New Update-Trojan Virus?
massimus
Posts: 2 Arc User
Hi
I've some issues with pwi. Until game version 79 i could patch all, but now on 80th version my antivir program (gdata internet security) finds a trojan virus in elementclient.exe
I already read that this happened in pw-my. Is it the same here on pwi now?
Is it a real virus or just false alarm like in pw-my?
Hoping for answers,
massi
I've some issues with pwi. Until game version 79 i could patch all, but now on 80th version my antivir program (gdata internet security) finds a trojan virus in elementclient.exe
I already read that this happened in pw-my. Is it the same here on pwi now?
Is it a real virus or just false alarm like in pw-my?
Hoping for answers,
massi
Post edited by massimus on
0
Comments
-
You must ask GData Internet Security, not PWi about that. Mail them a copy of elementclient.exe and tell them you think it's a false positive, and they'll update their signatures files after checking it.[SIGPIC][/SIGPIC]0
-
I am using Kaspersky Anti virus and I too got this alert today. I am very nervous to log in right now.0
-
It ID's the virus as a
Trojan-Downloader.Win32.Banload.abrh0 -
The game executables (.exe's) are (to the best of my knowledge):
pwprotector.exe
elementclient.exe
patcher.exe
launcher.exe
If you downloaded the game or patches from an unofficial source, you should always run a scan on new files that you download, before using them, to help minimize the chances you'll get a malicious file.Do you need help learning about patching the game, installing it, changing antivirus/firewall settings, changing network settings, learn how to use a computer, keeping your PC maintained and more?
Visit our BRAND NEW Knowledge Base & Support Website! - Tech Support Flowchart - Panda Caught on Camera0 -
I downloaded the game from perfectworld.com and no other site, so patches should run properly. And yes, it ids it as Trojan-Downloader.Win32.Banload.abrh
I sent in a message to GData but i don't really think they will change something...
Anyways thanks for answers
massi0 -
darthpanda16 wrote: »The game executables (.exe's) are (to the best of my knowledge):
pwprotector.exe
elementclient.exe
patcher.exe
launcher.exe
If you downloaded the game or patches from an unofficial source, you should always run a scan on new files that you download, before using them, to help minimize the chances you'll get a malicious file.
Thank you for the response.
I downloaded it from one of Perfect Worlds Official sources. (Filefront to be exact)
I scanned computer 3 times today now. No warnings anywhere else.
Uninstalled/reinstalled the game twice today and keep getting warning.
Every uninstall I Scan computer afterwards... dumped cache... cleaned registry ... rebooted... scanned it it all again and cleaned registry again dump cache again. Reinstalled game and updated it... and boom virus warning again.
I did this ALL Twice in a row now.
Everytime I keep getting this virus warning.
The report is with elementclient.exe
File size of this executable is:
5,640,192 bytes
My list of executable (when I scan entire game folder and all sub folders are)
uninstall.exe
elementlocalize.exe
elementclient.exe
Launcher.exe
patcher.exe
creportbugs.exe
pwprotector.exe
===Extra info===
I have another computer in my home here. I own a 3 copy lisence of the same Kaspersky anti virus I run on my other machine and laptop.
I installed the game on another machine here.. updated it... (same version of virus scanner, same updated DAT on virus scanner, same Operating system and patch updates.) I get no warnings on that computer at all!
I figured let me deleted the elementclient.exe on my main machine.. and try copying over "elementclient.exe" from the PC that didn't give me any warnings. The second I transferred it across the network this machine PC ID'd it as a trojan again. This is completely confusing... especially considering I'm using mostly identical software. Also note that the file size of the effected exe are indentical on both machines (the one that gives me a warning and the one that doesn't.)
======
So is this a false positive or reason for concern?0 -
Hey guys,
To help us help our local engineers track down sources, we need some info from you all pretty please.
1) Screenshots in JPG format of the messages that pop up. Post them here if you can.
2) What antivirus/security software that you are running, and what version numbers.
3) Give us the EXACT link that you downloaded the files from (which bittorrent source, website,etc.) Users reading this thread, DO NOT CLICK ON THE LINKS THAT ARE REPORTED related to this issue. We do not want you having the same issues to compromise your computer's security, ok?
4) What version of the game client that you downloaded. The base client will be either version 1, or version 37.
5) What OS you are using, what version.
6) Did you use a manual patch or auto-patch?Do you need help learning about patching the game, installing it, changing antivirus/firewall settings, changing network settings, learn how to use a computer, keeping your PC maintained and more?
Visit our BRAND NEW Knowledge Base & Support Website! - Tech Support Flowchart - Panda Caught on Camera0 -
Ok my issue is solved, maybe there was a virus-update now, because i could disinfect the data now.
But that's weird because this afternoon it didn't work 0.o
massi0 -
Hey guys,
To help us help our local engineers track down sources, we need some info from you all pretty please.
1) Screenshots in JPG format of the messages that pop up. Post them here if you can.
2) What antivirus/security software that you are running, and what version numbers.
3) Give us the EXACT link that you downloaded the files from (which bittorrent source, website,etc.) Users reading this thread, DO NOT CLICK ON THE LINKS THAT ARE REPORTED related to this issue. We do not want you having the same issues to compromise your computer's security, ok?
4) What version of the game client that you downloaded. The base client will be either version 1, or version 37.
5) What OS you are using, what version.
6) Did you use a manual patch or auto-patch?Do you need help learning about patching the game, installing it, changing antivirus/firewall settings, changing network settings, learn how to use a computer, keeping your PC maintained and more?
Visit our BRAND NEW Knowledge Base & Support Website! - Tech Support Flowchart - Panda Caught on Camera0 -
http://files.filefront.com/Perfect+World+Updated+Beta+Client/;11755003;/fileinfo.html
I downloaded it from Filefront, via the link right off your website.
I used auto patch (not manual)
Using Windows XP Service Pack 3
As mentioned before the effected file was:
elementclient.exe
File size of this executable is: 5,640,192 bytes
Warning me it was infected with:
Trojan-Downloader.Win32.Banload.abrh
Using Zone Alarm Security Suite (Has Kaspersky antivirus built in)
version: 8.0.059.000
Antivirus Engine Version: 6.0.2.678, DAT file version 9788898080 -
Everyone that is getting a virus warning about "Trojan-Downloader.Win32.Banload.abrh," please go to http://www.download.com/MD5-Checker/3000-2092_4-10410639.html and download the MD5 Checker. Run the program in the zip file, click the "Create an MD5 checksum" option and then navigate to elementclient.exe. Assuming a default install, this will be C:\Program Files\Perfect World Entertainment\Perfect World International\element. This will put an MD5 checksum (example: 2A154DB059A9C3412A3ADA1F964797F5) onto the clipboard. Paste that into your reply to this thread.
If the warning you are getting is for "generic.keylogger" or "generic.trojan," this is a false positive from your anti-virus program and you can safely ignore it.==/Senior QA Lead/==
Surtr from the south wielding fire
The gods' swords shine in the darkness, like stars in the night
Mountains collapse into rubble and fiends shall fall
Man walks the road to ruin as the sky splits in two0
This discussion has been closed.
Categories
- All Categories
- 181.9K PWI
- 697 Official Announcements
- 2 Rules of Conduct
- 264 Cabbage Patch Notes
- 61K General Discussion
- 1.5K Quality Corner
- 11.1K Suggestion Box
- 77.4K Archosaur City
- 3.5K Cash Shop Huddle
- 14.3K Server Symposium
- 18.1K Dungeons & Tactics
- 2K The Crafting Nook
- 4.9K Guild Banter
- 6.6K The Trading Post
- 28K Class Discussion
- 1.9K Arigora Colosseum
- 78 TW & Cross Server Battles
- 337 Nation Wars
- 8.2K Off-Topic Discussion
- 3.7K The Fanatics Forum
- 207 Screenshots and Videos
- 22.8K Support Desk