22 replies to this topic

[Kulyok]

Okay, I sent e-mails to AVG/Avira folks(virus at avg.com/avira.com), and submitted a report to Kaspersky team(though we're out of luck: RE_v4 was too big to attach, so I put a direct link instead; I'm afraid it won't work).

Kaspersky is a king of false positives, so, yes, another report won't go amiss.

Aaaand - yes, if you use TendMicro/F-Secure/others and it gives you a false positive(because I never used this software, I'm not sure I should report), please, give them a note, if you are a paid user.


Thank you again for the reports. Phew... I don't know, maybe should do this G3-ifying thing in the next version, after all?

[Kaeloree]

This topic might be helpful. We've had a few false reports as well.

[Kulyok]

Thank you - yes, saw this one, as well. If it's Weidu, we should probably let the_bigg know - maybe replacing Weidu 208 with the latest version will work?

[Alboy]

I updated my AVG Virus yesterday & have 5 Trojan Horses they are all Agent.AYMl.
They are.

RE v4
Assassinations v5
Level 1 NPCs v1.1
Xan BG1 Friend v5
Bonehill v226 Patch

All of these were fine until l updated yesterday.
I sent the list to AVG & they sent back a email saying all files were detected correctly.

Has anyone any idea as to what is happening.

[Kulyok]

Yes, we do: http://forums.pocket...php?topic=26283

I have just replaced Weidu 208 with Weidu 210 in my mods(Xan, Xan BG1 Friendship, Assassinations). I've also asked to update RE; I'll post when the update is done.

[Kulyok]

Updated: Romantic Encounters is now based on Weidu 210; no false alarms now, I hope. Thanks to DavidW for updating!

[Ohpus]

The thought of getting a virus from a Romantic Encounter mod is just ironic.


Edit: After about a week of reinstalling my system I have narrowed down the trojan infection to when I launched BGII. Now granted, I use several mods, but I did not have an infection until I updated the mods I use. The recent verion of RE was one of them. So I wouldn't dismiss it as a false positive as quickly as they did in the beginning og the thread.

To be fair an online scan from windowsecurity.com can out like this:

Quote

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate I\Modders\Gibberlings 3\NPC Portrait Pack\bg1npc_portrait_pack-v2.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2
F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Alternate Portraits\Gibberlings 3\plasmo_picks-v2.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2
F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Amber NPC\amber-v2.5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2
F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\P&P Celestials\pnpcelestials-v5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2
F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Totemic Cernd\totemic_cernd-v2.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2
F:\Archives\Software\Games\Mods and Patches\Infinity Engine Mods\Portraits\Gibberlings 3\plasmobg1bg2-v2.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

...so perhaps its just by chance RE is not "IT" this time. I really didn't expect it to be in P&P Celestials or Amber.

Edited by Ohpus, 09 August 2009 - 08:50 AM.

[DCB]

I noticed this has suddenly been flagged in the latest update of ESET which seems fairly random given that it hasn't complained about it in the last year or more it was sitting there.