Jump to content

Amber has a virus.


Ohpus

Recommended Posts

Just a heads up. All download links available through G3 and the Amber page have a virus. I verified it with the online scanner:

 

http://www.windowsecurity.com/trojanscan/trojanscan.asp

 

My own AVG anti-virus only picked up the other trojans this loaded when I started the modded BGII game.

 

Here is what I found:

 

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Alternate Portraits\Gibberlings 3\plasmo_picks-v2.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Amber NPC\G3mirror_amber-v2.5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Amber NPC\G3_amber-v2.5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Amber NPC\home_amber-v2.5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Amber NPC\ia_amber-v2.5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\P&P Celestials\g3m_pnpcelestials-v5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\P&P Celestials\g3_pnpcelestials-v5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\P&P Celestials\ia_pnpcelestials-v5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\P&P Celestials\ic_pnpcelestials-v5.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Totemic Cernd\g3m_totemic_cernd-v2.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Totemic Cernd\g3_totemic_cernd-v2.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Totemic Cernd\ia_totemic_cernd-v2.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

F:\Archives\Software\Games\Mods and Patches\Baldur's Gate II\Modders\Gibberlings 3\Totemic Cernd\ic_totemic_cernd-v2.exe detected: Trojan-Dropper.Win32.Agent.apvg!A2

 

I added abbreviations to the start of the file name to indicate the download source of the file (ie g3 would be the main g3 DL, g3m would be the mirror).

 

No other G3 mods (such as Romantic Encounters or Full Plate & Packing Steel seem to be infected.

 

 

Was someone not using protection with Amber? :)

Link to comment

Just for the record: It was A-Squared by EMSI Software showing the "infection". AVG showed nothing.

 

If it turns out to be a false positive I aplogize in advance. You guys are the scripting gurus. Still need to do my own verifications though.

Link to comment

I would think it very unlikely to be a real infection, since the download file has not been touched for 15 months and if it was infected, it would most likely have been caught a bit sooner. Just to be sure I tested the file with F-Secure Anti-Virus with up-to-date definitions and could not find anything amiss. Since a real virus infection would be a rather serious issue, I'd like someone else to confirm my results, since if it was a real infection, it would most likely originate from our system...

 

But just to avoid undue panic, it would be good to be able to conclude this thread by saying that Amber is definitely not infected, considering that this topic is bound to draw attention to itself.

Link to comment

I have always put my faith in commercial anti-virus programs rather than freeware, and I'm happy to say that it has paid off. It is entirely up to you of course, but if you can't afford or don't want to pay for the program I recommend that you spend some time reading reviews and discussions of your chosen program to determine if it is reliable at all.

 

I'd call this a false alarm.

 

However, I do highly recommend that everyone are careful when downloading third party add-ons and keep their anti-virus software up to date.

Link to comment
This is your virus scanner giving a false positive. Please, please check the forums before you post, people.

 

 

Sometimes life is like the movie Willow:

 

 

Ohpus: Did I really... Did I really say those things, last night?

 

Amber: You said I had a virus.

 

Ohpus: I don't remember that.

 

Amber: You lied to me.

 

Ohpus: No, I... I just wasn't using the right AV scanner.

 

Amber: I suppose the possibility threatned you and you were helpless against it.

 

Ohpus: Sort of.

 

Amber: Then what?

 

Ohpus: It... went away.

 

Amber: Went away? "I have a nasty virus because of you" and it *went away*?

 

 

Sometimes a coincidence is just that. And sometimes if you reinstall Windows enough times the problem sorts itself out.

 

Thanks to those who helped.

 

As to the AVS comment by Meira, I believe The Bigg said it best when he commented: "that's because antivirus software creates more troubles than the virus themselves, not because of viruses in the mods."

 

I used Norton's AV for years from Windows 3.1 on until they litterally turned my system into a vending machine. If you missed your renewal period by even a day it would disable itself and allow all kinds of nastinest into the system that it was supposed to be protecting against. Prior to that you were at least protected against all the older stuff.

 

Perhaps I'm a bit oversensitive to this since I'm the professional in the area that has to clean up these messes. A lot for people who don't have the ability to such down a yearly AVS charge on top of their other bills.

 

I ran the Norton's and Panda scanners (McAfee refused to run) and they were giving false positives on legitimate Intel chipset software. AVG is certainly not as robust, I won't even compare the two, but it catches all the common junk floating around so far.

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...