Matrix Games Forums

Forums  Register  Login  Photo Gallery  Member List  Search  Calendars  FAQ 

My Profile  Inbox  Address Book  My Subscription  My Forums  Log Out

Kaspersky keeps finding a trojan in the .exe file

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [New Releases from Matrix Games] >> Distant Worlds Series >> Tech Support >> Kaspersky keeps finding a trojan in the .exe file Page: [1]
Login
Message << Older Topic   Newer Topic >>
Kaspersky keeps finding a trojan in the .exe file - 12/20/2013 6:00:56 PM   
WCG

 

Posts: 60
Joined: 5/30/2013
Status: offline
Is no one else having a problem with Kaspersky Anti-Virus identifying DistantWorlds.exe as malware? I did a search here, but I'm not finding any posts about that, and it's been going on for some time.

I'd stopped playing for awhile this summer, when Kaspersky first decided that DistantWorlds.exe was a Trojan, and then I'm sorry to say that I forgot about it (busy with other stuff). But I wanted to get back into the game now, so I updated to the latest version of Shadows, and Kaspersky is still identifying the file as malware.

I can't restore the file without Kaspersky immediately deleting it again, so I can't send it to Kaspersky as a suspected false positive. I did report it, but since I can't send them the file itself, I don't seem to be getting anywhere.

But is it just me? As I say, I'm really surprised that no one else seems to have this problem. But either way, maybe Matrix Games should check with Kaspersky about this. Even if I'm the only gamer who uses Kaspersky, that might not last forever.

Bill


_____________________________

Post #: 1
RE: Kaspersky keeps finding a trojan in the .exe file - 12/20/2013 6:17:09 PM   
Deathball

 

Posts: 117
Joined: 4/3/2012
Status: offline
Its a known issue that the last two patches are marked as false positive by many anti-viruses. If you open Kaspersky and go to settings, there is a checkmark to disable auto-delete of infected files. You can also add your DW folder to the list of exceptions, Matrix even provided a guide.

Edit: Link to the guide: http://www.slitherine.com/forum/viewtopic.php?f=234&t=45519
Also Google says Kaspersky are already working on an update.

< Message edited by Deathball -- 12/20/2013 7:23:36 PM >

(in reply to WCG)
Post #: 2
RE: Kaspersky keeps finding a trojan in the .exe file - 12/20/2013 6:18:54 PM   
RockKahn

 

Posts: 165
Joined: 10/27/2011
From: USA
Status: offline
My Avast antivirus kept quarantining distantworlds.exe a few months ago. I had to shut avast off, start distant worlds, then start avast again. Avast had a link to inform them that the file was actually ok. Since the next avast virus database update the next day, I haven't had any problems.

_____________________________

I don't write Universal Law. I just live by it.

(in reply to WCG)
Post #: 3
RE: Kaspersky keeps finding a trojan in the .exe file - 12/20/2013 6:27:21 PM   
aaatoysandmore

 

Posts: 2855
Joined: 9/11/2013
Status: offline
so now you are starting to disbelieve your anti-virus software over a games .exe? If they make you start believing that stuff they can start to put anything in the .exe's If my antivirus ever says any game's .exe is bad that game is outta here.

(in reply to RockKahn)
Post #: 4
RE: Kaspersky keeps finding a trojan in the .exe file - 12/20/2013 6:45:48 PM   
Lecivius


Posts: 6228
Joined: 8/5/2007
From: Denver
Status: offline

quote:

ORIGINAL: aaatoysandmore

so now you are starting to disbelieve your anti-virus software over a games .exe? If they make you start believing that stuff they can start to put anything in the .exe's If my antivirus ever says any game's .exe is bad that game is outta here.


Then you must not play a lot, or do a lot, with your PC. Virus software is a tool, no more. Many have dictated games as trojans just because the certificate on the DL file is not current, a naming fault, or any one of dozens of other possibilities. Just being on the internet leaves you open. You will get infected if you surf enough, it is inevitable. It's what you do to limit your exposure, and what to do to recover from infection, that counts.

(in reply to aaatoysandmore)
Post #: 5
RE: Kaspersky keeps finding a trojan in the .exe file - 12/20/2013 8:11:32 PM   
Kayoz


Posts: 1516
Joined: 12/20/2010
From: Timbuktu
Status: offline

quote:

ORIGINAL: aaatoysandmore

so now you are starting to disbelieve your anti-virus software over a games .exe? If they make you start believing that stuff they can start to put anything in the .exe's If my antivirus ever says any game's .exe is bad that game is outta here.


You really need to read a bit and understand what the AV engine does. As Lecivius noted, it could be any number of reasons - but one he missed is a simple binary comparison for a block of data in the file. I've seen JPEGs which triggered false positives... and I've never heard of JPEGs carrying a live virus (steganography aside).

To be honest, if a vendor wanted to slip a virus into it's product, you wouldn't detect it if it were written by a programmer who could code his way out of a wet paper bag. Yes, you're vulnerable - but doing so would be nothing short of suicide for any software vendor.

If you're -STILL- paranoid, check out virustotal.com or similar sites. If it's dinging bells with multiple AV engines, then you should look into it further. If it's only one, then chances are it's a false positive.

_____________________________

“That which can be asserted without evidence, can be dismissed without evidence.” ― Christopher Hitchens

(in reply to aaatoysandmore)
Post #: 6
RE: Kaspersky keeps finding a trojan in the .exe file - 12/21/2013 7:09:25 AM   
Canute0

 

Posts: 605
Joined: 4/30/2010
From: Germany
Status: offline
Look a Anti-virus tool look for pattern of known threats at the code. But since the threats changed weekly their code, the AV-tools rarely find a 100% match. Thats why they put a possible threat into quarantäne. So you can decide if you want keep or delete the file.

But no pattern search is perfect. Example the german word "weniger" means lesser. Serveral forums mark this word as bad word because of the "niger". But does it means this word is realy bad ?

(in reply to Kayoz)
Post #: 7
RE: Kaspersky keeps finding a trojan in the .exe file - 12/21/2013 7:53:12 AM   
Kayoz


Posts: 1516
Joined: 12/20/2010
From: Timbuktu
Status: offline

quote:

ORIGINAL: Canute

Look a Anti-virus tool look for pattern of known threats at the code. But since the threats changed weekly their code, the AV-tools rarely find a 100% match. Thats why they put a possible threat into quarantäne. So you can decide if you want keep or delete the file.


There's a binary comparison - like testing for Eicar, or heuristic testing where it looks for dodgy behaviour - messing with the MBR or altering operating system files. It's actually pretty fascinating stuff that engine bods do.

http://en.wikipedia.org/wiki/Heuristic_analysis

quote:

ORIGINAL: Canute
But no pattern search is perfect.


Binary comparison isn't reliable. It's too easy to pack/encrypt executable code or otherwise hide it. Most engines have some sort of heuristic testing.

quote:

ORIGINAL: Canute
Example the german word "weniger" means lesser. Serveral forums mark this word as bad word because of the "niger". But does it means this word is realy bad ?


It's a racist derogatory term used for people of African descent. Though the etymology is completely different, some people get upset when the term "niggardly" is used. Just goes to show how political correctness overlaps so much with ignorance.

That sort of testing is like the binary comparison. It looks for specific black-listed strings in posts. That's why people will purposefully misspell words so they can post profanity on the forums.

_____________________________

“That which can be asserted without evidence, can be dismissed without evidence.” ― Christopher Hitchens

(in reply to Canute0)
Post #: 8
RE: Kaspersky keeps finding a trojan in the .exe file - 12/21/2013 10:55:38 PM   
WCG

 

Posts: 60
Joined: 5/30/2013
Status: offline
Thanks for the replies. I don't feel comfortable with excluding any folder from my anti-virus software. Maybe I'm paranoid, but I've never had a problem with malware, and I don't want to start now. Still, I'm comfortable enough that DistantWorlds.exe isn't a trojan.

I would think, however, that this would be a big deal - a very big deal - for Matrix Games. So I was shocked that I couldn't find a post on the forum about it, when I searched. Still, maybe my search wasn't up to snuff, huh?

But, clearly, this is a known problem, and it's good to know that Kaspersky is working on a solution. (I haven't heard back from them myself.)

Thanks again for the replies!

Bill


_____________________________


(in reply to Kayoz)
Post #: 9
RE: Kaspersky keeps finding a trojan in the .exe file - 12/21/2013 11:31:38 PM   
Tophat1815

 

Posts: 1800
Joined: 1/16/2006
Status: offline

quote:

ORIGINAL: WCG

Thanks for the replies. I don't feel comfortable with excluding any folder from my anti-virus software. Maybe I'm paranoid, but I've never had a problem with malware, and I don't want to start now. Still, I'm comfortable enough that DistantWorlds.exe isn't a trojan.

I would think, however, that this would be a big deal - a very big deal - for Matrix Games. So I was shocked that I couldn't find a post on the forum about it, when I searched. Still, maybe my search wasn't up to snuff, huh?

But, clearly, this is a known problem, and it's good to know that Kaspersky is working on a solution. (I haven't heard back from them myself.)

Thanks again for the replies!

Bill



quote:

Edit: Link to the guide: http://www.slitherine.com/forum/viewtopic.php?f=234&t=45519
Also Google says Kaspersky are already working on an update.


Don't understand what you mean when matrix did address this issue.

Edit: Link to the guide: http://www.slitherine.com/forum/viewtopic.php?f=234&t=45519
Also Google says Kaspersky are already working on an update.

So you must have missed it with your search and review of this thread. Have a good holiday and checkout the latest patch for Shadows if you get a chance.

(in reply to WCG)
Post #: 10
RE: Kaspersky keeps finding a trojan in the .exe file - 12/22/2013 12:51:37 PM   
WCG

 

Posts: 60
Joined: 5/30/2013
Status: offline

quote:

ORIGINAL: Tophat1812
Don't understand what you mean when matrix did address this issue.


I just meant that nothing came up when I searched the forum here.

Bill


_____________________________


(in reply to Tophat1815)
Post #: 11
RE: Kaspersky keeps finding a trojan in the .exe file - 12/23/2013 6:53:24 PM   
sventhebold


Posts: 360
Joined: 12/22/2006
From: From MN now AZ Prescott Valley
Status: offline
Yes my game has also been sabotaged by Kaspersky and still does not work right.
Yes I changed the Kaspersky to standby. And it works now.
I hope they can straighten this out.

< Message edited by sventhebold -- 12/24/2013 12:05:20 AM >


_____________________________

ssgt usaf 84-91 f-15a/c ops puke 525 tfs & 7th tfs

(in reply to WCG)
Post #: 12
RE: Kaspersky keeps finding a trojan in the .exe file - 12/23/2013 9:54:18 PM   
WCG

 

Posts: 60
Joined: 5/30/2013
Status: offline

quote:

ORIGINAL: sventhebold

Yes my game has also been sabotaged by Kaspersky and still does not work right.



I went into the general protection settings of Kaspersky Anti-Virus and unchecked "Select action automatically." Then, when I restored DistantWorlds.exe, Kaspersky just warned me about it, so I could go ahead and play the game. (And I haven't had that warning again, not so far.)

Maybe that will work for you?

Good luck,

Bill


_____________________________


(in reply to sventhebold)
Post #: 13
RE: Kaspersky keeps finding a trojan in the .exe file - 12/24/2013 6:33:53 AM   
CyclopsSlayer


Posts: 581
Joined: 2/11/2012
Status: offline
I had this problem as well with ZoneAlarm, which uses Kaspersky code.
You need to mark DW's exe as an exception to the scan.

Follow the instructions here, should be similar for Kaspersky; http://www.matrixgames.com/forums/fb.asp?m=3501220
1 Choose 'Computer' view details
2 In 'Anti-virus & Anti-spyware' select 'Settings'
3 At the lower right select 'Advanced Settings'
4 From the list on the left of new dialogue box choose 'Exceptions'
5 Then click 'Add' on the lower right
6 Click 'Browse' in the next dialogue box
7 In the file locator window find your offending DW file and select it - then click 'Open'

Your DW file should now be excluded from checks by ZoneAlarm

Edit: The offending file for me was the downloaded zip file: DistantWorldsShadows-update19012.zip

Edit2: If the file is 'quarantined' then you need to 'restore' it from that area. After you have done so, follow instructions from 1 above.

(in reply to WCG)
Post #: 14
RE: Kaspersky keeps finding a trojan in the .exe file - 12/29/2013 2:06:09 PM   
Hotschi


Posts: 547
Joined: 1/18/2010
From: Austria
Status: offline
Has Kaspersky already resolved this issue? I am a new user of Kaspersky and don't want to fiddle too much with it. This whole thing of them is holding me off from purchasing the Shadows expansion.

_____________________________

"A big butcher's bill is not necessarily evidence of good tactics"

- Wavell's reply to Churchill, after the latter complained about faint-heartedness, as he discovered that British casualties in the evacuation from Somaliland had been only 260 men.

(in reply to CyclopsSlayer)
Post #: 15
RE: Kaspersky keeps finding a trojan in the .exe file - 1/5/2014 11:48:08 AM   
Hotschi


Posts: 547
Joined: 1/18/2010
From: Austria
Status: offline
It's disappointing to see that after 8 days, no one bothers to answer.

Well, I actually purchased Shadows today - and Kaspersky still marks it as malware.

What I would like to know is, what's matrixgames' policy on this?

There's a guide over at the slitherine forum (btw, it's a "brilliant" solution to create the need to check three different forums on three different homepages to find relevant posts about one and the same game...) dated 21st October 2013 - we now have 5th January 2014, so the problem is an old one and known.

And I don't like the idea of having to create a "exclusion zone"!

Does anyone from matrixgames actually make any pressure on Kaspersky, which marks one of its products as malware, when it isn't?

Or does matrixgames' support end as soon as one hits the "purchase" button...

_____________________________

"A big butcher's bill is not necessarily evidence of good tactics"

- Wavell's reply to Churchill, after the latter complained about faint-heartedness, as he discovered that British casualties in the evacuation from Somaliland had been only 260 men.

(in reply to Hotschi)
Post #: 16
RE: Kaspersky keeps finding a trojan in the .exe file - 1/5/2014 1:56:55 PM   
Buio


Posts: 247
Joined: 11/21/2012
Status: offline
Only way to get it removed is if Kaspersky users report it as a false positive to Kaspersky.

Somewhat ironic that Kaspersky got 0 false positives in the latest realworld protection test at AV-Comparatives.org. :P

(in reply to Hotschi)
Post #: 17
RE: Kaspersky keeps finding a trojan in the .exe file - 1/6/2014 9:37:59 AM   
bvoid

 

Posts: 32
Joined: 5/16/2013
Status: offline
Kaspersky is too aggressive and just causes more problems than it solves imo. In work I found it would silently block emulators, without even a warning. This caused much grief...

(in reply to Buio)
Post #: 18
Page:   [1]
All Forums >> [New Releases from Matrix Games] >> Distant Worlds Series >> Tech Support >> Kaspersky keeps finding a trojan in the .exe file Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.131