle results. Should be safe to tell your virus scan to ignore the file.
Logged
Kolath Offline
Commander, 2nd Infantry Division
*
Posts: 2382



« Reply #13 on: February 09, 2009, 02:52:18 pm »

Hmm... that's weird.  Has anyone else ever gotten this warning before?  It's not like its a new file or anything.
Logged

Kolath's Quote Commandments:
1. Thou shalt not quote the entirety of a post 3 or less posts above you
2. Thou shalt not quote more than 2 nested levels
3. Thou shalt not quote large blocks of text when one sentence would do
4. Thou shalt not quote images!
ImmanioEiR Offline
Donator
*
Posts: 247


« Reply #14 on: February 09, 2009, 02:58:03 pm »

My guess would be updated virus definitions. Just a wild guess, though.
Logged
gungunx Offline
EIR Veteran
Posts: 137


« Reply #15 on: February 09, 2009, 02:58:39 pm »

My guess would be updated virus definitions. Just a wild guess, though.
i second that
Logged
Gishank Offline
EIR Veteran
Posts: 111


« Reply #16 on: February 10, 2009, 04:01:10 am »

It amuses me that alot of anti-viruses only ever pickout non-infected programs / files to be infected rather than those which are... lol
Logged

Hydro Offline
EIR Veteran
Posts: 242


« Reply #17 on: February 11, 2009, 11:50:21 am »

Nothing on avast, but sometimes it says my sister's photos are malware....

Spybot- nothing found
« Last Edit: February 11, 2009, 11:52:47 am by Hydro » Logged
amadeus Offline
EIR Regular
Posts: 21


« Reply #18 on: February 11, 2009, 12:17:54 pm »

cmon DEVS, fldash, explain!
Logged
salan Offline
Synergies TL2 mod!
*
Posts: 6290


« Reply #19 on: February 11, 2009, 12:36:47 pm »

there have been many players who come and say their detectors pick something up, yet never ever heard of an actual virus hit.  Always been false positives with varying detectors.

usually its new players coming and saying it when they do their first installs / scans.

after 2 years of active playing of the mod, it would be highly talked about if there had ever been a virus issue.
Logged

Pages: [1] 2   Go Up
  Print  
 
Jump to:  

TinyPortal v1.0 beta 4 © Bloc
Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC
Valid XHTML 1.0! Valid CSS!
Page created in 0.073 seconds with 36 queries.