Psi-Ops Free Game possible FP.

Fileplanet is offering Psi-Ops: The Mindgate Conspiracy free but in order for it to be free it is ad supported. Avast is detecting a sample of Win32:JunkPoly [Cryp] in the executable which is probably the ads. When I googled this problem I found that apparently only avast is detecting this which leads me to believe that this might be a false positive. I can run the game if I disable the standard shield which I don’t mind but I thought this should be checked out anyway. Thanks.

It’s not the correct way. You need to use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button…

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the ‘a’ blue icon, click Program Settings.
Go to Exclusions tab and click on Add button…

You can use wildcards like * and ?.
But be careful, you should ‘exclude’ that many files that let your system in danger.

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Here’s the link to the virustotal results: http://www.virustotal.com/analisis/a8339d9c49fb8fccd292ccefb8a5e828 . Strangely in this list avast did not show an infection but sure enough I get an alert when I run this executable. I will email the file in a moment.

Edit: FYI - I did add this to the exclusion list for the standard shield and it was successful.

Indeed seems a false positive.
The discrepancy between avast in virustotal and yours are due to different virus databases and engine used. Generally, yours could be more updated.

I just tried adding the specific executable, then *.exe then . all with the correct path to Psi-Ops and I am still getting this same false positive on the Psi-Ops executable. Am I missing something here? Do I have to restart the Standard Shield service after adding an exception or something?

EDIT- Ack! NVM, I just had the path wrong in the program-wide settings.

EDIT2 - I take it back, I’m not sure why it worked once after changing the path, but now it doesn’t again and I am still getting a false positive on PsiOps.exe. Right now I have the Standard Shield and program settings both excluding “E:\Program Files\Midway Home Entertainment\Psi-Ops\PsiOps.exe”, but it still alerts on that file. Yes, the "E:" is correct, all my games are installed in a Program Files directory on a different drive from my "C:" drive.

You shouldn’t have to restart for the exclusion to be effective.

Try E:*\Psi-Ops\PsiOps.exe, the * wildcard saves having to write the full path and in this case the folder names with spaces, which can throw windows. So I don’t know if that might have something to do with the problem.

I too have another Program Files, now the way windows deals with long file names might give this C:\Progra~1\ and for the second Program Files folder on the E:\ drive even though it is on a different partition windows treats the folder name as being the same, so it would be subtly different, e.g. E:\Progra~2.

So you could also try the short name notation for the path,
e.g. E:\Progra~2\Midway~1\Psi-Ops\PsiOps.exe.

Actually, it turns out it was not the actual PsiOps.exe file that it was hitting on. There is a completely separate file in the Psi-Ops directory called simply “PsiOps” (no extension) that was causing the problem. Since I was specifying “PsiOps.exe”, no matter how I created the exception, it would never have worked. After some research, it appears that the file is a wrapper for the ad serving software that the game runs before launch and after exit. I uploaded the file to VirusTotal and here’s the result:

http://www.virustotal.com/analisis/c9029e78197e766b0d4ae2f11e64bcee

Still looks like a false positive to me.

Yes probably an FP, send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

Try this E:*\Psi-Ops\PsiOps* I think that would exclude files beginning with PsiOps in the Psi-Ops folder but it may also exclude PsiOps.exe.

Oh, I see…errrr, sorry about that (I’m a bit embarrassed). Glad to see this was straightened out though.

Fixed in internal build, will be released soon.