Spyware (BDS, Backdoor-Server-Program) in HiPiHi(?/!)

14 views
Skip to first unread message

Ric_Zero

unread,
Nov 13, 2007, 2:35:29 PM11/13/07
to Hipihi
During installing I get an alarm that a virus had been found in the
newly created "Uninstall.exe" (BDS/Bifrose.Gen).

I'm not sure what to make of it but I'll trust my antivirus program a
little more than HiPiHi. :(

I can't tell whether there is a backdoor program or not, since even if
there would be such program in action, it would be hidden! I did not
start the game rather erased it.

Note: The original HiPiHi_world_30014_sp2.exe file does not cause a
virus alarm!

Astarte

unread,
Nov 14, 2007, 6:03:20 AM11/14/07
to Hipihi
Which install are you using ?

Sue Baskerville ( SuezanneC Baskerville )

unread,
Nov 14, 2007, 10:15:37 AM11/14/07
to Hipihi
What antivirus program are you using? (I'm guessing Avira.)

It's probably a false positive.

Alternately, of course, it could be that you have a virus already that
has excaped detection which has infected the uninstall.exe file.

Did you get the Hipihi installation file directly from the Hipihi
site?

Astarte

unread,
Nov 14, 2007, 11:27:35 AM11/14/07
to Hipihi
Have just checked current download accessible direct through HiPiHi
site. No errors or warnings with Norton antivirus (fully updated) or
all other antivirus/antispyware running on my system. so not sure
where your error is occuring.

Ric_Zero

unread,
Nov 15, 2007, 8:17:01 AM11/15/07
to Hipihi


On 14 Nov., 16:15, "Sue Baskerville ( SuezanneC Baskerville )"
<sueza...@gmail.com> wrote:
> What antivirus program are you using? (I'm guessing Avira.)
Right. ;)

> It's probably a false positive.
Could be. I'll download and install it again, and then I'll send in
the file for closer inspection.

> Alternately, of course, it could be that you have a virus already that
> has excaped detection which has infected the uninstall.exe file.
No, that's as likely as I'll live for 648 years

> Did you get the Hipihi installation file directly from the Hipihi
> site?
Yes, tried (and installed) twice.

Ric_Zero

unread,
Nov 15, 2007, 8:21:03 AM11/15/07
to Hipihi


On 14 Nov., 17:27, Astarte <a...@g-macc.co.uk> wrote:
> Have just checked current download accessible direct through HiPiHi
> site. No errors or warnings with Norton antivirus (fully updated) or
> all other antivirus/antispyware running on my system. so not sure
> where your error is occuring.
>
I'm not sure what you mean with "checked"? Did you 'install' HiPiHi or
just checked the downloaded file?

Astarte

unread,
Nov 15, 2007, 8:28:23 AM11/15/07
to Hipihi
Have reinstalled from the current HiPiHi direct download, with no
problems :)

Sue Baskerville ( SuezanneC Baskerville )

unread,
Dec 13, 2007, 4:32:58 AM12/13/07
to Hipihi
I have just gotten the bifrose.YM virus warning while downloading
Hipihi 40012. My antivirus program, AVG, gives a lot of false
positives.

I've posted this now in the HIpihi forums, if anyone else gets a
similar message, please post in in forums.hipihi.com and send an email
to sup...@hipihi.com.

The story that Hipihi has a virus in it is now in wikipedia for the
entire world to read every time anyone looks up Hipihi. I told the
Hipihi folks that they need to check on stuff like that and correct it
when appropriate.

I told my antivirus program to ignore it, but the Hipihi folks need to
deal with this. A big company can and should test their programs with
more than one antivirus program so as to avoid causing people to get
false positives, and to reduce the chance they've managed to get a
virus on their own systems that snuck past their anti-virus program.
Hipihi uses Kaspersky, by the way.

SS HiPiHi

unread,
Jan 1, 2008, 9:29:45 PM1/1/08
to Hipihi
Grisoft has confirmed that HiPiHi uninstall.exe file is virus-free and
detection of this file was false alarm. They have released new virus
base that solves this false alarm. Please update your AVG and scan
your files again.

You can restore already removed files from your AVG Virus Vault this
way:
open this Vault (in AVG -> upper menu Program -> Launch Virus
Vault), right-click on the file and choose Restore File(s)

Cheers!

Sue Baskerville ( SuezanneC Baskerville )

unread,
Jan 2, 2008, 12:41:42 AM1/2/08
to Hipihi
This is good to hear. I know the folks at Hipihi were in touch with
Grisoft about the matter.

As a result of this annoying false positive from Grisoft's AVG,. I had
downloaded and installed the free version of Avira AntiVir , and it
also provide a report of a problem in the Hipihi uninstalll file.
Avira AntiVir has some functions that the AVG program doesn't have,
but on the other has some annoying aspects itself that Grisoft's AVG
doesn't have.

I am uninstalling the Avira Antivir program at this moment.

Ric_Mollor

unread,
Feb 2, 2008, 9:39:08 PM2/2/08
to Hipihi
For what it's worth I ran the file in question through the suite of
scanners at virustotal.com and got these results. If the uninstall
file was *not* infected certainly quite a few antivirus programs felt
otherwise.

The current uninstall fares much better with only F-Prot (W32/
Heuristic-159!Eldorado) and Panda (Suspicious file) finding problems

Apologies for the poor formatting. This is just copy/paste from the
results page

-----------------------------Scan results
below-------------------------------
Antivirus Version Last Update Result
AhnLab-V3 2008.2.3.10 2008.02.02 Win-Trojan/Packed.43834
AntiVir 7.6.0.61 2008.02.01 HEUR/Crypted
Authentium 4.93.8 2008.02.01 -
Avast 4.7.1098.0 2008.02.02 Win32:Bifrose-BNX
AVG 7.5.0.516 2008.02.02 -
BitDefender 7.2 2008.02.03 Trojan.Packed.64
CAT-QuickHeal 9.00 2008.02.01 (Suspicious) - DNAScan
ClamAV 0.92 2008.02.03 -
DrWeb 4.44.0.09170 2008.02.02 -
eSafe 7.0.15.0 2008.01.28 Suspicious File
eTrust-Vet 31.3.5504 2008.02.01 -
Ewido 4.0 2008.02.02 -
FileAdvisor 1 2008.02.03 -
Fortinet 3.14.0.0 2008.02.02 -
F-Prot 4.4.2.54 2008.02.02 -
F-Secure 6.70.13260.0 2008.02.01 W32/Bifrose.LMK
Ikarus T3.1.1.20 2008.02.03 Trojan.Packed.64
Kaspersky 7.0.0.125 2008.02.03 -
McAfee 5221 2008.02.01 -
Microsoft 1.3204 2008.02.03 -
NOD32v2 2845 2008.02.02 -
Norman 5.80.02 2008.02.01 W32/Bifrose.LMK
Panda 9.0.0.4 2008.02.02 -
Prevx1 V2 2008.02.03 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.02 Mal/Packer
Sunbelt 2.2.907.0 2008.02.02 VIPRE.Suspicious
Symantec 10 2008.02.02 Trojan Horse
TheHacker 6.2.9.206 2008.02.02 -
VBA32 3.12.6.0 2008.02.02 -
VirusBuster 4.3.26:9 2008.02.02 -
Webwasher-Gateway 6.6.2 2008.02.03 Heuristic.Crypted

Sue Baskerville ( SuezanneC Baskerville )

unread,
Feb 3, 2008, 12:38:12 AM2/3/08
to Hipihi
I don't think it's real surprising that a lot of antivirus programs
that check for signatures would at times share false positives.

I don't recall hearing of this virustotal service before. I may have
simply failed to check it out and forgotten it.

The fact that half the programs say "safe" and the other half say
"beware" is interesting.

Your post might be more effectively made in the Hipihi forums. The
Overseas Zones accomodates English speakers. I posting about this
there now on the other computer.

I started sending files in the Second Life folder to virustotal.
Fortinet reports fmod.dll is supsicious. I' guess this will be the
end of roleplay in Second Life. Or maybe it will mean more furries.
(SL in-jokes).

Sue Baskerville ( SuezanneC Baskerville )

unread,
Feb 28, 2008, 9:58:50 AM2/28/08
to Hipihi

The latest version of Hipihi - 50012 - is clean when checked with
the virustotal service, I believe.


On Feb 2, 11:38 pm, "Sue Baskerville ( SuezanneC Baskerville )"
Reply all
Reply to author
Forward
0 new messages