"False positives" from Anti-virus software

This forum contains threads from main General Chat forum older than 3 months.

Moderator: thunderchero

User avatar
thunderchero
Site Administrator aka Fleet Admiral
Site  Administrator aka Fleet Admiral
Posts: 6056
Joined: Fri Apr 25, 2008 2:00 am
Location: On a three month training mission, in command of the USS Valiant.
Contact:

"False positives" from Anti-virus software

Post by thunderchero » Tue May 18, 2010 8:21 pm

Please contact your Anti-virus company

With all the false positive on trek.icd I felt I had to temporarily remove all multi installer files. They are now all availible again

I suggest everyone ask your anti-virus software company why a 10 year old file is being flaged as a virus/worm or whatever.

I expect the ISO version will start reporting this problem too. since other game that use that type of file is also haviing same problem.

I have started testing and would like other to test multi installer without trek.icd file. this needs to be tested in single player as well as in multi player games.

I have started creating a multi installers without trek.icd so once testing is complete new files can be released quickly.

thunderchero
Last edited by thunderchero on Mon Nov 22, 2010 4:18 pm, edited 4 times in total.

User avatar
AlexMcpherson79
Commander
Commander
Posts: 280
Joined: Thu Sep 04, 2008 2:00 am

Post by AlexMcpherson79 » Wed May 19, 2010 12:28 am

Avast IS doesn't pick it up.

User avatar
Amazing
Cadet 3rd Year
Cadet 3rd Year
Posts: 13
Joined: Thu May 22, 2008 2:00 am
Location: Wishaw, Scotland

anti virus

Post by Amazing » Wed May 19, 2010 6:54 am

Hi. VIPRE is the program i use. it doens't pick up any virus's with the mult-installer. just thought i'd say, tell everyone about a program that lets you play the beloved game botf with no issues :)

User avatar
Tethys
Past Administrator
Past Administrator
Posts: 2065
Joined: Fri Jul 18, 2008 2:00 am
Location: Your mom's bed ;)
Contact:

Post by Tethys » Wed May 19, 2010 7:33 am

I did a direct shell extension scan of trek.idb with AVG Free 9.0.819 (latest afaik) and here are the results:


I have it scanning the entire Botf folder now, but I dont think its going to find anything this time either... i would rule it as a definite false positive... If AVG doesnt see it as a threat, I dont consider it a threat.. :P

Will post my results here regardless
Not for the weak of heart...
Image
GALM <--- GALM/Galaxies Mod

User avatar
thunderchero
Site Administrator aka Fleet Admiral
Site  Administrator aka Fleet Admiral
Posts: 6056
Joined: Fri Apr 25, 2008 2:00 am
Location: On a three month training mission, in command of the USS Valiant.
Contact:

Post by thunderchero » Wed May 19, 2010 9:55 pm

this is a search from AVIRA antivirus about TR/Spy.1781248

All other antivirus companies flagging this file use general listing

Win32:Malware-gen
Gen:Trojan.Heur.SzW@@xsM4eg
Gen.Trojan
Results 1 to 1 from 1 for TR/Spy.1781248

First worm reaches MySpace website
...First worm reaches MySpace website ... 7 December 2006 - The security of MySpace stands in jeopardy due to a modified Quicktime movie file. At the moment, anonyms try to spy out the user names and the passwords of the online community with the help of ...
URL: http://www.avira.ro/en/security_news/fi ... es_myspace_...
so what it took them 4 years to do something about it? and what dose this have to do with trek.icd file. trek.icd is not even a quicktime file.

I have sent them a tech support request for them to explain I guess we will wait to see what they have say.

I have also sent tech suport tickets to all other antivirus companys that have flagged this file.

I will try to keep everyone up to date on this post as I get replies from them.

thunderchero

User avatar
kosh2k
Cadet 1st Year
Cadet 1st Year
Posts: 2
Joined: Mon Apr 28, 2008 2:00 am

Post by kosh2k » Thu May 20, 2010 12:55 am

This seems to be a general Pattern false recogn. Everyonce in a while as they are adding more patterns, one will hit on an old encrypted file or keygen. How about you mention that in the download so that people are aware of it and then allow us to download if we want knowing the risk (if there is any, I mean the file is many years old and I have not seen any messages from anyone indicating any real danger.) my two cents worth
Also thank you for the all the great work and effort on the Multi installer - it has made BOTF much more managable.

User avatar
Selected
Ensign
Ensign
Posts: 31
Joined: Thu Apr 08, 2010 2:00 am
Location: Downtown.

Post by Selected » Thu May 20, 2010 5:12 am

You can still download mods just not on the fourms.
Here's the link for all the ATA other mods can be found if you scroll down.
Although I'm not sure if these versions of mods will be compatible with the new 1.03 multi installer that will be available for download soon.

http://www.4shared.com/file/DZ35QXVy/Al ... 2=403tNull

Hope that helps.
This signature is currently under consturction.

User avatar
thunderchero
Site Administrator aka Fleet Admiral
Site  Administrator aka Fleet Admiral
Posts: 6056
Joined: Fri Apr 25, 2008 2:00 am
Location: On a three month training mission, in command of the USS Valiant.
Contact:

Post by thunderchero » Thu May 20, 2010 8:35 am

Just a quick update,

all 6 antivirus companies have sent replies most wanted a sample file sent in password protected rar file.

here is list who I have contacted

AntiVir
F-Secure
GData
IKARUS
avast
BitDefender

I am hoping this will be resolved quickly so even cd installs will have no problems.

thunderchero

User avatar
thunderchero
Site Administrator aka Fleet Admiral
Site  Administrator aka Fleet Admiral
Posts: 6056
Joined: Fri Apr 25, 2008 2:00 am
Location: On a three month training mission, in command of the USS Valiant.
Contact:

Post by thunderchero » Thu May 20, 2010 8:39 am

first one is back from IKARUS
Dear Ladies and Gentlemen,
Sehr geehrte Damen und Herren,

Many thanks for the delivered file. ***** false-positive ***** The false positive was removed and should not occur any more after our next database update.
thunderchero

User avatar
robin1983
Ensign
Ensign
Posts: 27
Joined: Tue Apr 20, 2010 2:00 am

Post by robin1983 » Thu May 20, 2010 8:56 am

wow that is very sweet. i would think they would be a pain in the ass

can't wait to be able to download UDM 3.0

User avatar
thunderchero
Site Administrator aka Fleet Admiral
Site  Administrator aka Fleet Admiral
Posts: 6056
Joined: Fri Apr 25, 2008 2:00 am
Location: On a three month training mission, in command of the USS Valiant.
Contact:

Post by thunderchero » Thu May 20, 2010 9:34 am

here is #2 reply from F-Secure
Hello,
Thank you for your submission. The file you submitted is clean, the detection is a false alarm. A database update will be released to resolve this issue.

For the meantime, you may exclude this file from Real-time Scanning.

Instructions for exclusions can be found here:

Internet Security 2008 and 2009: http://www.f-secure.com/kb/15128

Internet Security 2010, Client Security 9: http://www.f-secure.com/kb/7423

For the latest database updates please visit this page: http://www.f-secure.com/en_EMEA/securit ... databases/

We apologize for any inconveniences that this may have brought you. Should you have further questions, please do not hesitate to email us again.

Best regards,

User avatar
thunderchero
Site Administrator aka Fleet Admiral
Site  Administrator aka Fleet Admiral
Posts: 6056
Joined: Fri Apr 25, 2008 2:00 am
Location: On a three month training mission, in command of the USS Valiant.
Contact:

Post by thunderchero » Thu May 20, 2010 10:22 am

Hi everyone,

With 2 comfirmed false positive I have added links back to download page for all multi installer downloads.

some changes were made in;

"main multi installer" the "trek.icd" file was removed. this file is no longer needed since installer does not use cd.

"All the Ages mod" error was corrected for normal ship building. this file has new reg setting so reinstalling would be required for multi player games.

thunderchero

User avatar
Tethys
Past Administrator
Past Administrator
Posts: 2065
Joined: Fri Jul 18, 2008 2:00 am
Location: Your mom's bed ;)
Contact:

Post by Tethys » Thu May 20, 2010 10:37 am

Awesome, i knew it was false positive if AVG didnt pick it up ha :P
Not for the weak of heart...
Image
GALM <--- GALM/Galaxies Mod

User avatar
thunderchero
Site Administrator aka Fleet Admiral
Site  Administrator aka Fleet Admiral
Posts: 6056
Joined: Fri Apr 25, 2008 2:00 am
Location: On a three month training mission, in command of the USS Valiant.
Contact:

Post by thunderchero » Thu May 20, 2010 10:46 am

Tethys wrote:Awesome, i knew it was false positive if AVG didnt pick it up ha :P
LOL after doing some searches back in 2006 AVG made same mistake with similar files from other games (BOTF may have also been effected)but was corrected quickly.

thunderchero

User avatar
thunderchero
Site Administrator aka Fleet Admiral
Site  Administrator aka Fleet Admiral
Posts: 6056
Joined: Fri Apr 25, 2008 2:00 am
Location: On a three month training mission, in command of the USS Valiant.
Contact:

Post by thunderchero » Thu May 20, 2010 6:32 pm

here is #3 reply from AVIRA (AntiVir)

Post Reply

Return to “General Chat Archive”

Who is online

Users browsing this forum: No registered users