I tried to play the old Rayman Designer and when I run “Mapper.exe” or “RayRun.exe”, avast told me that there’s the virus “Win32:CIH-C [Trj]” inside the files. I remember playing Rayman Designer without any troubles and I don’t really think there are viruses in the executables. How to resolve this? I wanna edit my maps!
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.
For both files:
Antivir → W95/CIH (inactive)
Avast → Win32:CIH-C (like I said)
ClamAV → W32.CIH.1003
eTrust-Vet → Win32/CIH!remnants
For RayRun.exe (with those above):
Fortinet → suspicious
All the others are showing: no virus found
Mapper.exe is an old Win95 program and I remember that it got a system to connect on the Ubisoft server, but this system isn’t working from a long time and I won’t use it anyway. So, what I should I do?
Since they are detected by some other AVs I would Antivir and ClamAV are usually quite good, however the eTrust-Vet saying remnants of CIH, that might be what it is/was after cleaning a previous CIH infection.
So it is hard to say for certain, but I would say it would probably be best to uninstall both programs, reboot and install again from a know clean source.
If however you are happy to accept the risk (personally I wouldn’t) then you can exclude the files from scanning and that will allow you to use both programs, assuming you need them. Standard Shield, Customize, Advanced and
Program Settings, Exclusions
But these files were on the original CD of Rayman Forever. Is that means that everyone that owns Rayman Forever will be infected? Is that means that there’s a virus on every CD of the game in the world? That’s not logical! Ubisoft would have problems if so.
EDIT: I just scan the same files on the CD and the same problem occurs.
You have a few choices, send a sample to avast as outlined in the false positive link above. I don’t know if it would be removed from detections since other AVs also detect it.
In the mean time you can exclude it from scans if you accept the risk it might be infected. With the other detections I can’t say for sure it is a false positive.
If you have been able to play this game previously without a problem, it may be OK as the CIH is an old detection and I can’t why this would change. I have searched the VPS history going back to 2003 and no record of this virus, that is how old this signature/detection is. So I say the risk is low that it isn’t a false detection but still a risk.