Kaspersky keeps finding a trojan in the .exe file
Kaspersky keeps finding a trojan in the .exe file
Is no one else having a problem with Kaspersky Anti-Virus identifying DistantWorlds.exe as malware? I did a search here, but I'm not finding any posts about that, and it's been going on for some time.
I'd stopped playing for awhile this summer, when Kaspersky first decided that DistantWorlds.exe was a Trojan, and then I'm sorry to say that I forgot about it (busy with other stuff). But I wanted to get back into the game now, so I updated to the latest version of Shadows, and Kaspersky is still identifying the file as malware.
I can't restore the file without Kaspersky immediately deleting it again, so I can't send it to Kaspersky as a suspected false positive. I did report it, but since I can't send them the file itself, I don't seem to be getting anywhere.
But is it just me? As I say, I'm really surprised that no one else seems to have this problem. But either way, maybe Matrix Games should check with Kaspersky about this. Even if I'm the only gamer who uses Kaspersky, that might not last forever.
Bill
I'd stopped playing for awhile this summer, when Kaspersky first decided that DistantWorlds.exe was a Trojan, and then I'm sorry to say that I forgot about it (busy with other stuff). But I wanted to get back into the game now, so I updated to the latest version of Shadows, and Kaspersky is still identifying the file as malware.
I can't restore the file without Kaspersky immediately deleting it again, so I can't send it to Kaspersky as a suspected false positive. I did report it, but since I can't send them the file itself, I don't seem to be getting anywhere.
But is it just me? As I say, I'm really surprised that no one else seems to have this problem. But either way, maybe Matrix Games should check with Kaspersky about this. Even if I'm the only gamer who uses Kaspersky, that might not last forever.
Bill
RE: Kaspersky keeps finding a trojan in the .exe file
Its a known issue that the last two patches are marked as false positive by many anti-viruses. If you open Kaspersky and go to settings, there is a checkmark to disable auto-delete of infected files. You can also add your DW folder to the list of exceptions, Matrix even provided a guide.
Edit: Link to the guide: http://www.slitherine.com/forum/viewtop ... 34&t=45519
Also Google says Kaspersky are already working on an update.
Edit: Link to the guide: http://www.slitherine.com/forum/viewtop ... 34&t=45519
Also Google says Kaspersky are already working on an update.
RE: Kaspersky keeps finding a trojan in the .exe file
My Avast antivirus kept quarantining distantworlds.exe a few months ago. I had to shut avast off, start distant worlds, then start avast again. Avast had a link to inform them that the file was actually ok. Since the next avast virus database update the next day, I haven't had any problems.
I don't write Universal Law. I just live by it.
-
- Posts: 2846
- Joined: Wed Sep 11, 2013 1:35 pm
RE: Kaspersky keeps finding a trojan in the .exe file
so now you are starting to disbelieve your anti-virus software over a games .exe? If they make you start believing that stuff they can start to put anything in the .exe's If my antivirus ever says any game's .exe is bad that game is outta here.
RE: Kaspersky keeps finding a trojan in the .exe file
ORIGINAL: aaatoysandmore
so now you are starting to disbelieve your anti-virus software over a games .exe? If they make you start believing that stuff they can start to put anything in the .exe's If my antivirus ever says any game's .exe is bad that game is outta here.
Then you must not play a lot, or do a lot, with your PC. Virus software is a tool, no more. Many have dictated games as trojans just because the certificate on the DL file is not current, a naming fault, or any one of dozens of other possibilities. Just being on the internet leaves you open. You will get infected if you surf enough, it is inevitable. It's what you do to limit your exposure, and what to do to recover from infection, that counts.
If it ain't broke, don't fix it!
RE: Kaspersky keeps finding a trojan in the .exe file
ORIGINAL: aaatoysandmore
so now you are starting to disbelieve your anti-virus software over a games .exe? If they make you start believing that stuff they can start to put anything in the .exe's If my antivirus ever says any game's .exe is bad that game is outta here.
You really need to read a bit and understand what the AV engine does. As Lecivius noted, it could be any number of reasons - but one he missed is a simple binary comparison for a block of data in the file. I've seen JPEGs which triggered false positives... and I've never heard of JPEGs carrying a live virus (steganography aside).
To be honest, if a vendor wanted to slip a virus into it's product, you wouldn't detect it if it were written by a programmer who could code his way out of a wet paper bag. Yes, you're vulnerable - but doing so would be nothing short of suicide for any software vendor.
If you're -STILL- paranoid, check out virustotal.com or similar sites. If it's dinging bells with multiple AV engines, then you should look into it further. If it's only one, then chances are it's a false positive.
“That which can be asserted without evidence, can be dismissed without evidence.” ― Christopher Hitchens
RE: Kaspersky keeps finding a trojan in the .exe file
Look a Anti-virus tool look for pattern of known threats at the code. But since the threats changed weekly their code, the AV-tools rarely find a 100% match. Thats why they put a possible threat into quarantäne. So you can decide if you want keep or delete the file.
But no pattern search is perfect. Example the german word "weniger" means lesser. Serveral forums mark this word as bad word because of the "niger". But does it means this word is realy bad ?
But no pattern search is perfect. Example the german word "weniger" means lesser. Serveral forums mark this word as bad word because of the "niger". But does it means this word is realy bad ?
RE: Kaspersky keeps finding a trojan in the .exe file
ORIGINAL: Canute
Look a Anti-virus tool look for pattern of known threats at the code. But since the threats changed weekly their code, the AV-tools rarely find a 100% match. Thats why they put a possible threat into quarantäne. So you can decide if you want keep or delete the file.
There's a binary comparison - like testing for Eicar, or heuristic testing where it looks for dodgy behaviour - messing with the MBR or altering operating system files. It's actually pretty fascinating stuff that engine bods do.
http://en.wikipedia.org/wiki/Heuristic_analysis
ORIGINAL: Canute
But no pattern search is perfect.
Binary comparison isn't reliable. It's too easy to pack/encrypt executable code or otherwise hide it. Most engines have some sort of heuristic testing.
ORIGINAL: Canute
Example the german word "weniger" means lesser. Serveral forums mark this word as bad word because of the "niger". But does it means this word is realy bad ?
It's a racist derogatory term used for people of African descent. Though the etymology is completely different, some people get upset when the term "niggardly" is used. Just goes to show how political correctness overlaps so much with ignorance.
That sort of testing is like the binary comparison. It looks for specific black-listed strings in posts. That's why people will purposefully misspell words so they can post profanity on the forums.
“That which can be asserted without evidence, can be dismissed without evidence.” ― Christopher Hitchens
RE: Kaspersky keeps finding a trojan in the .exe file
Thanks for the replies. I don't feel comfortable with excluding any folder from my anti-virus software. Maybe I'm paranoid, but I've never had a problem with malware, and I don't want to start now. Still, I'm comfortable enough that DistantWorlds.exe isn't a trojan.
I would think, however, that this would be a big deal - a very big deal - for Matrix Games. So I was shocked that I couldn't find a post on the forum about it, when I searched. Still, maybe my search wasn't up to snuff, huh?
But, clearly, this is a known problem, and it's good to know that Kaspersky is working on a solution. (I haven't heard back from them myself.)
Thanks again for the replies!
Bill
I would think, however, that this would be a big deal - a very big deal - for Matrix Games. So I was shocked that I couldn't find a post on the forum about it, when I searched. Still, maybe my search wasn't up to snuff, huh?
But, clearly, this is a known problem, and it's good to know that Kaspersky is working on a solution. (I haven't heard back from them myself.)
Thanks again for the replies!
Bill
-
- Posts: 1824
- Joined: Mon Jan 16, 2006 4:11 pm
RE: Kaspersky keeps finding a trojan in the .exe file
ORIGINAL: WCG
Thanks for the replies. I don't feel comfortable with excluding any folder from my anti-virus software. Maybe I'm paranoid, but I've never had a problem with malware, and I don't want to start now. Still, I'm comfortable enough that DistantWorlds.exe isn't a trojan.
I would think, however, that this would be a big deal - a very big deal - for Matrix Games. So I was shocked that I couldn't find a post on the forum about it, when I searched. Still, maybe my search wasn't up to snuff, huh?
But, clearly, this is a known problem, and it's good to know that Kaspersky is working on a solution. (I haven't heard back from them myself.)
Thanks again for the replies!
Bill
Edit: Link to the guide: http://www.slitherine.com/forum/viewtop ... 34&t=45519
Also Google says Kaspersky are already working on an update.
Don't understand what you mean when matrix did address this issue.
Edit: Link to the guide: http://www.slitherine.com/forum/viewtop ... 34&t=45519
Also Google says Kaspersky are already working on an update.
So you must have missed it with your search and review of this thread. Have a good holiday and checkout the latest patch for Shadows if you get a chance.
RE: Kaspersky keeps finding a trojan in the .exe file
ORIGINAL: Tophat1812
Don't understand what you mean when matrix did address this issue.
I just meant that nothing came up when I searched the forum here.
Bill
- sventhebold
- Posts: 360
- Joined: Fri Dec 22, 2006 8:16 pm
- Location: From MN now AZ Prescott Valley
RE: Kaspersky keeps finding a trojan in the .exe file
Yes my game has also been sabotaged by Kaspersky and still does not work right.
Yes I changed the Kaspersky to standby. And it works now.
I hope they can straighten this out.
Yes I changed the Kaspersky to standby. And it works now.
I hope they can straighten this out.
ssgt usaf 84-91 f-15a/c ops puke 525 tfs & 7th tfs
RE: Kaspersky keeps finding a trojan in the .exe file
ORIGINAL: sventhebold
Yes my game has also been sabotaged by Kaspersky and still does not work right.
I went into the general protection settings of Kaspersky Anti-Virus and unchecked "Select action automatically." Then, when I restored DistantWorlds.exe, Kaspersky just warned me about it, so I could go ahead and play the game. (And I haven't had that warning again, not so far.)
Maybe that will work for you?
Good luck,
Bill
- CyclopsSlayer
- Posts: 583
- Joined: Fri Feb 10, 2012 11:49 pm
RE: Kaspersky keeps finding a trojan in the .exe file
I had this problem as well with ZoneAlarm, which uses Kaspersky code.
You need to mark DW's exe as an exception to the scan.
Follow the instructions here, should be similar for Kaspersky; http://www.matrixgames.com/forums/fb.asp?m=3501220
1 Choose 'Computer' view details
2 In 'Anti-virus & Anti-spyware' select 'Settings'
3 At the lower right select 'Advanced Settings'
4 From the list on the left of new dialogue box choose 'Exceptions'
5 Then click 'Add' on the lower right
6 Click 'Browse' in the next dialogue box
7 In the file locator window find your offending DW file and select it - then click 'Open'
Your DW file should now be excluded from checks by ZoneAlarm
Edit: The offending file for me was the downloaded zip file: DistantWorldsShadows-update19012.zip
Edit2: If the file is 'quarantined' then you need to 'restore' it from that area. After you have done so, follow instructions from 1 above.
You need to mark DW's exe as an exception to the scan.
Follow the instructions here, should be similar for Kaspersky; http://www.matrixgames.com/forums/fb.asp?m=3501220
1 Choose 'Computer' view details
2 In 'Anti-virus & Anti-spyware' select 'Settings'
3 At the lower right select 'Advanced Settings'
4 From the list on the left of new dialogue box choose 'Exceptions'
5 Then click 'Add' on the lower right
6 Click 'Browse' in the next dialogue box
7 In the file locator window find your offending DW file and select it - then click 'Open'
Your DW file should now be excluded from checks by ZoneAlarm
Edit: The offending file for me was the downloaded zip file: DistantWorldsShadows-update19012.zip
Edit2: If the file is 'quarantined' then you need to 'restore' it from that area. After you have done so, follow instructions from 1 above.
RE: Kaspersky keeps finding a trojan in the .exe file
Has Kaspersky already resolved this issue? I am a new user of Kaspersky and don't want to fiddle too much with it. This whole thing of them is holding me off from purchasing the Shadows expansion.
"A big butcher's bill is not necessarily evidence of good tactics"
- Wavell's reply to Churchill, after the latter complained about faint-heartedness, as he discovered that British casualties in the evacuation from Somaliland had been only 260 men.
- Wavell's reply to Churchill, after the latter complained about faint-heartedness, as he discovered that British casualties in the evacuation from Somaliland had been only 260 men.
RE: Kaspersky keeps finding a trojan in the .exe file
It's disappointing to see that after 8 days, no one bothers to answer. [:(]
Well, I actually purchased Shadows today - and Kaspersky still marks it as malware.
What I would like to know is, what's matrixgames' policy on this?
There's a guide over at the slitherine forum (btw, it's a "brilliant" solution to create the need to check three different forums on three different homepages to find relevant posts about one and the same game...) dated 21st October 2013 - we now have 5th January 2014, so the problem is an old one and known.
And I don't like the idea of having to create a "exclusion zone"!
Does anyone from matrixgames actually make any pressure on Kaspersky, which marks one of its products as malware, when it isn't?
Or does matrixgames' support end as soon as one hits the "purchase" button...
Well, I actually purchased Shadows today - and Kaspersky still marks it as malware.
What I would like to know is, what's matrixgames' policy on this?
There's a guide over at the slitherine forum (btw, it's a "brilliant" solution to create the need to check three different forums on three different homepages to find relevant posts about one and the same game...) dated 21st October 2013 - we now have 5th January 2014, so the problem is an old one and known.
And I don't like the idea of having to create a "exclusion zone"!
Does anyone from matrixgames actually make any pressure on Kaspersky, which marks one of its products as malware, when it isn't?
Or does matrixgames' support end as soon as one hits the "purchase" button...
"A big butcher's bill is not necessarily evidence of good tactics"
- Wavell's reply to Churchill, after the latter complained about faint-heartedness, as he discovered that British casualties in the evacuation from Somaliland had been only 260 men.
- Wavell's reply to Churchill, after the latter complained about faint-heartedness, as he discovered that British casualties in the evacuation from Somaliland had been only 260 men.
RE: Kaspersky keeps finding a trojan in the .exe file
Only way to get it removed is if Kaspersky users report it as a false positive to Kaspersky.
Somewhat ironic that Kaspersky got 0 false positives in the latest realworld protection test at AV-Comparatives.org.
Somewhat ironic that Kaspersky got 0 false positives in the latest realworld protection test at AV-Comparatives.org.
RE: Kaspersky keeps finding a trojan in the .exe file
Kaspersky is too aggressive and just causes more problems than it solves imo. In work I found it would silently block emulators, without even a warning. This caused much grief...