As of today’s virus definitions update, GameGuard, a commonly used anti-cheat program used by a bunch of games, is detected as a trojan. While Gameguard is a rather annoyingly aggressive program, it is not a trojan, even if it’s use of API hooks to check everything you do makes it look like one. Avast is currently stopping games from running that use this security program.

The virus is detected as “Win 32:Trojan-gen {Other}”.
I can confirm that the game Grand Chase is doing this, and based on the other thread I see about a “video game related” virus, it appears every or almost every game presently using Gameguard is affected by this false flag.
Edit: Looks like that other thread is something different. It may just be GC that’s doing this. Has anyone else tried a game that uses GG since the last Avast update?

http://witgc.org/images/misccrap/gctrojan.png

Hi there. There have been some issues between GameGuard and antiviruses (including avast!).

Please upload the file to VirusTotal and post the results.

A few other programs are seeing it as a trojan, including one that thinks it’s a rootkit, but 30/35 are currently listing it as harmless.

File dump_wmimmc.sys.vir received on 07.28.2008 04:34:29 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.7.26.0 2008.07.27 -
AntiVir 7.8.1.12 2008.07.26 SPR/Agent.IF
Authentium 5.1.0.4 2008.07.28 -
Avast 4.8.1195.0 2008.07.27 Win32:Trojan-gen {Other}
AVG 8.0.0.130 2008.07.27 -
BitDefender 7.2 2008.07.28 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.28 -
DrWeb 4.44.0.09170 2008.07.27 -
eSafe 7.0.17.0 2008.07.27 -
eTrust-Vet 31.6.5983 2008.07.26 -
Ewido 4.0 2008.07.27 -
F-Prot 4.4.4.56 2008.07.28 -
F-Secure 7.60.13501.0 2008.07.28 -
Fortinet 3.14.0.0 2008.07.26 -
GData 2.0.7306.1023 2008.07.28 Win32:Trojan-gen
Ikarus T3.1.1.34.0 2008.07.28 Trojan.Rootkit
Kaspersky 7.0.0.125 2008.07.28 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.28 -
NOD32v2 3301 2008.07.27 -
Norman 5.80.02 2008.07.25 -
Panda 9.0.0.4 2008.07.27 -
PCTools 4.4.2.0 2008.07.27 -
Prevx1 V2 2008.07.28 -
Rising 20.54.62.00 2008.07.27 -
Sophos 4.31.0 2008.07.28 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.28 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.26 -
VBA32 3.12.8.1 2008.07.27 -
ViRobot 2008.7.26.1311 2008.07.28 -
VirusBuster 4.5.11.0 2008.07.27 -
Webwasher-Gateway 6.6.2 2008.07.28 Riskware.Agent.IF
Additional information
File size: 203143 bytes
MD5…: e4fca8005f625177e1ab713e5fdb1ac1
SHA1…: b43fdc5bbd53aec25afd8782246a1e04c8c279e9
SHA256: c10d67d802c2a28a11debf8a66d4e5510335f2ef51555f00c8697b790c1d9873
SHA512: abc5cf9c8583adc01f1a55e45e07b80f8362c1233d095e9a3a8fb912f9797daa
2cf04718e20e9224d5f7a1b5a07c98e7dc6986b12e3da1ec6fe9ae7f140016a4
PEiD…: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x19e6d
timedatestamp…: 0x47900a55 (Fri Jan 18 02:09:25 2008)
machinetype…: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x280 0x7078 0x7080 7.35 33fb0b72e420d0ba9000d89d2fda3f7f
.data 0x7300 0x1d10 0x1d80 0.51 bda8490f8d800f1f7ff788269730eb31
INIT 0x9080 0x1b2c 0x1b80 7.36 72c36c45932dede200185ce9f7668ea9
.reloc 0xac00 0x26d87 0x26d87 7.69 e68bdb161d3e22db8dbcdd947e886f52

( 2 imports )
> ntoskrnl.exe: _allmul, PsGetVersion, ObfDereferenceObject, ObReferenceObjectByHandle, PsGetCurrentProcessId, strncmp, IoGetCurrentProcess, ZwClose, ObOpenObjectByName, RtlCompareUnicodeString, memcpy, ExAllocatePoolWithTag, ExFreePoolWithTag, RtlCompareMemory, ObOpenObjectByPointer, MmProbeAndLockPages, ProbeForRead, _except_handler3, IoFreeMdl, MmUnlockPages, MmUnmapLockedPages, KeDetachProcess, MmMapLockedPagesSpecifyCache, MmCreateMdl, KeAttachProcess, _stricmp, strcpy, ZwQuerySystemInformation, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsTerminateSystemThread, KeCancelTimer, KeWaitForMultipleObjects, KeSetTimerEx, KeSetEvent, KeInitializeTimerEx, memset, _vsnprintf, KeReadStateEvent, KdEnteredDebugger, KdDebuggerEnabled, Ke386SetIoAccessMap, Ke386QueryIoAccessMap, KeStackAttachProcess, KeGetCurrentThread, PsCreateSystemThread, KeInitializeEvent, Ke386IoSetAccessProcess, KeClearEvent, memmove, IoGetRelatedDeviceObject, ZwDuplicateObject, IofCompleteRequest, IoDeleteDevice, IoDeleteSymbolicLink, RtlInitUnicodeString, MmFreeNonCachedMemory, PsSetCreateProcessNotifyRoutine, ZwQueryInformationProcess, ZwOpenProcess, MmIsAddressValid, IoCreateNotificationEvent, PsLookupProcessByProcessId, KeServiceDescriptorTable, MmAllocateNonCachedMemory, IoCreateSymbolicLink, IoCreateDevice, strlen, PsGetCurrentThreadId, KeSetTimer, strncpy, KeWaitForSingleObject
> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel

( 0 exports )

Send the file in a password-protected zip folder to virus@avast.com.

Ok, I sent the file to that address in a passworded .zip file, and included a link to this thread so they can also see the VirusTotal report.