The Open Cave

HI all,
This morning My virus scanner (F-Secure) reports:
Virus detected, Heur.Zygug.3 in UruLauncher.exe ...\Urulauncher.exe Quarantined!

Could you Please check what is going on here?

Cheers,
P'Ter

P'ter, this file is local for your computer, so the problem is in your machine not in the server!

Hi Scarchu,

Scarchu wrote:P'ter, this file is local for your computer, so the problem is in your machine not in the server!

I know that, this was not the question.
This executable has been modified and recompiled by the TOC team. My question was why does my virus scanner suddenly flip over it? (and only this file)
Is the team sure that there was nothing wrong on the development machine during this compilation-linking step that introduces a virus-like thing in this executable
before it was transfered to my machine to patch/launch the app.
I just want to ring the bell so the developer team can check.

Cheers,
P'Ter

P'Ter wrote:
This morning My virus scanner (F-Secure) reports:[...]

[...]

[...] before it was transfered to my machine to patch/launch the app.

Did that mean you did the TOC update this morning?
Otherwise you should try a new copy of your UruLauncher.exe first and run a new patcher update.
There is nothing you can loose and it is only three steps. Just to be sure.

P'Ter wrote: I just want to ring the bell so the developer team can check.

Cheers,
P'Ter

My scanner (ClamWin Free Antivirus) didn't find anything.

I can assure you that there is no malicious code in the client nor in it's compiling stuff. You're the first one having an Antivirus tool detecting the client... What Virus software do you use?

Thank you P'ter for communicating the incidence
It is always good to double-check and be sure.

According to my Panda though, everything seems OK here:

Hi All,

After much testing I got it working now.
AntiVirus is F-Secure. The Heuristic algo's from this scanner always detect this "virus"
Had to disable the antivirus. Reinstall the hole thing and reapply the patch etc...
As soon as the file came down the pipe the bells where ringing here and the file got quarantined.
So I had to do the hole thing again but first I excluded this item from the scanner list so it stays there and runs.
I tested the file also on two other scanners and they did not find anything either.
Must have been and scanning soft update in the background I was unaware of.
Still strange that it only detects the new patcher not the original one and also not the one in URU-live.
Anyway we are back online now

Although frequently crashing in the COD...

Cheers,
P'Ter

P'ter .. I had a very similar problem with my Norton. Every change to the patcher or the .exe-file
was *detected* as Malicious! With Norton's peculiar *Logic* every file it Didn't recognice MUST be
Malicios. Thus get Deleted and Quaranteed! I lost count how many times I had to Override Norton.
Shut it off .. And AFAIK, download totally Virus-Free stuff.

It's good to be cautious and well aware of what You're downloading. But if a Anti-Virus program can't see
the differance of a perfecly sound program code and Rotten Apples, then it's works on wrong parameters.

As You migt guess .. I'm Not using Norton any more and never will ..

/ Max /

Oh, I see someone found out that I added a Virus to our shard. <-------THIS IS A JOKE

No really, we have not added any malicious software to our game.

Opa

P'Ter wrote: [...]
As soon as the file came down the pipe the bells where ringing here and the file got quarantined.
[..]

That sounds as F-Secure is just monitoring whether an original file is modified or completely overwritten, among other things. That's not the worst thing to prevent from viruses. I know this from olden times of MS-DOS! And as you see, this principle is still used, and can lead to false alarms.