I don't think GamersGate are going to be too happy with these companies
after I email them and tell them what they are claiming about their game
patches. GamersGate is a multi-million dollar (perhaps billions now)game
service site owned by the award winning game developer Paradox
Interactive and not some fly by night malware developer douchebag.
http://en.wikipedia.org/wiki/GamersGate#GamersGate
GamersGate AB is a digital distribution service formerly operated by
Paradox Interactive. In addition to Paradox Interactive titles,
GamersGate distributes games from third party publishers, including
distribution partnerships with THQ and Atari. GamersGate commenced trial
operations in April 2006 and officially launched (entitled "Gamer's
Gate") on November 20, 2006.[2]
GamersGate does not require an application to manage downloads as some
other services do.
http://www.gamersgate.com/info/faq-7
Virus / trojan detected in the download?
There are NO viruses or trojans in the download. Its likely your
anti-virus program having what is called a "false positive". It may have
found something in the heuristic search, which is not always 100%
accurate. The games iare delivered from developers and publishers, so
the risk of having an infected download is minimal.
--
KristleBawl
"From this time forward, you will service...US!" Locutus/Picard
Taglines by http://tagzilla.mozdev.org
> There are NO viruses or trojans in the download. Its likely your
> anti-virus program having what is called a "false positive". It may have
> found something in the heuristic search, which is not always 100%
> accurate. The games iare delivered from developers and publishers, so
> the risk of having an infected download is minimal.
>
Yes, but both Avira and Malwarebytes claim files are Trojans when they
are not far too often and make me waste my time making sure they are
false positives. I once set Avira to it's most secure mode and when it
scanned my external HDD loaded with game patches, mods, nocd cracks etc.
it cliamed about 150 files were Trojans and of course it wasn't correct
about even one of the files. Perhaps that helps explain why some people
choose to use their own safe hex methods instead of relying on such
obviously flawed amti-malware software.
| kristlebawl wrote:
I assume "it's most secure mode" is meant to be its highest heuristic detection mode.
Assuming this...
The highest heuristic detection mode doesn't equate to "it's most secure mode". That's
would be a misperception on your part.
*ALL* anti malware suffer from False Postives to one degree or another.. Heuristics is a
way to catch malware that direct signatures fail to detect. As you increase the hueristic
level you increase the propensity to have False Positives.
If you don't like False Positices, dial back or disable heuristic scanning.
It is also presumptuaous tho say because of the above factor, anti malware is flawed. On
the contrary, your presumption is flawed.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
> It is also presumptuaous tho say because of the above factor, anti malware is flawed. On
> the contrary, your presumption is flawed.
>
No it isn't because it is set back to default heuristics mode already
and I am a betting man that if I installed Avast it would not give me
the same false positive so that would make both Avira and Malwarebytes
flawed in their detection ability. I have not installed Avast so have no
idea if it will detect those same two game patches as Trojans but from
past experience of using Avast I am betting it won't. Up to the challenge?
You may think this is a minor inconvenience to the customer but I am
sure you are aware that there have been many customers in the past who
are neophytes and have had their computer rendered useless because they
let the AV prog delete or quarantine the file that was a false positive
because they didn't check to make sure it was a false positive first. To
make AV progs better and less flawed all of them should warn the user of
the potential that the detected virus is possibly a false positive and
to get a second opinion before allowing the AV prog to delete or
quarantine the file. Another flaw is the fact that some AV progs are set
to default to quarantine the file with no user interaction needed unless
they change the setting first. Many noobs never even look at the
settings so quarantine or delete should never be the default setting.
The fact you are not willing to consider constructive criticism is a
flaw so back off jack.
Well the right thing to do is report the false positive, to the
developers so they can fix it.
I doubt there are any antivirus or antimalware product that has not had
a false positive.
John
> David H. Lipman wrote:
>
>> It is also presumptuaous tho say because of the above factor, anti
>> malware is flawed. On the contrary, your presumption is flawed.
>>
>
> No it isn't because it is set back to default heuristics mode already
> and I am a betting man that if I installed Avast it would not give me
> the same false positive so that would make both Avira and Malwarebytes
> flawed in their detection ability. I have not installed Avast so have no
> idea if it will detect those same two game patches as Trojans but from
> past experience of using Avast I am betting it won't. Up to the
> challenge?
>
I'll take that bet(you lost already)!
It has been my experience that avast has it's false positives and has
hosed my internet connection more than once due to an FP. It was a good
thing that I had another computer running AntiVir so I was able to
download the updated avast def file and manually update avast. I have
never experienced that on any system running AntiVir.
> You may think this is a minor inconvenience to the customer but I am
> sure you are aware that there have been many customers in the past who
> are neophytes and have had their computer rendered useless because they
> let the AV prog delete or quarantine the file that was a false positive
> because they didn't check to make sure it was a false positive first. To
> make AV progs better and less flawed all of them should warn the user of
> the potential that the detected virus is possibly a false positive and
> to get a second opinion before allowing the AV prog to delete or
> quarantine the file. Another flaw is the fact that some AV progs are set
> to default to quarantine the file with no user interaction needed unless
> they change the setting first. Many noobs never even look at the
> settings so quarantine or delete should never be the default setting.
> The fact you are not willing to consider constructive criticism is a
> flaw so back off jack.
>
Many AV's are set up at a 4th grade reading level so I don't know about
the AV displaying a message telling the user that, "it may be a false
positive","you should get a second opinion","do you really want to do
this?",etc.
Quarrantine not delete should be the default setting for every AV product
IMO.
and that would be Mr.jack to you.
--
Max Wachtel
This post was created using Opera@USB: http://www.opera-usb.com
Virus Removal Instructions
http://sites.google.com/site/keepingwindowsclean/home
Max's Favorite Freeware
http://sites.google.com/site/keepingwindowsclean/freeware
> Well the right thing to do is report the false positive, to the
> developers so they can fix it.
I just did by posting here. I know Dustin is from Malwarebytes but I
don't know if Avira has anyone monitoring this group but they might.
> I doubt there are any antivirus or antimalware product that has not had
> a false positive.
True, but that doesn't mean I should just accept the status quo and
never expect improvements to be made. It's feedback that brings about
improvements and that is exactly why I posted what I did. What I don't
like are people who think I should just STFU and take it up the ass.
> I'll take that bet(you lost already)!
Prove it. Scan the two files I mentioned and report what Avast finds. If
you don't then you have won no bet. I am still betting Avast doesn't
give false positive on those same two files. The files are the two game
patches to Takeda3. They should be available via The Patches Scrolls too
and not just on the GamersGate site so you don't need to join GamerGate
and buy the game to download them. I contacted GamersGate about it and
was told the files are just renamed files but exactly the same as the
files available publicly. Here's what I am betting, Avira and
Malwarebytes flagged those two files just because they have the word
"Gate" in them and no other reason. That's how dumb these progs really
are and is why I would never pay a penny for them.
> Quarrantine not delete should be the default setting for every AV
> product IMO.
If it quarantines a needed system file and you reboot your PC then you
are hosed. I think thye should just warn the user by default and if they
want to quarantine by default then make that purely a user option.
Not long ago AVG hosed thousands of noobs computers for doing exactly
what you suggest. Look it up.
> and that would be Mr.jack to you.
Ok, Mr. Jack. :)
> Maximus the Mad wrote:
I am not going to search the net for the file you're talking about but
here are two links where you should post your issues.
http://www.malwarebytes.org/forums/
http://forum.avira.com/wbb/index.php?langid=1
It is true that Dustin is often here, however for fastest results I
would reccommend the malwarebytes support forums
They ask that you run the mbam.exe with the /developer switch and post
the log
>
>> I doubt there are any antivirus or antimalware product that has not
>> had a false positive.
>
> True, but that doesn't mean I should just accept the status quo and
> never expect improvements to be made. It's feedback that brings about
> improvements and that is exactly why I posted what I did. What I don't
> like are people who think I should just STFU and take it up the ass.
I should have been clearer that there are better places to post/submit
the info to make sure you get the results you are looking for.
John
> It is true that Dustin is often here, however for fastest results I
> would reccommend the malwarebytes support forums
>
> They ask that you run the mbam.exe with the /developer switch and post
> the log
Yes, I know, but I hate going through the hassle of registering on web
forums just to make one post and is why I post here instead. The
developers know that the smarter people still use Usenet and not
pussified web forums. ;)
> John Mason Jr wrote:
that is the wrong attitude. be a help.
>
> that is the wrong attitude. be a help.
Seeing as GamersGate says in their FAQ that they are false positives I
expect Avira etc. are well aware of the false positive issues so it
would be just a waste of my time and no help at all. I'm just here to
bitch because I have had numerous hours of my time wasted by false
positives and never a real virus found.
Then install Avast and stop whining about it.
> And both are wrong, once again. Avira keeps warning me about the
> Trojan even though I have told it to ignore the 2 files ten times
> already. Jesus-fucking-Christ! This anti-malware software is becoming
> far more annoying than any threat of real malware. Numerous times now
> I have had hours of my time wasted because I had to make sure the
> false-positives were truly false and never once has either program
> found any real malware on my PCs.
I'm sorry our software has caused you such a hassle. If you'd be willing
to post on the forums we maintain, we'd be able to get those issues
cleared up for you faster (most likely) than doing it yourself and
spending those hours.. wasted. With that said, we don't intentionally
detect legimitate software. Many reasons do exist for that occasionally
occuring. We are quick to correct them, when/if we find out they exist.
:) Usenet really isn't the best way for us to monitor that however.
> I don't think GamersGate are going to be too happy with these
> companies after I email them and tell them what they are claiming
> about their game patches. GamersGate is a multi-million dollar
> (perhaps billions now)game service site owned by the award winning
> game developer Paradox Interactive and not some fly by night malware
> developer douchebag.
I have heard several people make remarks like so and so company isn't
going to like this. Evidently, you seem to be under the mistaken
impression that so and so company has anything to do with our decision to
or not to add something to the database. In this case, it's most likely a
false positive and not intentional on our part. However, please don't
mistakenly assume we will bow to pressure from any company; It doesn't
work that way.
--
Dustin Cook [Malware Researcher]
MalwareBytes - http://www.malwarebytes.org
BugHunter - http://bughunter.it-mate.co.uk
> John Mason Jr wrote:
>
>> Well the right thing to do is report the false positive, to the
>> developers so they can fix it.
>
> I just did by posting here. I know Dustin is from Malwarebytes but I
> don't know if Avira has anyone monitoring this group but they might.
Actually, no. I am from malwarebytes, yes; but I am not one of the
developers. I'm one of the researchers. You really do need to follow
protocol. I monitor this forum on my own time for my own reasons. I can't
even help you with the issue your having because you haven't provided the
developer logs or samples. So really, our forum is the place for this. Not
here.
> True, but that doesn't mean I should just accept the status quo and
> never expect improvements to be made. It's feedback that brings about
> improvements and that is exactly why I posted what I did. What I don't
> like are people who think I should just STFU and take it up the ass.
Feedback sent to the people who are in the best position to help you, yes.
We maintain our forum for the benefit of our users. In fact,it really is
the best way for you to contact us with any problems with the software. We
can get them cleared up quickly for you this way.
You mean the anti virus software that had a False Positive of VBS:Zulu on Microsoft web
pages that lasted 2 months ?
I'm not trying to suggest that the particular issue you are having is
not a false positive as I have no information to refute your
conclusions, but GamersGate also says in their FAQ that "The games are
delivered from developers and publishers, so the risk of having an
infected download is minimal". I would call that a clear message that
they are not guarantying that their downloads are clean, and as such
they should always be scanned by your security software before use. I
would rather have a few false positives from time to time than
increase the risk of infection because a malware detection program was
playing it safe when it came to false positive detections. YMMV
> I am not going to search the net for the file you're talking about but
> here are two links where you should post your issues.
> http://www.malwarebytes.org/forums/
> http://forum.avira.com/wbb/index.php?langid=1
I don't feel like registering for web forums. I can't remember the name
of the web site that scans files for you over the web using multiple
scanners and want to scan the file there to see what results I get. You
know the site I am talking about?
> I am not going to search the net for the file you're talking about but
> here are two links where you should post your issues.
> http://www.malwarebytes.org/forums/
> http://forum.avira.com/wbb/index.php?langid=1
I don't feel like registering for web forums. I can't remember the name
| I don't feel like registering for web forums. I can't remember the name
| of the web site that scans files for you over the web using multiple
| scanners and want to scan the file there to see what results I get. You
| know the site I am talking about?
If you don't provide direct feedback to the vendor with the file(s) then you are wasting
your time and the news group reader's time.
I'll tell 'ya what. Upload the files to http://www.uploadmalware.com/
Mark in the submission that they are FPs for me. I will provide them to Malwarebytes and
Avira personnel for their inspection.
No registration is needed to submit files at UploadMalware.Com .
> I'm not trying to suggest that the particular issue you are having is
> not a false positive as I have no information to refute your
> conclusions, but GamersGate also says in their FAQ that "The games are
> delivered from developers and publishers, so the risk of having an
> infected download is minimal". I would call that a clear message that
> they are not guarantying that their downloads are clean, and as such
> they should always be scanned by your security software before use. I
> would rather have a few false positives from time to time than
> increase the risk of infection because a malware detection program was
> playing it safe when it came to false positive detections. YMMV
>
I know and I asked them to scan the files in question anyway but they
never got back to me. What's the name of that site where it has multiple
scanners and you can scan files from within your web browser? Know the
site I mean? I will double check the files there.
> We maintain our forum for the benefit of our users. In fact,it really is
> the best way for you to contact us with any problems with the software. We
> can get them cleared up quickly for you this way.
I don't have any problems with the software as such, just saying both
Malwarebytes and Avira are detectiong the same Trojan in the same 2 files.
> I'll tell 'ya what. Upload the files to http://www.uploadmalware.com/
>
> Mark in the submission that they are FPs for me. I will provide them to Malwarebytes and
> Avira personnel for their inspection.
> No registration is needed to submit files at UploadMalware.Com .
>
OK, done. I didn't provide real email address so post back here what you
find, thanks.
> virustotal.com
>
>
Thanks. Here are the results, some say Trojan but most don't.
Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.11.30 -
AhnLab-V3 5.0.0.2 2009.11.30 -
AntiVir 7.9.1.79 2009.11.30 TR/Pasta.eoa
Antiy-AVL 2.0.3.7 2009.11.30 Trojan/Win32.Pasta.gen
Authentium 5.2.0.5 2009.11.30 -
Avast 4.8.1351.0 2009.11.30 -
AVG 8.5.0.426 2009.11.30 -
BitDefender 7.2 2009.11.30 -
CAT-QuickHeal 10.00 2009.11.30 Trojan.Pasta.dkb
ClamAV 0.94.1 2009.11.30 -
Comodo 3091 2009.11.30 -
DrWeb 5.0.0.12182 2009.11.30 -
eSafe 7.0.17.0 2009.11.30 -
eTrust-Vet 35.1.7148 2009.11.30 -
F-Prot 4.5.1.85 2009.11.30 -
F-Secure 9.0.15370.0 2009.11.29 -
Fortinet 4.0.14.0 2009.11.30 W32/Pasta.EOA!tr
GData 19 2009.11.30 -
Ikarus T3.1.1.74.0 2009.11.30 -
Jiangmin 11.0.800 2009.11.29 -
K7AntiVirus 7.10.906 2009.11.27 -
Kaspersky 7.0.0.125 2009.11.30 Trojan.Win32.Pasta.eoa
McAfee 5818 2009.11.30 -
McAfee+Artemis 5818 2009.11.30 Artemis!1A016F11A071
McAfee-GW-Edition 6.8.5 2009.11.30 Trojan.Pasta.eoa
Microsoft 1.5302 2009.11.30 -
NOD32 4649 2009.11.30 -
Norman 6.03.02 2009.11.30 -
nProtect 2009.1.8.0 2009.11.28 -
Panda 10.0.2.2 2009.11.30 Suspicious file
PCTools 7.0.3.5 2009.11.30 -
Prevx 3.0 2009.11.30 High Risk Cloaked Malware
Rising 22.24.00.09 2009.11.30 -
Sophos 4.48.0 2009.11.30 -
Sunbelt 3.2.1858.2 2009.11.29 Encrypted Archive
Symantec 1.4.4.12 2009.11.30 -
TheHacker 6.5.0.2.081 2009.11.28 Trojan/Pasta.axh
TrendMicro 9.100.0.1001 2009.11.30 -
VBA32 3.12.12.0 2009.11.30 Trojan.Win32.Pasta.diq
ViRobot 2009.11.30.2062 2009.11.30 -
VirusBuster 5.0.21.0 2009.11.30 Trojan.Pasta.AQS
Additional information
File size: 2715977 bytes
MD5 : 1a016f11a0717b459971d4ecd5f44c7b
SHA1 : 1498abb74161f63410fa6a7d9cd3c0f8f592f47a
SHA256: ee824066d3be12b704304d1907cb39a9b50bed21c88cfdb56ef85b482c6ecfcf
PEInfo: PE Structure information
> I'm sorry our software has caused you such a hassle. If you'd be willing
> to post on the forums we maintain, we'd be able to get those issues
> cleared up for you faster (most likely) than doing it yourself and
> spending those hours.. wasted. With that said, we don't intentionally
> detect legimitate software. Many reasons do exist for that occasionally
> occuring. We are quick to correct them, when/if we find out they exist.
> :) Usenet really isn't the best way for us to monitor that however.
> I have heard several people make remarks like so and so company isn't
> going to like this. Evidently, you seem to be under the mistaken
> impression that so and so company has anything to do with our decision to
> or not to add something to the database. In this case, it's most likely a
> false positive and not intentional on our part. However, please don't
> mistakenly assume we will bow to pressure from any company; It doesn't
> work that way.
>
>
>
I was very tired and over-reacted, sorry. I don't get enough sleep and
it makes me irritable when I don't. It's not just your prog that is
detecting the Trojan any way and quite a few are but not the majority of
scanners. I posted the results in a post a few up but it is a bit of a
mess to read due to formatting when posting plain text from HTML. I will
consider joining Malwarebytes forum because I wanted to ask why the
right click context menu doesn't show in Vista/Win7 anyway.
| David H. Lipman wrote:
Got it ~2.6MB installer. It's late for me so I hope you don't mind I work on this
Tomorrow, Thursday 12/3.
> Got it ~2.6MB installer. It's late for me so I hope you don't mind I work on this
> Tomorrow, Thursday 12/3.
>
OK, no rush as I am fairly sure it is just false positive but quite a
lot of scanners flagged it as a Trojan at that multiple scanner site so
need to be 100% certain about the file.
http://virusscan.jotti.org/en
http://www.virustotal.com/
Takedn from another post in a.c.a-v
Thread: AVAST GONE BESERK
"From AVAST Site:
Issue
On Thursday 3.12. 2009 avast! had a bad false positive issue. At around 12:15 AM GMT we
released VPS update 091203-0 which started flagging hundreds of innocent files as a
'Win32:Delf-MZG' Trojan (or, in less common cases, as 'Win32:Zbot-MKK). Among the files
affected were high-profile programs produced by Adobe, Realtek, sound card drivers,
various media players etc.
Solution
On Thursday 3.12. 2009 at 5:50 AM GMT, another VPS update 091203-1 was released, fixing
the issue (for both 'Win32:Delf-MZG and Win32:Zbot-MKK). If you're still using the bad VPS
091203-0 we recommend to invoke a VPS update immediately. To restore false positive files
from avast! Virus Chest please follow the instruction in the following article:"
> http://virusscan.jotti.org/en
> http://www.virustotal.com/
Thanks but someone already posted virustotal link yesterday so have
already scanned it with that. Numerous scanners are flagging it but not
most. I posted results somewhere in this thread already.
It's been sent to us. I'll let you know what we find....
> It's been sent to us. I'll let you know what we find....
>
>
OK, thanks.
Hi Wile.
I took a look at the sample file we've recieved myself, so I could get you
updated on it. Non of the files inside are executables themselves. So it's
very likely a false positive; and this should be cleared up soon. Sorry for
the inconvenience.
| "Wile E. Coyote" <coy...@ACME.invalid> wrote in
| news:WD1Qm.27160$kY2....@newsfe01.iad:
| Hi Wile.
| I took a look at the sample file we've recieved myself, so I could get you
| updated on it. Non of the files inside are executables themselves. So it's
| very likely a false positive; and this should be cleared up soon. Sorry for
| the inconvenience.
Some information was that it was unusually packed and that may have been the red flag.
| David H. Lipman wrote:
>> From: "Dustin Cook" <bughunte...@gmail.com>
>> | Hi Wile.
Here's what to do...
Send the file in a password protected ZIP file with the password being; infected
{ password = infected }
Send it to; vi...@antivir.de
With the subject; Possible False Positive.
State all information you know about the file in the body of the email.
> Here's what to do...
>
> Send the file in a password protected ZIP file with the password being; infected
> { password = infected }
>
> Send it to; vi...@antivir.de
>
> With the subject; Possible False Positive.
>
> State all information you know about the file in the body of the email.
>
Will that stop Avira from detecting it as a virus? I know it's not a
virus so no point in sending another file to you again. What I want is
Avira to stop detecting it when I tell it to ignore the file but it
isn't so guess I have to go register at Avira and make a complaint and
hope they can fix the issue.
> Will that stop Avira from detecting it as a virus? I know it's not a
> virus so no point in sending another file to you again. What I want is
> Avira to stop detecting it when I tell it to ignore the file but it
> isn't so guess I have to go register at Avira and make a complaint and
> hope they can fix the issue.
Ignore this, today I looked deeper into Avira's settings and found the
expert mode so now have excluded that file from both the guard and
scanner so it should no longer be detecting it even if it was a real virus.
| Wile E. Coyote wrote:
:-)