Memoir '44 D-Day Landings Memoir '44 D-Day Landings

Forums

Search
Forums » Memoir '44 Online - English » Trojan infection false alert with AVG Anti-virus - Status
Show: Today's Posts 
  
AuthorTopic
gordonsp
Junior Member
First Lieutenant

User Pages
Posts: 6
Registered:
August 2008
Trojan infection false alert with AVG Anti-virus - Status Fri, 26 August 2011 05:10
I've been having problems accessing M44. I played just last night but today, my antivirus is findig trojan horse viruses in the .exe files.

I deleted everything and tried to download the set-up again, but the antivirus won't let it install because of the trojan horse viruses. is anyone else having this problem?

[Updated on: Fri, 26 August 2011 22:43] by Moderator

      
rasmussen81
DoW Content Provider
Designer's Oath

User Pages
Posts: 6847
Registered:
July 2007
Re:Download infected? Fri, 26 August 2011 05:16
gordonsp wrote on Fri, 26 August 2011 07:10

I've been having problems accessing M44. I played just last night but today, my antivirus is findig trojan horse viruses in the .exe files.

I deleted everything and tried to download the set-up again, but the antivirus won't let it install because of the trojan horse viruses. is anyone else having this problem?


I've never heard of anyone else having this problem with the online game. Shocked

The first thing you should do is send in a Bug Report to the crew and they can make sure their program is clean (which I believe it is). Click on the link down in my signature that says, "Bug Report Form" and send it in. I'll also send one of the programmers a Private Message so they know about this thread in case you have a problem with the Bug Report form.

Good luck!
      
Captain Pittman
Junior Member
Major

Posts: 3
Registered:
May 2009
Re:Download infected? Fri, 26 August 2011 07:40
The virus thing started today with lots of people, including me. On a minor note, why am i not listed as a beta Tester? I see some people are. I played the beta game a lot!
      
Grandviceroy
Member
Arnhem Victory

User Pages
Posts: 94
Registered:
June 2011
Re:Download infected? Fri, 26 August 2011 08:12
avg scans say it is a trojan horse Dropper.Generic4.AJES

it is found in
memoir's program files, in the following three places.

install4j.\Memoir'44Up...
uninstall.exe

and, perhaps most worrisome,

Memoir'44Online.exe

Please let the memoir people know....
      
Phread
Senior Member
Stiff Upper Lip

User Pages
Posts: 1772
Registered:
December 2008
Re:Download infected? Fri, 26 August 2011 08:28
Captain Pittman wrote on Fri, 26 August 2011 17:40

The virus thing started today with lots of people, including me. On a minor note, why am i not listed as a beta Tester? I see some people are. I played the beta game a lot!


The people who are listed as beta testers are those people who participated in the closed beta prior to November 2010.

I played the beta a lot too - for which I got the the following awards (you can see them below)

D-Day Recon Team - Gold
Played at least one Expert game as a Beta-tester

Minesweeper
Reported a bug during Beta-testing

Lake Toplitz - Gold
Purchased a Major pack during Beta-testing.

Major Howard
For outstanding contribution beyond the call of duty during Beta-testing

[Updated on: Fri, 26 August 2011 08:30]

      
Grandviceroy
Member
Arnhem Victory

User Pages
Posts: 94
Registered:
June 2011
Re:Download infected? Fri, 26 August 2011 08:58
avg scan healed and moved the infected files to the virus vault.

now i can not get to memoir, as the exe file was one of those.

so, DOW needs to check into this and to let us know how we can get back into playing memoir..
      
Quit2
Senior Member
Advanced Historian

User Pages
Posts: 1046
Registered:
July 2007
Re:Download infected? Fri, 26 August 2011 09:38
Is it safe to play? Would like an answer from someone of DoW.
      
Phread
Senior Member
Stiff Upper Lip

User Pages
Posts: 1772
Registered:
December 2008
Re:Download infected? Fri, 26 August 2011 10:03
Personally I think it is safe to play.

I don't use AVG on this PC, I use another product. It is updated daily, scans the PC regularly, scans all downloads, monitors my network and has a firewall. I think I would know if M44 online was infected.

Think about what has changed recently.
There has not been a new version of M44 online. So it has not changed.
There (probably) has been a new version or update version of AVG.

So a newer version of AVG is suddenly reporting that M44 Online is or has a trojan horse. I would put your money on the probability that AVG is at fault and the report is a false positive.

Phread the programmer.
      
Quit2
Senior Member
Advanced Historian

User Pages
Posts: 1046
Registered:
July 2007
Re:Download infected? Fri, 26 August 2011 10:29
or they have a trojan on their server, infecting all computers of players connecting to the server. ?
      
nemesszili
Senior Member
Hauptmann

User Pages
Posts: 942
Registered:
June 2008
Re:Download infected? Fri, 26 August 2011 10:55
+1 reason to play the real boardgame (in case in which your opponent will not use Brandenburgers as a "trojan horse"! Very Happy)

Apart from the funny side, I hope DoW can fix this problem ASAP.
      
Phread
Senior Member
Stiff Upper Lip

User Pages
Posts: 1772
Registered:
December 2008
Re:Download infected? Fri, 26 August 2011 11:24
I have been playing - off and on - for 10 hours today.

I have upto date, anti virus software from a reputable company. I have not detected a problem.

I trust that DoW would have virus detection/protection software on their servers.

If you wish to avoid all possible viruses disconnect from the internet now and never, ever reconnect. That is the only way to be really safe.

At the same time avoid all planes, trains, cars as people get killed in them ever day.

I do not believe there is any problem with the DoW software or site.

Don't play if you wish.
      
stenic
Senior Member
Major

Posts: 136
Registered:
August 2006
Re:Download infected? Fri, 26 August 2011 12:01
My friend is reporting the same thing, he uses Norton. I've not but then I've not connected for a week.

This sounds bad, even if the virus ismasquerading to be from DoW M44
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 14:28
Dear players:

I would suspect that some virus infected your M44 application after you installed it.

The software is NOT built on a Windows machine, it is built on a Linux machine, so it is impossible that a Windows malware would creep in. On top of this, we check each release with the latest anti-virus software.

To gordonsp: since your exe was infected, your anti-virus software probably now flags it as suspect, which is why it does not want to install it again. There is probably some setting somewhere to relax this rule.

To Quit2: just to be really sure, I downloaded the 1.1.2 executable from the Web site and compared it to our Master, and they are absolutely identical. So nothing bad happen on our server side. We also re-checked it with the latest anti-virus updates, and it was fine.


There could be several explanations:

- a new virus/trojan just appeared and several of you got it at the same time. Sad
- you have been infected for some time, and the latest update of your anti-virus software is aware it just now. Sad


We'll investigate about this Dropper.Generic4.AJES infection, but for the moment we're having a hard time finding information about it.

Yann

[Updated on: Fri, 26 August 2011 14:30]

      
Quit2
Senior Member
Advanced Historian

User Pages
Posts: 1046
Registered:
July 2007
Re:Download infected? Fri, 26 August 2011 15:08
I can confirm there is no problem at DoW.

- I've verified I had the latest virusdefinitions
- I have executed a virus scan (all clear)
- I have started up Memoir 44 online
- I played a game
- I closed memoir 44 online
- I executed a new scan (all still clear)

I think Yann is right.
      
scampers
Junior Member
Hauptmann

User Pages
Posts: 8
Registered:
January 2011
Re:Download infected? Fri, 26 August 2011 16:45
Same thing here. Turned the computer on today and AVG reported the Memoir '44 .exe file infected with the same Trojan everyone else reported. Sad
      
Grandviceroy
Member
Arnhem Victory

User Pages
Posts: 94
Registered:
June 2011
Re:Download infected? Fri, 26 August 2011 16:45
Yann:

good to know DOW is clear...yet a lot of us got this virus and it went to three Memoir files...that can not be a coincidence.

Phred was fortunate not to be hit. Glad he can play for 10 hours clean.

Those of us who got this, however, can not play, at least not right now.

How do we get back into Memoir?

Do we just download from scratch? Will that effect our accounts? (gold bars, ranks, ratings etc.)

Some advice on how to proceed in getting back into Memoir would be appreciated.
      
gordonsp
Junior Member
First Lieutenant

User Pages
Posts: 6
Registered:
August 2008
Re:Download infected? Fri, 26 August 2011 17:05
I found a work around, if you want to call it that.

AVG has a component called "Resident Sheild". If that is disabled, M44 can be downloaded and run without a problem. I'm not sure if that is a "safe" thing to do. I still have AVG anti-virus as well as the other components. But I am not savvy regarding viruses and anti-viruses.

I would appreciate anyone who has more knowledge with this to weigh in and advise.

Thanks for all the help so far.
      
Moomer
Member
Lucky Bastard

User Pages
Posts: 80
Registered:
March 2005
Re:Download infected? Fri, 26 August 2011 17:05
Today as usual I clicked the icon taking me to memoir '44 but it wouldn't start. So I downloaded again, got the virus warning as well and download didn't work. Can't access memoir online. Tried again and before starting scanned computer and memoir'44 files specifically : nothing found. But whatever is installed does NOT work. Right after starting the download I get the warning "unknown/unverified editor do you wish to proceed?"
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 17:17
Hello everyone:

We're working on it...

From the first reports, it seems that it's AVG-only. Could be a false positive maybe? Confused

We are investigating work-arounds and will keep you posted.

Yann
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 17:47
We found reports that a similar problem happened 2 years ago with AVG and the same Install4j launcher that we use for our application. It could be a regression of the same issue. See on the AVG forum:

http://forums.avg.com/ww-en/avg-free-forum?sec=thread&ac t=show&id=39713

The AVG people had acknowledged and fixed the problem on their side very quickly at that time.

We are still trying to reproduce the issue here at the office, to put together a test case and see if it is a similar issue.

We'll keep you posted.

Yann
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 17:56
Just finished installing a version a AVG without upgrading the virus database: M44 is declared clean.

...Updating the virus database now...

Yann
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 18:08
With the latest virus database of AVG (version 1520/3859 from today), the M44 launcher is detected as being infected Evil or Very Mad

Confirmed on two different PCs (XP and Win7).

We are now putting together test files to present the case to AVG, hoping they will react as quickly as in 2009. We are also contacting the company who sells Install4J (our launcher).

We'll keep you posted...

Yann
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 18:14
By the way, we found no workarounds in AVG so far. Even if you choose "Ignore", the application is still unusable "for my protection". Evil or Very Mad Evil or Very Mad

Correction: we found a way, but it's not workable: it just disables the whole thing for a short time (a few minutes). And it's in the advanced settings, so it's a pain.

...We'll keep you posted...

Yann

[Updated on: Fri, 26 August 2011 19:57]

      
Grandviceroy
Member
Arnhem Victory

User Pages
Posts: 94
Registered:
June 2011
Re:Download infected? Fri, 26 August 2011 18:21
my compliments on the fast and thorough response and explanation. Good to know that you have begun to identify the problem and are working on it.

May this be your finest hour...and with all stars (no flags or pineapples).

Looking forward to playing again; great product and, it seems, one that came with solid support.

We are all Lucky Bastard ribbon winners having you on our side.

      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 18:24
Ironically, the AVG Web Site provides a "Report on a false detection" link Rolling Eyes Looks like they are used to it Mad

We are submitting an urgent query.

We hope that can look at it quickly: it's Friday and it's getting late... Crying or Very Sad

...We'll keep you posted...

Yann
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 18:33
We also informed the software company who makes the installer and launcher that we use (install4J). There is a good chance that all their other customers have the same issue!

There must be several angry software publishers around there, with even more many stuck users. Mad

...We'll keep you posted...

Yann
      
Carthvader
Junior Member
Second Lieutenant

Posts: 1
Registered:
December 2010
Re:Download infected? Fri, 26 August 2011 19:16
Hi!
I have AVG and there is a temporal solution. You can go to (my AVG language is spanish and this is a bad traduction) AVG - Tools - Advanced Configuration - Reisdent Protection and use the option Directoy Exclusion to add the Memoir`44 installation directory...

When you run the program AVG asks you for permission...

      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 19:22
Just talked to a tech person at AVG in their US headquarters - always better to talk to a human being, right?

They said that if they could reproduce the problem, they could fix it within 3 or 4 hours. This seems a bit optimistic to me, so I would not make any promise there. Surely they have a long QA process.

They wrote down all the information I gave them, and gave me another e-mail address to send them the test files.

...We'll keep you posted...

Yann
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 19:36
Carthvader wrote on Fri, 26 August 2011 19:16

Hi!
I have AVG and there is a temporal solution. You can go to (my AVG language is spanish and this is a bad traduction) AVG - Tools - Advanced Configuration - Reisdent Protection and use the option Directoy Exclusion to add the Memoir`44 installation directory...

When you run the program AVG asks you for permission...


Good catch Carthvader!

I can confirm that it works. The procedure is easy if you follow it step by step:

- Open AVG by right-clicking on the AVG icon in the task bar and selecting AVG User Interface
- Open the Tools menu -> Advanced Settings
- Scroll down the list on the left until Resident Shield.
- Click on the + icon in front of it, and select Excluded Items
- Click on the Add Path button, and select the Memoir '44 Online folder. You'll have to look for in in C:\Program Files\
- Click OK

You will still get a warning the first time you start the game. Tell AVG that you know what you are doing, and the game will start!

What a drag,

Yann
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 19:37
Just received a confirmation by e-mail that AVG received our "false positive" submission.

...We'll keep you posted...

Yann
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 19:39
Grandviceroy wrote on Fri, 26 August 2011 18:21

my compliments on the fast and thorough response and explanation. Good to know that you have begun to identify the problem and are working on it.

May this be your finest hour...and with all stars (no flags or pineapples).

Looking forward to playing again; great product and, it seems, one that came with solid support.

We are all Lucky Bastard ribbon winners having you on our side.



Thanks so much for your support. Love Believe me, it's really appreciated in this type of situation.

Yann
      
Yann
-= Crew =-
KS Backer - Skeleton

User Pages
Posts: 2276
Registered:
October 2002
Re:Download infected? Fri, 26 August 2011 19:49
Just received an acknowledgment from ej-Technologies, the publishers of the intall4J launcher that we use.

Hopefully, they can help us pushing AVG to fix their bug quickly. And inform their other customers about this issue.

...We'll keep you posted...

Yann
      
stenic
Senior Member
Major

Posts: 136
Registered:
August 2006
Re:Download infected? Fri, 26 August 2011 20:21
Yann wrote on Fri, 26 August 2011 18:49

Just received an acknowledgment from ej-Technologies, the publishers of the intall4J launcher that we use.

Hopefully, they can help us pushing AVG to fix their bug quickly. And inform their other customers about this issue.

...We'll keep you posted...

Yann


Yann, the friend I mentioned is using Norton's 360 and had the same issue, are you aure it's only AVG? I'm running Norton Internet Security but that seems fine so far and has not reported an issue.

He's switched his machine off for the moment so I'm checking for updates on his behalf.
      
gordonsp
Junior Member
First Lieutenant

User Pages
Posts: 6
Registered:
August 2008
Re:Download infected? Fri, 26 August 2011 20:29
Grandviceroy wrote on Fri, 26 August 2011 11:21

my compliments on the fast and thorough response and explanation. Good to know that you have begun to identify the problem and are working on it.

May this be your finest hour...and with all stars (no flags or pineapples).

Looking forward to playing again; great product and, it seems, one that came with solid support.

We are all Lucky Bastard ribbon winners having you on our side.




I agree completely!

I am totally impressed with the response in terms of speed and updates.

Is there some sort of IT Medic badge we can give you?
      
gordonsp
Junior Member
First Lieutenant

User Pages
Posts: 6
Registered:
August 2008
Re:Download infected? Fri, 26 August 2011 20:38
The workaround desscribed by Yann and Carthvader is working for me. It did not require me to answer any warnings. I like it better than disabling the Resident Shield completely.

At least I have access again. Thanks to all!
      
player685829
Junior Member
Second Lieutenant

Posts: 2
Registered:
December 2010
Re:Download infected? Fri, 26 August 2011 20:49
gordonsp wrote on Thu, 25 August 2011 23:10

I've been having problems accessing M44. I played just last night but today, my antivirus is findig trojan horse viruses in the .exe files.

I deleted everything and tried to download the set-up again, but the antivirus won't let it install because of the trojan horse viruses. is anyone else having this problem?


mine today too

I removed and reinstalled and still get it.


      
rasmussen81
DoW Content Provider
Designer's Oath

User Pages
Posts: 6847
Registered:
July 2007
Re:Download infected? Fri, 26 August 2011 20:53
player685829 wrote on Fri, 26 August 2011 22:49

gordonsp wrote on Thu, 25 August 2011 23:10

I've been having problems accessing M44. I played just last night but today, my antivirus is findig trojan horse viruses in the .exe files.

I deleted everything and tried to download the set-up again, but the antivirus won't let it install because of the trojan horse viruses. is anyone else having this problem?


mine today too

I removed and reinstalled and still get it.





Umm...did you read any of the posts after the initial one?! Rolling Eyes It might be worth your time, since it is discussed in length. Cool
      
Grandviceroy
Member
Arnhem Victory

User Pages
Posts: 94
Registered:
June 2011
Re:Download infected? Fri, 26 August 2011 21:24
Yann.

tried the fix for avg....but when i go to memoir 44 online the computer can not find the exe file....that is because it was healed and moved to the virus vault by avg.

so what do i do?

do i go to memoir and do a fresh download?
if so, how do i ensure that i get it with my particulars back (name, rank etc).


thanks

      
player685829
Junior Member
Second Lieutenant

Posts: 2
Registered:
December 2010
Re:Download infected? Fri, 26 August 2011 21:25
yeah, I got it working

thanks
      
Grandviceroy
Member
Arnhem Victory

User Pages
Posts: 94
Registered:
June 2011
Re:Download infected? Fri, 26 August 2011 21:27
how did you get it working?

i did the avg fix yann suggested...but the exe file is gone...

...did you download fresh from memoir?
      
Pages (2): [1  2  >  » ]     
Previous Topic:Siege of Tobruk
Next Topic:The "honor" system
Goto Forum: