Important! Trojan alert in latest VU??!?!

Discussion in 'Miscellaneous' started by Few Scars, Mar 28, 2014.

  1. Few Scars

    Few Scars Administrator Staff Member PAF Administrator Arkadia Adviser

    Messages:
    1,290
    Likes Received:
    156
    Trophy Points:
    63
    WARNING: I think Trojan piggybacking VU update.

    Hi
    I was just doing the usual patch update on my laptop when my antivirus software picked up a Trojan in the update download/ patching?
    I have no idea what is going on. It took two goes to connect to the server when I activated the client loader. My antivirus has never spotted an issue with EU update before and this has me concerned. Anyone else had this issue?
    This is what I see:
    File: c:\program files (x86)entropia universe\update_14.6.1.121372-14.6.1.121458.exe
    Removed
    Threat name: SONAR Heuristic. 120
    Now it is removed the patching is not working very well, but I doubt it is an innocent program.
    I just retried the update and it has appeared again. Maybe a phising site or something?
    Ideas??

    Cheers
    Bjorn
     
  2. Snape

    Snape Master of the BanHammer Staff Member PAF Administrator

    Messages:
    4,235
    Likes Received:
    373
    Trophy Points:
    83
    Hi All,

    Its come to my attention that certain antivirus programs seem to believe that there is a trojan hidden in the latest VU patch. I think that this information is important enough to warrant good feedback to MA as its a real concern if industry standard heuristics are picking up something in the VU that it believes mimics the traits of a trojan.

    I use ESET Nod32 and I've seen nothing but a friend of mine (Few Scars - see post above) is using Norton and it's reporting a trojan:

    If you have an alert pop up saying your scanner has found a trojan, please post the details here so that we can point the MA team to it.
     
  3. billyjeanruby

    billyjeanruby Member

    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    6
  4. Snape

    Snape Master of the BanHammer Staff Member PAF Administrator

    Messages:
    4,235
    Likes Received:
    373
    Trophy Points:
    83
  5. Dalas

    Dalas New Member

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Any news on this? My girlfriend has the same problem it appears...
     
  6. Vadio

    Vadio Member

    Messages:
    197
    Likes Received:
    2
    Trophy Points:
    18
    Disable Heuristic from Antivirus

    But how know ma want spy us?
     
  7. KikkiJikki

    KikkiJikki Well-Known Member Pro Users

    Messages:
    3,323
    Likes Received:
    440
    Trophy Points:
    83
    It can be helpful to check out details of the detected item on an anti-virus site.

    http://www.symantec.com/security_response/writeup.jsp?docid=2014-011016-0119-99&tabid=2

    SONAR heuristic. 120 is not a virus or a trojan. Its a method used to analyse files and flag them as possible trojans depending on what it finds. What your anti virus program is telling you is that the EU patch exe has some characteristics that are similar to those found in trojans. It has not found any known virus or trojan. Based on this I believe the chance of a false positive is very high. Some anti-v companies have implemented a new heuristic early this year and it's value is questionable. The recommended action is to send the detected file to your anti-v provider for analysis. My recommended action is to relax and enjoy your game.
     
    • Agree Agree x 1
  8. billyjeanruby

    billyjeanruby Member

    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    6
    Alerting MA from administrators and PP, for that issue is more than enough tho.
    We have to realize that we install a RCE enviroment.
    That mean to me, MA has every right to protect the platform (and us the customers) from any exploits or frauds.
    So if there is something for that reason into installation, I don't mind at all and I understand.
    As Kikki said, we don't need to getting crazy with this.
    By the way I use AVAST AV and all seems ok in my both computers (home and office).
     
  9. BB Global

    BB Global Member

    Messages:
    90
    Likes Received:
    2
    Trophy Points:
    8

    It is because the Client must flymix new information into the Client's display settings (known as injection of code). If you've never seen a Salaafa fire, and someone parks up next to you with one, and you've not even downloaded Toulan, it must render the object from a .PAK file and ensure your client can display the item - injecting the code from the already held universal .pak file into your client "on-the-fly"


    Worthy of concern to be sure.

    Back when the EIGCC.exe file injected code........ ...that file is now gone :p