Jump to content

Virus Trojan

22 replies to this topic

#1 jhp

  • Members
  • 5 posts

Posted 31 January 2009 - 11:11 AM

When I download version 4 of Romantic Encounters, my antivirus software said that there is a virus named Trojan.Win32.Agent.blgg in this file. I want to inform you.

#2 the bigg

    The Avatar of F/Ts

  • Modders
  • 2316 posts
  • Gender:Male
  • Location:Modena (Italy)

Posted 31 January 2009 - 02:44 PM

Yes, RE contains an actual virus, and yes, I'm actually confirming this on a channel operated by the RE author.

PS: if you are dense, this is sarcasm.

Edited by the bigg, 31 January 2009 - 02:45 PM.

Italian users: help test the Stivan NPC!

Author or Co-Author: WeiDU - Widescreen - Generalized Biffing - Refinements - TB#Tweaks - IWD2Tweaks - TB#Characters - Traify Tool - Some mods that I won't mention in public
Maintainer: Semi-Multi Clerics - Nalia Mod - Nvidia Fix
Code dumps: Detect custom secondary types - Stutter Investigator

If possible, send diffs, translations and other contributions using Git.

#3 Guest_jml_*

  • Guests

Posted 31 January 2009 - 11:19 PM

I can confirm that there is trojan in the file. My antivir program F-secure found this Trojan.Win32.Agent.blqg in the RE-file.

#4 Kulyok

  • Members
  • 5220 posts
  • Gender:Female
  • Location:Moscow, Russia

Posted 31 January 2009 - 11:57 PM

I don't think so. We check all RE versions with various antiviral software(from Avast to Outpost Security Suite), and it seems that you are safe... for the time being. Seriously, try a different antivirus, like Kaspersky or DrWeb.

#5 jcompton

    Lord Bigenvy

  • Members
  • 619 posts

Posted 01 February 2009 - 11:54 PM

Over the years it seems that once every six months or so, one of the virus scanners is bound to misinterpret a RAR or SFX mod package as containing a virus.

Although it has happened for real on occasion, usually they are false alarms. If you do encounter one that is confirmed by other software to be a false alarm, take the time to alert the virus scanner developer of the false positive--it helps them refine their definitions and, hopefully, prevent similar mistakes from cropping up in the future. Generally they have either an e-mail address or Web form where they ask you to report the false positive and attach the offending file.

(also, I suggest "Virus Trojan" be the name of a new RE character. He can be hanging around temples claiming he needs to be cured of disease, but that's just a cover for his true intentions!)

Edited by jcompton, 01 February 2009 - 11:55 PM.

"[I]t's a testament to the determined RPG fraternity that a number of Baldur's Gate II mods have been successfully produced. The best can be found at pocketplane.net." PC Gamer UK

#6 Kulyok

  • Members
  • 5220 posts
  • Gender:Female
  • Location:Moscow, Russia

Posted 02 February 2009 - 12:39 AM

O-la-la! Me likes.

#7 Icendoan

    King of Parsing Errors

  • Modders
  • 1704 posts
  • Gender:Male
  • Location:The hall of 1000 posts!

Posted 02 February 2009 - 06:21 AM

A talking horse! :worship:

Mods in development: Keeping Yoshimo
Posted Image

#8 Evaine Dian

    In your face

  • Members
  • 224 posts
  • Gender:Female

Posted 02 February 2009 - 07:17 AM

Hung like a (Trojan) horse, I hope? :worship:

#9 SixOfSpades

    Idea Machine

  • Members
  • 444 posts
  • Location:Bellingham, WA

Posted 06 February 2009 - 11:03 PM

Nobody ever mentions that the Trojan Horse was actually Greek!

#10 plainab

    Sasha al'Therin

  • Members
  • 1717 posts
  • Gender:Male
  • Location:Lost on the Sword Coast

Posted 07 February 2009 - 07:06 AM

Oh come on lets be a bit more inventive....

Name: Tro Jan
Race: Halfling or Gnome
Occupation: Merchant
Product Sold: Diseased Turnips
Effects from eating: Random Viral Infections
INT: -5 (you were stupid enough to eat it, you deserve to lose some more)
WIS: +1 (you just learned not to eat this again)
CHR: -10 (with your bowels in a rumble who wants to be near you)
DEX: +3 (all that running to the latrine keeps you in shape)
STR: -1 per tenday infected (slowly breaks down muscle tissue)
Death if left unchecked once STR reaches 0

Can be infected by one, all or any combination thereof.
Can only be healed through conversation (not temple store options) with various temple healers.
Priests of a particular faith can only heal one type of infection.
Example: Priests of Oghma could heal only INT
So to be completely healed would require visits to multiple temples.

And yes the Trojan Horse was Greek, but the Trojan horse was just a regular horse born an bred in Troy.
My working mods:
an AI Party Script for BG2 game engine DOWNLOAD LINK ONLY!
Interactive Tweaks for BG series with some IWD support. DOWNLOAD LINK ONLY!
Rest For 8 Hours an IWD mod
My contributions: BG1Fixpack, BG1Tweaks
On Hold: Solestia an NPC for SOA
My website: http://sasha-altheri...s.com/index.htm

#11 Icendoan

    King of Parsing Errors

  • Modders
  • 1704 posts
  • Gender:Male
  • Location:The hall of 1000 posts!

Posted 08 February 2009 - 05:17 AM

:lol: I likes. Think of the Jan banters....

Mods in development: Keeping Yoshimo
Posted Image

#12 DCB

  • Members
  • 11 posts

Posted 12 February 2009 - 08:53 AM

While I have no doubts it is clean, it's not the sort of thing you should just dismiss idly. 12 of 39 scanners flag it as malware, including popular apps AntiVir, AVG, and Kaspersky - http://www.virustotal.com/analisis/b71f98a...f515ce43265f9e1 I would suggest submitting it to a few of them so they can take the signature out of their database.

#13 Kulyok

  • Members
  • 5220 posts
  • Gender:Female
  • Location:Moscow, Russia

Posted 12 February 2009 - 09:53 AM

I'd love to do it, yeah. I just took time and sent a report to Outpost company, asking them to test the file for me(as I paid for "eternal" support, let them do their job). I'm sure it's clean, but just in case.

For the time being: folks, I think it's indeed time to submit files to Kaspersky lab/AVG/etc, because false positives suck. But I'm having troubles locating the necessary webpage links on avg.com and www.kaspersky.com(though I could swear I saw one when I was researching the matter a few weeks ago). Please, if you can, help me with links(or just submit the file yourself).

#14 DCB

  • Members
  • 11 posts

Posted 12 February 2009 - 10:40 AM

AntiVir - Might have to post on their forum - http://forum.avira.com

AVG - You have to email the file to virus@avg.com with a description of the problem (i.e. false positive)

F-Secure - Can't find any info

Kaspersky - In the drop down menu, choose "False alarm" http://support.kaspe...sk.html?LANG=en

TendMicro - I can only find the submission address for emails falsely flagged as spam, but might be worth trying - False@support.trendmicro.com

For the commercial apps, I think they are only interested in submissions from registered users, so you may need to get people that use those apps to submit reports.

Edited by DCB, 12 February 2009 - 10:42 AM.

#15 Kulyok

  • Members
  • 5220 posts
  • Gender:Female
  • Location:Moscow, Russia

Posted 12 February 2009 - 10:53 PM

Thank you very much! Thank you for your time, I really appreciate that - I'll be home late today, but I'll try and fill all the forms.

And, folks - if you're paid registered users of AVG/Kaspersky/etc, I could really use your help.
Because - currently only Dr Web, Outpost Security Suite and Avast! here.

Reply to this topic


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users