Virus in install file?
6 posts
• Page 1 of 1
|
I ran Uthgard several years back and didn't have any issues, but recently I decided to get back into it and can't get it installed. My anti-virus has blocked the download link for the Uthgard client. Even when I added the download link as an exception, and get the uthgard.setup.exe file downloaded, I can't run it. My Avast Antivirus swears up and down that it found a virus with this file. It shows up as Malware when I run a scan on the file directly.
Has anyone else run into this issue? |
|
Its a false positive. I can only guess its because it a) patches a dll inmemory and b) downloads executable files from internet.
See the report https://virustotal.com/en/file/07208ef0 ... 488882931/ Not sure what we can do about it, but its no virus ofcourse. It's done when it's done. Thanks for your patience.
Every bug gets fixed. Sooner or later. "It is an inescapable law of nature that the amount of satisfaction one gains from achieving something is related to how hard it is and easy things can only elicit a fleeting superficial sort of pleasure." Blue says, "you used macro tools or macro keyboard" Pala says, "i am disabled. and i have a mechanic left hand that can be programed. its hard to play woith one hand" [Appeal] Bxxxxxxxx: "why is RA first aid cann man i stealth use and not unstealth cann man ra if man use unstealth ?????????" BannedUser: "i was not using automate game action my hand was fall on keyboard during i was sleep .... i was completly fall on keyboard ..." |
|
Hi!
I wanted to install yesterday, but my virus scanner deleted the file directly after it was saved to disc. So I tested with virustotal and there 15% of scanners detected something. I do know about possible false positives, but some of the major scanners reported behaviour like ransom-ware. This discouraged me for now. If you are sure, that the executable is not compromised, please add some details to the download page explaining these issues. I would also like to suggest adding some kind of signature to the account page, showing the hash for the uthgard.setup.exe independently of the downloaded file. Those should be computed on the build server and transferred with any new versions of the exe. Btw my download had a sha256sum of 07208ef0adde92988da39f6fe9fcdc9d634fbef8b1404791216b506b7c54b482. Thanks NiDo |
|
Hi again!
Replying to myself, to indicate that I am not stuck and that I was pointed to a nice solution (thanks M) for the virus problem. It seems, that the setup was created using the NullSoftInstaller or NSIS. These executables can be extracted by 7zip (my favorite packing/unpacking tool). So when you manage to get the file past your scanner, you open it in 7zip. There you only need the uthgard.exe in the root directory. Checking this file showed no infections at all, virustotal found no problems using 62 scanners. I placed the file in my DAoC directory and went to the website. Before pressing the "Play" button on the top right use the "+" button next to it so set your DAoC installation directory (and for now do not fiddle with the other settings ). After saving the settings and pressing "play", around 300MB of patch data are downloaded and extracted in multiple steps. I still would prefer, if some comments are included in the getting started section on the possible false positives and what part of the regular setup behaviour makes the scanners issue the positives. And please, include a signature, so everybody can verify, that the exe has not been tampered with. Thanks NiDo |
|
I also tried to install it a couple of days ago, but my anti-virus just refuses to allow it. It keeps on saying that this file contains viruses. Are you sure that it is a false positive? I do not want to get any viruses on my computer as I am also using it for many other purposes. It is my work computer, and I have a lot of crucial files on it. So I do not want to send any damaged files to my customers. Though, I am using secure file sharing with my clients. However, I do not want to risk it.
Last edited by OlivsGirip on Aug 06, 2021 15:54, edited 1 time in total.
|
|
Yes, it is a false positive.
|
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 8 guests