Trojan Warning from Anti-Virus Program on Launcher.exe file
Options
vambrance
Posts: 4 Arc User
To Perfect World Technical support team,
During my latest login, my anti-virus program has flagged that the launcher was contaminated by the Trojan Virus. I have removed the associated launcher.exe file, and try to login again, however, the alert reappeared once again. I am using Trend Micro and my virus database is up-to-date. Please kindy advise.
Regards,
V.
During my latest login, my anti-virus program has flagged that the launcher was contaminated by the Trojan Virus. I have removed the associated launcher.exe file, and try to login again, however, the alert reappeared once again. I am using Trend Micro and my virus database is up-to-date. Please kindy advise.
Regards,
V.
Post edited by vambrance on
0
Comments
-
You have to tell your antivirus program to ignore launcher.exe.
It is detecting it as a possible generic trojan based on it's behaviour. A trojan is a little program that connects to a remote location and downloads a real virus. So that if you get rid of just the virus, the trojan can keep replacing it unless you get that too.
Launcher.exe also connects to a remote site and downloads files to your computer, but that is because it's the patcher. It's just doing what it was designed to do.
It's just a false-positive by your antivirus program. It's not saying that it's definitely a malicious program, it's alerting you to the fact that it might be. Unless you tell it that it's safe, it will continue to do so.[SIGPIC][/SIGPIC]0 -
Hello Ryuuzaki (or anyone who may able to assist),
Thanks for the reply. I understand the concept of Trojan Virus and agree with your explanation. However, the anti-virus did not only just quarantine the launcher.exe file, but also some others files that I have, including IE, and Civilization IV. It is as if the virus has spread. I was able to remove them. After cleaning all quarentine files, scanning 2 twice (each with no virus result), uninstall Perfect World Client, reinstall fresh copy, the warning occurs again, and this time, the spread includes win32. If the launcher is indeed only dispersing patch data for Perfect World, then why would traces of "fake" Trojan be detected for IE, Win32, or even Civilization IV when I have no sign of virus infection prior the installation of Perfect World?
The virus is defined as Trojan Generic.ADV
Thanks again,
Vambrance0 -
Can you locate the Trojan Generic.ADV?0
-
I keep getting a trojan warning as well, and I too have Trend Antivirus. It keeps popping up everytime on launch. i haven't done a fresh install of PW since I played it just 4 hours ago without running into this problem.0
-
That is a generic name it gives for the password protection program that runs along side the PWI client. The little onscreen keyboard that pops up when logging in to the game? That's it.
pwprotector.exe and elementclient.exe are Perfect World International executables that should be allowed to run.
Hope that helps!
Do you need help learning about patching the game, installing it, changing antivirus/firewall settings, changing network settings, learn how to use a computer, keeping your PC maintained and more?
Visit our BRAND NEW Knowledge Base & Support Website! - Tech Support Flowchart - Panda Caught on Camera0 -
Hi guys,
Thanks. Trend Micro basically points to launcher and quarentine it, along with any files which share the trace.
Here is what exactly happened:
1. There is absolutely no virus on my computer prior this incident has occurred, my anti-virus is up to date, and is on 24/7.
2. The anti-virus is scheduled to do complete system scan everyday after 10:00 pm.
3. Previous patching did not trigger quarantine in anyway prior yesterday activation for Perfect
World.
4. Last night schedule scan, no error.
5. Decide to play after the scan (10:30 pm PST), that's when the quarantine occurred.
6. When the Quarentine occurs, it didn't just happen for the laucher, but also for 4 other files, one of them is IE (IE was not on)
7. Since my computer was runs it's daily scanned with no error found, and I haven't used IE in between, I am pretty sure is not a virus conducted by IE from some foreign sites.
8. Once I removed all the quarantine files, I did 2 scans again, once with my own anti-virus, another trial using online scan, no error found.
9. However, when I re-activated the launch, the quarantine activated again, this time, it infected 9 files, 2 of them from my win32, and 2 from Civilization 4. I have CIV4 installed since May 2008, and never has it given me any virus.
10. Again, removed all quarantine files, then uninstall client, scan, no sign of virus.
11. Install PW client again, quarantine reoccurred.
12. Remove again, 3 systems scans last night (2 online, 1 offline), and another one this morning, no error.
That's what made me uncomfortable. Why would it relate itself to other non-associated PW files (from other programs too no less) ? I can most certainly tell my anti-virus program to exclude PW, but not when it is showing sign that it's spreading like a wild-fire to other programs... I heard about the elementclient issue, but how does that make my other files, like IE, win32, and even Civilization IV to be quarantined as well?
Any thoughts from anyone?
Vambrance0 -
No anti-virus program is perfect.
The best one right now is Kaspersky IMHO. http://www.kaspersky.com/ It is pricy, but VERY effective.
Really good ones:
http://www.grisoft.com/ AVG
http://www.avast.com/eng/download-avast-home.html AvastDo you need help learning about patching the game, installing it, changing antivirus/firewall settings, changing network settings, learn how to use a computer, keeping your PC maintained and more?
Visit our BRAND NEW Knowledge Base & Support Website! - Tech Support Flowchart - Panda Caught on Camera0 -
darthpanda16 wrote: »No anti-virus program is perfect.
The best one right now is Kaspersky IMHO. http://www.kaspersky.com/ It is pricy, but VERY effective.
Really good ones:
http://www.grisoft.com/ AVG
http://www.avast.com/eng/download-avast-home.html Avast
I got the same exact problem.
I think darthpanda missed the point here, yes no anti-virus program is perfect, but trojan viruses were found in random folders within program files and system32. Just now I detected 35 trojans, and only one of them is sitting at my current Perfect World game folder, and its not the pwprotector.exe non elementclient.exe.
Like Vambrance, I launch regular checks, and it is only after running perfect world international, that a bunch of trojans start to infest my system. If this is indeed caused by the password protection program in game, then why are trojan viruses popping up in WINDOWS folders?
As Vambrance stated, the majority of trojans found are not even close or related to the perfect world game folder. To make things worse, I tried the MY's client of Perfect world, and no trojan were ever detected, for sure the MY's version also have the password protection program installed as well.
It seems like whatever data being downloaded from Perfect World International, is not going to the destinated Perfect World folder, instead they are being downloaded to SYSTEM32, and other applications' file folders.
GM needs to take this seriously.0 -
We are. We are looking into it, but you all are the only ones that seem to have the issue. We can't reproduce it on our end yet. Where did you download the client from?Do you need help learning about patching the game, installing it, changing antivirus/firewall settings, changing network settings, learn how to use a computer, keeping your PC maintained and more?
Visit our BRAND NEW Knowledge Base & Support Website! - Tech Support Flowchart - Panda Caught on Camera0 -
darthpanda16 wrote: »We are. We are looking into it, but you all are the only ones that seem to have the issue. We can't reproduce it on our end yet. Where did you download the client from?
Thank You for looking into this matter. I personally downloaded the client from the official Perfect World International website, using direct download.
The infected could be the minority, but Trend Micro is a very reliable spyware and virus detection program with a reputation of 99% hit, so it could come down to either other anti-virus programs missed the trojan files, or not enough people are having active virus protection.0 -
http://usa.kaspersky.com/products_services/compare-productskav.php
The PWE office all have Kaspersky installed.
We checked the source files and haven't found anything yet, with different anti-virus programs. You may have gotten the virus from any websites you've visited or programs you've used.
If you have a torrent program, that is usually the first cause for viruses having free access to your system.Do you need help learning about patching the game, installing it, changing antivirus/firewall settings, changing network settings, learn how to use a computer, keeping your PC maintained and more?
Visit our BRAND NEW Knowledge Base & Support Website! - Tech Support Flowchart - Panda Caught on Camera0 -
Dear Administrator,
I too, download the client directly from Perfect World site (I use both the download.exe, as well as the torrent version). Both are creating the same kind of result. And for your information, a couple of my friends also share the same problems.
I maintain my computer frequently, and do have some knowledge on Computer system in general. Assume if the Trend Micro is confused about PW's files being Trojan Generic.ADV carrier, the spread to other non-related programs is definitely a concern, since eventually a good portion of the data for my computer will be quarentined, whether they maybe related to Perfect World or otherwise.
Your assistance on this matter will be greatly appreciated.
Regards,
Vambrance0 -
Lets try a different approach.
1. Download Trend Micro Hijackthis http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
2. Start Hijackthis and choose Do a system scan and save a log file.
3. Copy and paste it. I'll look at the log.0 -
hydrocorsotine - thanks!! I need sleep...
Do you need help learning about patching the game, installing it, changing antivirus/firewall settings, changing network settings, learn how to use a computer, keeping your PC maintained and more?
Visit our BRAND NEW Knowledge Base & Support Website! - Tech Support Flowchart - Panda Caught on Camera0 -
Confirmation.
Trend Micro Internet Security detects launcher.exe as a generic trojan.
It grabbed the exe from the launcher subdirectory as well as the download grabbed by the patcher.
Trend Micro IS 2008 Version 16.10.1182 Scan Engine 8.900.1001 Pattern 5.523.50
I'm offloading the quarentined file to a test bed to see if I can find out what's up.0
This discussion has been closed.
Categories
- All Categories
- 181.8K PWI
- 691 Official Announcements
- 2 Rules of Conduct
- 264 Cabbage Patch Notes
- 61K General Discussion
- 1.5K Quality Corner
- 11.1K Suggestion Box
- 77.4K Archosaur City
- 3.5K Cash Shop Huddle
- 14.3K Server Symposium
- 18.1K Dungeons & Tactics
- 2K The Crafting Nook
- 4.9K Guild Banter
- 6.6K The Trading Post
- 28K Class Discussion
- 1.9K Arigora Colosseum
- 78 TW & Cross Server Battles
- 337 Nation Wars
- 8.2K Off-Topic Discussion
- 3.7K The Fanatics Forum
- 207 Screenshots and Videos
- 22.8K Support Desk