WARNING: I think Trojan piggybacking VU update. Hi I was just doing the usual patch update on my laptop when my antivirus software picked up a Trojan in the update download/ patching? I have no idea what is going on. It took two goes to connect to the server when I activated the client loader. My antivirus has never spotted an issue with EU update before and this has me concerned. Anyone else had this issue? This is what I see: File: c:\program files (x86)entropia universe\update_14.6.1.121372-14.6.1.121458.exe Removed Threat name: SONAR Heuristic. 120 Now it is removed the patching is not working very well, but I doubt it is an innocent program. I just retried the update and it has appeared again. Maybe a phising site or something? Ideas?? Cheers Bjorn
Hi All, Its come to my attention that certain antivirus programs seem to believe that there is a trojan hidden in the latest VU patch. I think that this information is important enough to warrant good feedback to MA as its a real concern if industry standard heuristics are picking up something in the VU that it believes mimics the traits of a trojan. I use ESET Nod32 and I've seen nothing but a friend of mine (Few Scars - see post above) is using Norton and it's reporting a trojan: If you have an alert pop up saying your scanner has found a trojan, please post the details here so that we can point the MA team to it.
there is another thread with same issue by Snape http://arkadiaforum.com/showthread.php?10197-Trojan-alert-in-latest-VU maybe is good idea to combine this in one
It can be helpful to check out details of the detected item on an anti-virus site. http://www.symantec.com/security_response/writeup.jsp?docid=2014-011016-0119-99&tabid=2 SONAR heuristic. 120 is not a virus or a trojan. Its a method used to analyse files and flag them as possible trojans depending on what it finds. What your anti virus program is telling you is that the EU patch exe has some characteristics that are similar to those found in trojans. It has not found any known virus or trojan. Based on this I believe the chance of a false positive is very high. Some anti-v companies have implemented a new heuristic early this year and it's value is questionable. The recommended action is to send the detected file to your anti-v provider for analysis. My recommended action is to relax and enjoy your game.
Alerting MA from administrators and PP, for that issue is more than enough tho. We have to realize that we install a RCE enviroment. That mean to me, MA has every right to protect the platform (and us the customers) from any exploits or frauds. So if there is something for that reason into installation, I don't mind at all and I understand. As Kikki said, we don't need to getting crazy with this. By the way I use AVAST AV and all seems ok in my both computers (home and office).
It is because the Client must flymix new information into the Client's display settings (known as injection of code). If you've never seen a Salaafa fire, and someone parks up next to you with one, and you've not even downloaded Toulan, it must render the object from a .PAK file and ensure your client can display the item - injecting the code from the already held universal .pak file into your client "on-the-fly" Worthy of concern to be sure. Back when the EIGCC.exe file injected code........ ...that file is now gone
