Trojan in Melty Blood ReAct-English?

Let's talk about the port of the port of the port of the update of the port of the port of the update of the expansion of the game that will apparently never be awesome enough.

Moderator: Staffers

BettiePage
Totally hardly posted
Posts: 16
Joined: December 4th, 2006, 9:45 pm

Trojan in Melty Blood ReAct-English?

Unread post by BettiePage » December 12th, 2007, 6:05 am

My virus scanner just popped up a window saying a "Threat Detected!"

the file is mbr-english.exe

Trojan horse Dropper.Agent.GBI

Message
Master of Bad Puns
Posts: 1845
Joined: October 25th, 2004, 6:27 pm
Location: Netherlands

Unread post by Message » December 12th, 2007, 11:16 am

Please provide information on your virusscanner. Brand, name, exact scanner version number, exact virus database version number.

Mr. X
Posting more than n00bs
Posts: 20
Joined: December 12th, 2007, 12:37 pm

Unread post by Mr. X » December 12th, 2007, 12:44 pm

Well, I just registered and I came across this... Just in time because the same thing happened to me :cry: The worst is tha the .exe file is "incomplete" or something so even if you just ignored the warning, you can't play. I tried uninstalling the game, re-installing it, and it's the same thing over and over. I even tried re-installing everything from scratch, which led to the lost of my entire record in the game (by the way, would be gratefull to know which file is the one to back-up to keep my progress and ending list and stuff safe :) . I'm guessing that we both use the same anti-virus, so here are my specs of the program:

AVG Free Edition 7.5.503
Database Version 269.17.1/1181

I'm using Windows XP SP2.

BettiePage
Totally hardly posted
Posts: 16
Joined: December 4th, 2006, 9:45 pm

Thats right

Unread post by BettiePage » December 13th, 2007, 12:06 am

Sorry I do use AVG Free Edition and I did update to the most current update that day.

Also using Windows XP Home for the OS.

BettiePage
Totally hardly posted
Posts: 16
Joined: December 4th, 2006, 9:45 pm

Unread post by BettiePage » December 13th, 2007, 1:20 am

ok here are the details on my system currently...

AVG Free Edition
Program version: 7.5.503
Virus base: 269.17.1/1182

O/S: Windows XP Home SP2

Message
Master of Bad Puns
Posts: 1845
Joined: October 25th, 2004, 6:27 pm
Location: Netherlands

Unread post by Message » December 13th, 2007, 9:12 am

Alright, I can reproduce this. I will contact Grisoft and ask them to fix it.

Mr. X
Posting more than n00bs
Posts: 20
Joined: December 12th, 2007, 12:37 pm

Unread post by Mr. X » December 13th, 2007, 8:42 pm

Wow, like if we didn't have enough to thank you guys for :oops: By the way, the japanese mbr.exe also has the same problem, so I would believe that is a problem between AVG and ReACT, not specifically ReACT English. Hope it helps for something :wink:

Message
Master of Bad Puns
Posts: 1845
Joined: October 25th, 2004, 6:27 pm
Location: Netherlands

Unread post by Message » December 13th, 2007, 9:28 pm

Mr. X wrote:By the way, the japanese mbr.exe also has the same problem
Yes, but only in the FT patch. The version on the CD is "clean". Will you believe that it's impossible to contact Grisoft's technical department if you don't have an AVG license? I had to send my report to their bloody sales department. >____>

Mr. X
Posting more than n00bs
Posts: 20
Joined: December 12th, 2007, 12:37 pm

Unread post by Mr. X » December 15th, 2007, 12:19 pm

Wai... What? The sales department? :shock: What the... By the way, a new update for the AVG, after 2 days :roll: I'll try installing ReACT and post here the results :wink:

Message
Master of Bad Puns
Posts: 1845
Joined: October 25th, 2004, 6:27 pm
Location: Netherlands

Unread post by Message » December 15th, 2007, 3:39 pm

No, the file still regarded as infected. It may take a while before they fix this, especially considering the hackjob method I had to use to contact them.

Mr. X
Posting more than n00bs
Posts: 20
Joined: December 12th, 2007, 12:37 pm

Unread post by Mr. X » December 15th, 2007, 4:49 pm

Hackjob? :shock: I'm already picturing you as a hacker creating a false avg license account and sending the petition via a non existen mail :lol: Unfortunately I read your post after re-installing ReACT, because as you said it hasn't been fixed :cry:

Euphemism
Totally hardly posted
Posts: 12
Joined: May 14th, 2007, 1:40 am
Location: Montreal

Unread post by Euphemism » December 15th, 2007, 6:57 pm

This thread mentions how false positives should be reported to AVG. Apparently, the method is to upload it to some online virus scanner (haven't been able to get that to work yet, the server's overloaded), then if it clears, you submit an email to virus@grisoft.com, with the file attached in a password-protected archive. Might be faster than putting it through sales. Judging by the timestamps on the forum, it took less than 5 hours to get a reply.

Also, to get around the fact that AVG is cutting off your access to the files since they're regarded as trojans, you have to open up the command center and turn off the resident shield. That restores your access to MBR, and to other potential viruses on your hard drive ^_^. So make sure to turn it back on when you're done playing.

Edit: The online virus scan turns out these results for mbr-english.exe. Not sure if this is anything meaningful - google doesn't turn up any english results for them.

Code: Select all

A-Squared 	Found nothing
AntiVir 	Found nothing
ArcaVir 	Found nothing
Avast 	Found nothing
AVG Antivirus 	Found Dropper.Agent.GBI 
BitDefender 	Found nothing
ClamAV 	Found nothing
CPsecure 	Found Troj.Dropper.W32.Agent.czj 
Dr.Web 	Found nothing
F-Prot Antivirus 	Found nothing
F-Secure Anti-Virus 	Found Trojan-Dropper.Win32.Agent.czj 
Fortinet 	Found nothing
Ikarus 	Found Trojan-Dropper.Win32.Agent.czj 
Kaspersky Anti-Virus 	Found Trojan-Dropper.Win32.Agent.czj 
NOD32 	Found nothing
Norman Virus Control 	Found nothing
Panda Antivirus 	Found nothing
Rising Antivirus 	Found nothing
Sophos Antivirus 	Found nothing
VirusBuster 	Found nothing
VBA32 	Found Trojan-Dropper.Win32.Agent.czj

Mr. X
Posting more than n00bs
Posts: 20
Joined: December 12th, 2007, 12:37 pm

Unread post by Mr. X » December 15th, 2007, 8:46 pm

For what I could understand, it seems the antivirus programs listed there are finding 5 differente types of viruses in the .exe file :shock:
About disabling the resident shield, I actually did it before a clean install... the .exe files ended up the same way without even the "kinoko" icon :cry: When I clicked it, it says is not a valid file :? This reminds me when Norton detected a virus in a system file and ruined a lot of computers :roll:

Message
Master of Bad Puns
Posts: 1845
Joined: October 25th, 2004, 6:27 pm
Location: Netherlands

Unread post by Message » December 16th, 2007, 12:05 pm

Actually I count only two different names there... Either way, you will need to disable your virusscanner every time you want to play the game, but that's definitely not a good idea. I suggest waiting until a fix is available.

Thank you very much for the info, Euphemism. I've sent another report to their official mailbox.

Message
Master of Bad Puns
Posts: 1845
Joined: October 25th, 2004, 6:27 pm
Location: Netherlands

Unread post by Message » December 16th, 2007, 6:41 pm

Dear Sir,

Thank you for your e-mail.

Please let us inform you that the false positive detection of the file
will be removed in next virus database update.
AVG will not detect this file as a threat anymore.

In case of any other problem or question regarding AVG please feel
free to contact us.

Thank you.


Best regards,

Jan Brezina
AVG Technical Support
One down. That leaves CPsecure, F-secure, Ikarus, Kaspersky, Norman and VBA...

Edit: I've contacted the other companies as well. Unfortunately McAfee, PC Cillin and several other security suites are not included on http://virusscan.jotti.org/ . If anyone has problems with those programs, please let me know.

Edit2: A new AVG definitions file has been released, mbr.exe and mbr-english.exe are no longer recognized as infected. ArcaBit and FortiNet have updated their virus definitions as well. Sophos couldn't get any positive, false or otherwise, in their test labs. They assume the scanner used on that multiscan website is outdated.
Last edited by Message on December 17th, 2007, 1:00 pm, edited 3 times in total.

Mr. X
Posting more than n00bs
Posts: 20
Joined: December 12th, 2007, 12:37 pm

Unread post by Mr. X » December 16th, 2007, 7:44 pm

:P Now to wait for the update :lol: Thanks a lot Message :wink:

Azhrarn
Totally hardly posted
Posts: 1
Joined: December 17th, 2007, 5:56 pm

Unread post by Azhrarn » December 17th, 2007, 5:58 pm

new AVG update is here, and yay! it is fixed

Curry-senpai
Totally hardly posted
Posts: 3
Joined: August 20th, 2007, 9:46 pm

Unread post by Curry-senpai » December 24th, 2007, 3:15 am

XP Home SP2
Mcafee virus scanner: 12.0.176
DAT version: 5191
Mcafee Firewall: 9.0.163
Melty Blood ReAct English: 1.7

My scanner has never thrown virus alert for mbr-english.exe but the firewall did pop up an alert once that the program was trying to make a connection to the internet. I don't know if this fits with the topic but I thought that I would mention it any always.

Message
Master of Bad Puns
Posts: 1845
Joined: October 25th, 2004, 6:27 pm
Location: Netherlands

Unread post by Message » December 24th, 2007, 8:32 am

Curry-senpai wrote:My scanner has never thrown virus alert for mbr-english.exe but the firewall did pop up an alert once that the program was trying to make a connection to the internet. I don't know if this fits with the topic but I thought that I would mention it any always.
That is very interesting... It's not supposed to, as far as I know. Has anyone else ever noticed this?

noradseven
Might just like this board
Posts: 49
Joined: December 5th, 2007, 5:33 am
Location: Next to my computer.

Unread post by noradseven » January 2nd, 2008, 5:41 am

problem #1 its free virus security
problem #2 its a windows thus prone to unknown gliches for no reason
problem #3 most software is overprotective, normally when this appears I back up my computer check the file out then run it never had a problem it turns out 80% of the time its not a virus its normally just a glich but occasionally it can be real so be careful guys,

#1 solution to not get viruses do not get illegal downloads EVER.

Post Reply