i’m using avast home edition and, since the last update, when i start the game Albatross 18, the program GameGuard is detected as a trojan horse whereas it is supposed to protect players.
The suspicious file is : GameMon.des
I know this is not a virus and i’d like to find a way to authorize it or if there is another solution to make it work.
I already read somewhere that Avast should be stopped to let the game start but i think it’s a bad thing to do.
I hope someone can answer my question to help me and other peaple to prevent mistakes …
There is another topic related to this game as a potential false positive detection, http://forum.avast.com/index.php?topic=25691.0. They however haven’t confirmed it as a false positive, only that they have been unable to report the false positive.
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
On my machine, the file (GameMon.des) is located at: F:\Program Files\GPotato\Flyff\GameGuard. It’s still in the virus chest if further testing with an online scanner is suggested.
There really is only one way to confirm one way or another and that is by testing.
You can extract a copy from the chest (a copy remains in the chest, just in case, don’t restore until you confirm) to a temp location on your HDD, you may need to pause the standard shield to avoid an alert, enable the standard shield protection after you have extracted the file from the chest. Then it can be uploaded to virustotal, etc. and checked.
If the test shows it is definitely a false positive, send a sample to avast as outlined above. Restore the file from the chest (copy remains) and exclude the file until such time as it is no longer detected as a virus, scan the copy of the file that remains in the chest.
Once it is no longer detected you can remove the exclusions and delete the file in the chest.
and Jotti(no link available, but Jotti detected the file in question as: VBA32
Found Backdoor.Hupigon.6 (paranoid heuristics) (probable variant) – other scans said it was clean)
To be sure, I sent the file to virus@avast, but as of this moment, I don’t know if the problem with Flyff has been cleared up or not. And I don’t think the file in question was downloaded to mt PC, so I’m not sure if it’s safe to log into the game and download a new copy of the file or not…
PS: Just got an email back from Avast, the file is clean. The version of GG that comes with Flyff no longer triggers a response from Avast. Now I can play again! ;D