These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Issues, Workarounds & Localization

 
  • Topic is locked indefinitely.
 

eve uninstall.exe detceted as trojan

Author
Previous Topic Next Topic
Duckersmash3
Quackery Labs
#1 - 2012-04-08 22:41:12 UTC
was watching cable when i turned around to discover that eve uninstall was detected as a trojan psw.generic9.bwjo using avg free anti virus current ly the "virus" is quarantined didnt have any plans to unistall eve anyway using the definitions downloaded on 4/8/12
Salo Aldeland
Sebiestor Tribe
Minmatar Republic
#2 - 2012-04-08 22:46:33 UTC
Exact same thing happening here.
Loliniux
Hideaway Hunters
The Hideaway.
#3 - 2012-04-09 01:24:05 UTC
Same here ... a lot of false positives lately
Ten Bulls
Sons of Olsagard
#4 - 2012-04-09 04:15:44 UTC
Eve uninstaller is a known trojan;

It sits silently on your computer for a month or two, and when its activated it sends subliminal message suggesting you resubscribe.

Happened to me !
dankdevil
State War Academy
Caldari State
#5 - 2012-04-09 07:06:42 UTC
Same thing, just happened to me. AVG free said the uninstaller is a virus
Zora'e
#6 - 2012-04-09 08:14:32 UTC
Same here. AVG just said it was a trojan. Obviously a false positive.

I won't say you are stupid, but you're not exactly on the Zombie menu either.
Grumpymunky
Monkey Steals The Peach
#7 - 2012-04-09 09:15:17 UTC
So, safe to ignore it?

Post with your monkey.

Thread locked due to lack of pants.
Orii Saissore
Tribal Liberation Force
Minmatar Republic
#8 - 2012-04-09 10:05:59 UTC
also got this bug/alarm. and also got avg antivirus.

calls its a trojan..but I dl it from ccp so...Guess its a false alarm.
Templlisk
2 PIRATES 1 CUP
Grim Future.
#9 - 2012-04-10 00:18:33 UTC
Getting this as well, So is it a false positive or what.
Templlisk
2 PIRATES 1 CUP
Grim Future.
#10 - 2012-04-13 05:46:13 UTC
Ran another scan and a new code is poping up as a threat. Same location Eve uninstaller / Repair. Trojan Horse Generic27.CHLB Whats the deal here
mjd amarr
Doomheim
#11 - 2012-04-13 07:36:47 UTC
I have just recovered my PC from a major hardware failure and had to reinstall eve online. I am getting the same virus warning
"Multiple Threat Detection"
CCP\EVE\repair.exe Trojan Horse Generic27.CHLB
CCP\EVE\Uninstall.exe Trojan Horse Generic27.CHLB

Are the GM's looking in to this???
Georgios Michaels
Doomheim
#12 - 2012-04-13 08:12:47 UTC
Co-sign

Same here....
Arween Cadelanne
Loz corp
#13 - 2012-04-13 10:06:49 UTC
Same here ! What?
Using AVG Free !
What about players using different AV ?
Aethlyn
Brutor Tribe
Minmatar Republic
#14 - 2012-04-13 13:24:03 UTC  |  Edited by: Aethlyn
This is most likely (I'm like 101 % sure on this) caused by the virus scanner's heuristic search. That is, applying "guessing" in determining harmful programs that might sit behind some unknown program. In this case it's a false positive; that means: don't worry, just ignore the warning.

Classic virus scanners will search for specific parts of code or identical files. Heuristics allow them to guess the behavior of a program (or whether it's harmful or harmless) based on parts of its code. Unfortunately both repair.exe and uninstall.exe use techniques that aren't that uncommon for such programs, but that are very common for trojans too (and in this case the scanner assumes they're infected with (or essentially are) that specific trojan.

I'm not familiar with AVG, but I'm sure if you disable the heuristic, the files in question will no longer be detected as potentially harmful or infected. AVG has a more or less famous history of false positives hitting essential system files where "cleaning" the infected files made the system unbootable.

Personally, I recommend Microsoft Security Essentials ( http://windows.microsoft.com/mse ) due to them being far less intrusive (you almost don't notice it running) and I'm essentially guaranteed no false positive will break something in my system. It's true, as such it might be less effective in detecting the very latest malware, but at the same time you just have to apply some common sense when browsing or downloading, which should keep you fine.

If you're unsure about a potential file, you can use services such as VirusTotal ( http://www.virustotal.com/ ) to get a "second opinion" through an overview showing the results of the most famous antivirus solutions. This is still no 100 % guarantee there won't be any custom built maleware (e.g. to steal your login credentials) inside, but this should help in case you receive official distributed files triggering potential false positives (like in this case).

Out of curiosity I did a test run on my current repair.exe:
https://www.virustotal.com/file/e907c9a692555a849132ee2729f8e5a8eac15206093cf6843ac0775fdae4a094/analysis/1334323181/
Their AVG didn't detect anything (which might be interesting). Are you sure your signtures are up to date?

Also, due to the file being signed, you're able to check to see if it has been compromised/modified (i.e. if it's indeed infected by something third party): Open the file's properties, go to the signatures tab, select the signature and click on "Details". The top part of the new window popping up will tell you, if this file has been modified since signing. If the signature is ok, the file is fine and unchanged.

Edit: Sorry, but had to edit the links... for whatever reason the forum won't accept them being clicky. :/

Looking for more thoughts? Follow me on Twitter.
Flux Saissore
Interstellar Vegans Inc.
#15 - 2012-04-13 14:56:15 UTC
I too have AVG (version 2012.0.1913) reporting CCP\EVE\Uninstall.exe as "Trojan horse Generic27.CHLB"

It would be nice if CCP would investigate this, comment publicly and work with AVG to prevent this if it's a false positive.