Virus or AV problem

There are 7 replies in this Thread. The last Post () by Arvedui.

    Here is the deal:
    Installed Freelancer.mds with Daemon tools as usual (the same way i always use), installed FLMM 1.31 i got from swat portal and downloaded+installed CF1.81 also from swat portal and I activated it with no problem...
    But then I double clicked Freelancer.exe and I got a virus warning for Trojan horse Generic16.ALPM which is strange since all the installation sources are checked several times. Since that whenever i click Fl.exe i get virus warning + the "no permission" warning. Tried running as admin didn't work.
    So I have been wondering what the problem could be and the only thing worth mentioning was AVG av installed (i'd try running fl with avg off but you cant deactivate it only remove it) and my Automatic Updates is on and all updates have been installed and my windows firewall is up (offered unblock FL.exe the first time i ran it as usual - that time when i got the virus warning).
    Only thing coming to my mind is that it's not really a virus (i had virus detections from avg on FL.exe before, scanned 10s times nothing ever found), but AVG recognises sth in FL.exe as a Trojan threat (.ALPM nothing about it on google) and sends the warning to firewall to stop everything from accessing the "infected" file, not even the admin.


    Any ideas/solution (i have 10 days free to play so i would appreciate quick assistance)


    Thanks, Diablo

    Right-click AVG icon in taskbar tray. "Open AVG User Interface", right-click on Resident Shield, Open, at bottom of screen is checkbox to disable Resident Shield, Save Changes. That should do it, worked for me on my AVG. To restore Resident Shield, do the same only check the box and save settings.

    Quote

    Originally posted by Rex Nebular
    Right-click AVG icon in taskbar tray. "Open AVG User Interface", right-click on Resident Shield, Open, at bottom of screen is checkbox to disable Resident Shield, Save Changes. That should do it, worked for me on my AVG. To restore Resident Shield, do the same only check the box and save settings.


    r u telling me u had the same problem? you stated "worked for me..." ?

    Interesting. Today I have little problem with my NOD32 AV (version: 4.0.437.0) ... He did not like files from EXE2 directory: Freelancer.exe, nameresources.dll and sol.dll. and from audio folder file ambienteC.utf. I do exception for this and also take out freelancer from pasive web control. ... Game now runs faster. I keep an eye on that. Maybe this help people with slower PC.

    AVs can be really dumb... .dll files... well it's a possibility... but a simple audio file... that we know it's just some audio, as a virus chance... Fail.


    Avast professional (free somewhere arround) AV is still updating their database each day (sometimes it can get a bit nasty... as it loads few times a day slowing any game :D ) and it has no problems with crossfire. And look at the trailer videos... the od is REAL :D

    Chars: [CFPD]Michael~something (x25), [CFPD]~SQMS~{[(store)]} (x3), [CFPD]xfer, Event~Manager~Michael, StarfIier~EM~Michael, Event_Team_2, [GR]Michael[SP] and a blueprint of [CFPD]Sephirothis

    you are getting false positives:


    the AV can truly detect only virus included in their virus databases. that means the new virus, not yet included on those databases, could damage the computer.


    to prevent that, the AV use 'heuristics', a methodology that tries to detect virus that are not yet included in the database. it does that by comparing the features of a file with those of a virus: if a file shares some features with a virus, it becames suspicious, and you get a virus warning


    as crossfire files are crypted and some virus files are also crypted, a dumb AV will think crossfire files may be virus files. however, it wont recognize them as a known virus, as they are not -and will never be- on its virus database. is for that you will get a "generic" in the virus name


    generic warnings are only that, warnings, and you can ignore them if you are sure its a false positive (and you are)


    to get rid of the warning you can simply disable the heuristic search (not the best option) or exclude the freelancer folder from the scanning route


    you can do both in the configuration window on your AV


    (\__/)
    (='.'=) This is Bunny. Copy and paste bunny into your
    (" )_(" ) signature to help him gain world domination.


    Bunny thinks Ed is not as cool as him