albatross 18 / gameguard > virus ???

hello,

i’m using avast home edition and, since the last update, when i start the game Albatross 18, the program GameGuard is detected as a trojan horse whereas it is supposed to protect players.

The suspicious file is : GameMon.des

I know this is not a virus and i’d like to find a way to authorize it or if there is another solution to make it work.

I already read somewhere that Avast should be stopped to let the game start but i think it’s a bad thing to do.

I hope someone can answer my question to help me and other peaple to prevent mistakes …

Here is a post concerning this problem :

http://www.albatross18.com/season2/community/community.asp?sid=10

Best regards.

Add it (or the folder of it) to the two avast Exclusion lists… just searching the board you’ll find how :wink:

There is another topic related to this game as a potential false positive detection, http://forum.avast.com/index.php?topic=25691.0. They however haven’t confirmed it as a false positive, only that they have been unable to report the false positive.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

thanks for responses !

i allowed the program the way you explained.

Better is to confirm it is a false positive or not and if so send the sample to avast (see false positive link) so they can correct the VPS.

That will help other albatross 18 and avast users.

peaple from albatross 18 contacted avast and the problem is resolved with new update.

thanks a lot !

No problem, thanks for the feed back.

Welcome to the forums.

I thought you might like to know that the same problem is happening to users of [i]Flyff/i that use Avast.

I am only an avast user like yourself, you must confirm the detection is false, report it and exclude it as above (if it is a false positive).

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

On my machine, the file (GameMon.des) is located at: F:\Program Files\GPotato\Flyff\GameGuard. It’s still in the virus chest if further testing with an online scanner is suggested.

There really is only one way to confirm one way or another and that is by testing.

You can extract a copy from the chest (a copy remains in the chest, just in case, don’t restore until you confirm) to a temp location on your HDD, you may need to pause the standard shield to avoid an alert, enable the standard shield protection after you have extracted the file from the chest. Then it can be uploaded to virustotal, etc. and checked.

If the test shows it is definitely a false positive, send a sample to avast as outlined above. Restore the file from the chest (copy remains) and exclude the file until such time as it is no longer detected as a virus, scan the copy of the file that remains in the chest.

Once it is no longer detected you can remove the exclusions and delete the file in the chest.

Okay, tested with Virustotal:

http://www.virustotal.com/vt/en/resultadox?5ce2e8f0d9da590e473f5c2105ac5ec6

and Jotti(no link available, but Jotti detected the file in question as: VBA32
Found Backdoor.Hupigon.6 (paranoid heuristics) (probable variant) – other scans said it was clean)

To be sure, I sent the file to virus@avast, but as of this moment, I don’t know if the problem with Flyff has been cleared up or not. And I don’t think the file in question was downloaded to mt PC, so I’m not sure if it’s safe to log into the game and download a new copy of the file or not…

PS: Just got an email back from Avast, the file is clean. The version of GG that comes with Flyff no longer triggers a response from Avast. :slight_smile: Now I can play again! ;D

Looks like a FP that has ben quickly corrected.

Welcome to the forums.