Lineage 2 marked as trojan horse

l2.exe False positive, using vista SP1 Avast pro 4.8.1185
Identifies as Win32:Rootkit-gen [Rtk] Rootkit

already set the l2.exe in the exclusion list but still gives false positive

I hope you mean avast Pro 4.8.1195 (that is the latest version of ‘avast’)

When is this detected, on-demand scan or when booting, lineage2 loading, etc. ?

There are two areas of exclusions, on-demand which is in the Program Settings, Exclusions. You probably need to add it to the Standard Shield, Customize, Advanced, Add list that deals with on-access scanners.

If you have added it there also please post the full text/path that you input in the exclusion list/s ?

You could also confirm the file detection is an FP at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

If confirmed then send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

http://i177.photobucket.com/albums/w229/progrock/Lineage%202/l2mal.jpg
This is what i get. i’ve added the path to the standard shield and nothing changed. clicking no action still deletes the .exe

though this problem of mine and very much annoys! >:( sorry bad angol!
exclusions add bad in that manner! = delete avast = disappointment >:(

No action doesn’t delete the file, it should remain in the original location, but avast won’t let it run (as the screenshot shows) even if you choose no action.

What is the full path/text that you have entered in the exclusions ?
Try d:\lineag~1\system\l2.exe or d:*\l2 (the * wildcard replaces the two folders), if d:\lineage 2\system\l2.exe didn’t work.

Did you confirm using virustotal ?

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect (or D: drive). Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

yeah that seems like an awful lot of work. how about avast just fix this problem and send a new set of definitions…
i really don’t want to perform surgery just to play my game O.o

here is the virus total scan conclusion http://www.virustotal.com/analisis/0325f59a3acb9a1c2c1f8218169a6d6e

Well if you want a permanent solution you need to submit the file to avast as I said earlier for avast to fix the problem they need the file to analyse it so they can adjust the signatures, but if its too much trouble ???

i tried to send the file through the method showed earlier but it wouldn’t allow me to send a file larger than 1024 kb

“Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.”

Right click the avast ‘a’ icon, select Program Settings, Chest and increase the file size limitation to one that will allow it to be sent.

let him make something it avast! >:( >:( >:(
may not be game!!! >:( >:( repaired who =update

sigH i don’t use lookout express so sending via SMTP or MAPI won’t work for me. any other suggestions?

not sure what your saying but it IS a game i downloaded directly from their website. i’ve been playing it for over 3 and a half years. it’s NOT a rootkit. although it acts as one with stupid game guard.

You don’t have to use outlook express, what is your email program ?
The only issue would be if you only used webmail.

If I try to send with SMTP it fails if I don’t change the MAPI default option it succeeds. In the program Settings, SMTP you need to put the details in for your default email account.

Have you been able to get the exclusions working yet using the suggestions I gave ?

i only use webmail.
and no the exclusions don’t work with either the standard shield method or the program settings exclusion list

If I am wrong I am sure the avast team will be very ready to correct me (and I will be very happy to be wrong) - but I believe that the rootkit detection pays attention to no exclusion list at present. Should I be correct then attempting exclusion is an exercise in futility.

avast team please advise the forum

The only workaround that may assist (with slight risk) is to disable the rootkit scan in the avast Program Settings > Troubleshooting options

False positive alerts on game Lineage 2 will be fixed in next VPS update 080515-1. This VPS update will be released in few hours.

False positive are trigged on files with these sha256:
20c10238d99ee1393b9e6fdbfdd2dff48eb77009b9ec84d4a52615393ad6ff10
5b0eb07fcd83f21a6afa05bb5794c8fce631ca773cac9835f080d8f8c1607578

Is there any other files falsely detected?

Can we please get advice from the team on the issue of whether the rootkit scan pays attention to the avast exclusion lists or not?

Alan, I believe you are right about exclusions and the rootkit scan.

I don’t believe the detection is by the rootkit scan but the standard shield scan as is indicated by the image posted (in reply #2) of the alert, although the malware name is rootkit-gen I don’t think it was the rootkit scanner, so the exclusions should still work.

Unless of course the rootkit scan alert screen has been changed to conform to the regular alert screens ???
For that we would need some input from the Alwil team.

somebody solves it repair AVAST or ncsoft!!! intolerable,game want!!! >:( >:( >:( >:( >:( >:( >:( >:(

ty! the problem was infact fixed with recent update