FalsePositive? - Avast blocked Ragnarok Online 2

i always get this warning when i try to launch ragnarok online 2 (indonesia server). it said, web shield blocked a harmful webpage or file. i can’t play the game because avast blocked it.

infection: fileRepMetaGen (malware)
process : ragnarok online 2\shipping\dfcg\delphine.upd
url : h**p://dcfg.ragnarok2.lytogame.com/ragnarok21/201311/RO2_FIX.exe.1009

this always happens after i got new updates for the game (patch 20 november 2013).

Hi,

If you can, please test the file @ www.virustotal.com.

Also, Please post that link about make SURE you keep the link INACTIVE to protect the users. Then I can ask polonus to do a detailed scan of that website and see what’s up with it. If it turns out to be legit then in the next VPS update they will probably fix that…

This is an avast! File Rep alert. It probably means that those files did not come signed.
This is considered when flagging the File Rep Alert:

  1. File Data changes (Emergence)
  2. Number of computers, that executed that file (Prevalence)
  3. Source URL
  4. Status of the digital signatures

polonus

here’s the result from virustotal.

https://www.virustotal.com/en/url/a34a05b6bd2c2ac647740a458fc63cfc2b41b748a03850f1f2a0a2865e4be311/analysis/1385825477/

https://www.virustotal.com/en/file/1f1c30cdcb64aabeebbf603f8f4abb70285e5367f1f11ec1aeca49eb477dd82e/analysis/

File looks clean (First submission 2013-08-04 20:14:09 UTC ( 3 months, 3 weeks ago )).

Please report it to Avast.

Send the file to virus@avast.com Subject: False positive.

This is one of the files analysed at Anubis: http://anubis.iseclab.org/?action=result&task_id=137f18d2ea0355a049d899edc4b3f19c7&format=html
I see no issues there,

polonus