|
Topic review - Chicago 1930 reported as virus by multiple AVs
| Author |
Message |
MetaShane
|
  Posted: 29 Jul 2011, 13:49
Re: Chicago 1930 reported as virus by multiple AVs
Hi there guys!
A little feedback from us.
We systematically check our files, and we also contact AV publishers to make sure they are aware of issues with any of the games we have, it any arise. We can't force them to include the games in their exclusions, but at least we try. Thanks for reading this, and remember, you will always be safe here, as we check every master we get before publishing the game here.
Hi there guys!
A little feedback from us.
We systematically check our files, and we also contact AV publishers to make sure they are aware of issues with any of the games we have, it any arise. We can't force them to include the games in their exclusions, but at least we try. Thanks for reading this, and remember, you will always be safe here, as we check every master we get before publishing the game here.
|
 |
Scautura
|
Posted: 29 Jul 2011, 10:55
Re: Chicago 1930 reported as virus by multiple AVs
I'll weigh in on this one because I haven't already: Yes, by all 14... Note the contents of the names, "Generic", "gen", "Heur", one of them calls it "Riskware", one says "LooksLike", one says "Suspicious" - none of them give a specific name. This means that behaviour of the file (e.g. it is encrypted, or "obfuscated" (note "obfusc" in names), it phones home) is being tagged, not the file itself. With this knowledge, it is possible to make an informed decision; in this case, it should be that you are safe, as Metaboli checks their own files and "only" a third came up with issues. If it were a named virus, or more than 50% came up with a generic virus, then I would be more cautious. That said, yes, it would be a good idea for Meta to contact the AV providers to see if their systems can be upgraded; not all of them will listen or take any notice, however, so you still need to use a little brainpower when it comes to generic hits. [quote="sentorio"]I'm getting this when I run Chicago 1930.exe
http://www.virustotal.com/file-scan/report.html?id=165eb29efc2fbb01cb54c736f1f7bece7a866dfa3eaa1cb86ef457af3f0f5029-1300999034
False positives by 14 AV vendors?[/quote]
I'll weigh in on this one because I haven't already: Yes, by all 14...
Note the contents of the names, "Generic", "gen", "Heur", one of them calls it "Riskware", one says "LooksLike", one says "Suspicious" - none of them give a specific name. This means that behaviour of the file (e.g. it is encrypted, or "obfuscated" (note "obfusc" in names), it phones home) is being tagged, not the file itself.
With this knowledge, it is possible to make an informed decision; in this case, it should be that you are safe, as Metaboli checks their own files and "only" a third came up with issues. If it were a named virus, or more than 50% came up with a generic virus, then I would be more cautious.
That said, yes, it would be a good idea for Meta to contact the AV providers to see if their systems can be upgraded; not all of them will listen or take any notice, however, so you still need to use a little brainpower when it comes to generic hits.
|
|
Neobr10
|
Posted: 29 Jul 2011, 08:47
Re: Chicago 1930 reported as virus by multiple AVs
Well, i use Kaspersky AV, which is considered to be the best paid AV by most people and it didnt detect anything.
Well, i use Kaspersky AV, which is considered to be the best paid AV by most people and it didnt detect anything.
|
|
sentorio
|
Posted: 15 Jul 2011, 21:25
Re: Chicago 1930 reported as virus by multiple AVs
As you can see that website and those AVs are not doing run time analysis, so they have no idea who's launching what.
So they don't know that we are launching the game from a website. I agree with the generic match as it might be a false positive however it's quite rare that half of the AVs think this is a malware and matches to common malware patterns. I couldn't find anything on the internet so I'll just delete the game and won't risk it.
However possibly it's a good idea for Metaboli and Chicago guys to get in touch with those AV companies and report this false positive (if it's a false positive)
As you can see that website and those AVs are not doing run time analysis, so they have no idea who's launching what.
So they don't know that we are launching the game from a website. I agree with the generic match as it might be a false positive however it's quite rare that half of the AVs think this is a malware and matches to common malware patterns. I couldn't find anything on the internet so I'll just delete the game and won't risk it.
However possibly it's a good idea for Metaboli and Chicago guys to get in touch with those AV companies and report this false positive (if it's a false positive)
|
|
wildride
|
Posted: 15 Jul 2011, 10:46
Re: Chicago 1930 reported as virus by multiple AVs
The act of "You launch the game via the site which then launches the player which in turn sends encrypted info to the meta servers to ensure you are a subscribed customer and then sends info back to you to allow the game to launch." Will cause a lot of false positives in itself because a lot of trojans act that way by sending information from your PC to some server.
The act of "You launch the game via the site which then launches the player which in turn sends encrypted info to the meta servers to ensure you are a subscribed customer and then sends info back to you to allow the game to launch." Will cause a lot of false positives in itself because a lot of trojans act that way by sending information from your PC to some server.
|
|
bifta
|
Posted: 15 Jul 2011, 05:09
Re: Chicago 1930 reported as virus by multiple AVs
Hi
As you can see from the link you posted pretty much all the detections have gen or generic in the tiltle.
A virus with this term in the title is NOT a known threat.The term gen or generic means that the virus scanner thinks the file is acting suspiciously and therefore quarantines the file and blocks it to be on the safe side.The virus scanner is blocking this using behaviour detection and not known malware detection
You launch the game via the site which then launches the player which in turn sends encrypted info to the meta servers to ensure you are a subscribed customer and then sends info back to you to allow the game to launch.
The site you linked to also states the following
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
Try sendig the file to the makers of your scanner so they can either add it as a proper detection or remove it from the detection list altogather which i think is more likely.
With so many supposed scanners thinking this is malware im sure if it really was the case then a lot of posts would have been posted on the forums about this as the game has been a part of the service for a while now.
Meta also check all games before allowing them to be downloaded by customers.Im also sure meta will recheck this game after your post.Im also 99% sure it will come back as a false positive
Hi
As you can see from the link you posted pretty much all the detections have gen or generic in the tiltle.
A virus with this term in the title is NOT a known threat.The term gen or generic means that the virus scanner thinks the file is acting suspiciously and therefore quarantines the file and blocks it to be on the safe side.The virus scanner is blocking this using behaviour detection and not known malware detection
You launch the game via the site which then launches the player which in turn sends encrypted info to the meta servers to ensure you are a subscribed customer and then sends info back to you to allow the game to launch.
The site you linked to also states the following
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
Try sendig the file to the makers of your scanner so they can either add it as a proper detection or remove it from the detection list altogather which i think is more likely.
With so many supposed scanners thinking this is malware im sure if it really was the case then a lot of posts would have been posted on the forums about this as the game has been a part of the service for a while now.
Meta also check all games before allowing them to be downloaded by customers.Im also sure meta will recheck this game after your post.Im also 99% sure it will come back as a false positive
|
|
sentorio
|
Posted: 14 Jul 2011, 22:55
Chicago 1930 reported as virus by multiple AVs
I'm getting this when I run Chicago 1930.exe http://www.virustotal.com/file-scan/rep ... 1300999034False positives by 14 AV vendors? I'm getting this when I run Chicago 1930.exe
http://www.virustotal.com/file-scan/report.html?id=165eb29efc2fbb01cb54c736f1f7bece7a866dfa3eaa1cb86ef457af3f0f5029-1300999034
False positives by 14 AV vendors?
|
|
|
| |
