You are not logged in.

Client Virus in original Allods Online files, direct from publisher

1

Monday, May 16th 2016, 4:00am

Gothica

Trainee

  • "Gothica" started this thread

Posts: 61

  • Send private message

Virus in original Allods Online files, direct from publisher

Found by Comodo Internet security.
Selecting option clean deleted the .zip file in question.
Now the game will no longer run.
First, why there is a trojan hidden in original games .zip file.
Second, why the hell a game wouldn't run any longer if an archive file from addons folder was deleted?

Patcher says to run repair tool but the link (http://patch.allods.com/EN/repair.exe) just leads to a 404 page not found.

EDIT: I have run repair through launcher option and repair has restored the .zip file in question. Now the game works again, however virus scan is again detecting a trojan in the .zip file.

Concrete file in question: luajit-2.0.3.exe as shown in screenshot.

This post has been edited 1 times, last edit by "Gothica" (May 16th 2016, 4:32am)

2

Monday, May 16th 2016, 4:34am

Lioo

Professional

Posts: 670

Location: New York, NY

Occupation: Software Developer, Allods Online Moderator, Cloud Pirates Moderator

  • Send private message

Hello,
it is possible, that your COMODO AVS detected the file "luajit-2.0.3.exe" as a Trojan Horse, 'cuz it was delivered by an application download and hidden in an zip archive. Also LUAjit is capable of modifying files and create executable (*.exe) files or at least executable code, since it's an compiler.

LUAjit is a compiler used to convert raw lua code into compiled executable code. Its for developing Add-ons.
I can unsure you, this file it NOT suspicious, it's a false alarm by your AVS.

And, your second question, why it's unable to run: The launcher also creates and checks the checksum of that folder / archive to ensure it doesn't contain any broken or deleted files.
Forum Code Of ConductGeneral Game RulesAccount Ownership RulesSupport Staff



• Subscribe to my Gaming or Anime YouTube Channel • Visit me on MAL

3

Monday, May 16th 2016, 4:41am

Gothica

Trainee

  • "Gothica" started this thread

Posts: 61

  • Send private message

Quoted from "Lioo"

Hello,
it is possible, that your COMODO AVS detected the file "luajit-2.0.3.exe" as a Trojan Horse, 'cuz it was delivered by an application download and hidden in an zip archive. Also LUAjit is capable of modifying files and create executable (*.exe) files or at least executable code, since it's an compiler.

LUAjit is a compiler used to convert raw lua code into compiled executable code. Its for developing Add-ons.
I can unsure you, this file it NOT suspicious, it's a false alarm by your AVS.

And, your second question, why it's unable to run: The launcher also creates and checks the checksum of that folder / archive to ensure it doesn't contain any broken or deleted files.
I have just uncompressed .zip folder and scanned that .exe file directly. In this way Comodo doesn't find any threat.
But as soon as I .zip it again (and scan while it is inside .zip) a warning about trojan pops up.


I guess It's something about that file being in .zip that confuses the AV scanner.


Anyway thanks for answer. :)

4

Monday, May 16th 2016, 4:47am

Lioo

Professional

Posts: 670

Location: New York, NY

Occupation: Software Developer, Allods Online Moderator, Cloud Pirates Moderator

  • Send private message

Ya, its and exe-file inside a zip... This may confuse the one or other AVS.
EDIT: Nahh, according to Virus-Total, it's just COMODO xd ^^
But don't worry, this file is harmless...
EDIT: Just add an exception to this file, and you are good to go.

And for the broken repair link. I wasn't able to reproduce this error.
When I press on "verify Client" everything goes well.
By opening your posted link directly however, I run into the very same issue you described.
Maybe your launcher has or had some old configurations regarding the client verification.
Forum Code Of ConductGeneral Game RulesAccount Ownership RulesSupport Staff



• Subscribe to my Gaming or Anime YouTube Channel • Visit me on MAL

This post has been edited 4 times, last edit by "Lioo" (May 16th 2016, 4:59am)

5

Monday, May 16th 2016, 4:57am

Gladia

Master

Posts: 2,420

  • Send private message

Hello,

If you have any doubt in the future, try VirusTotal :


If there was a virus in a game client that thousands of players downloaded and installed in the past few years, we would know.

Edit: Original message moved to technical issue.
Allods Online Discord
Check out the community chat
Choose EU in #language chan
----
Rejoignez la communauté sur le serveur Discord Allods Online
Clic sur le drapeau EU dans le canal #language

Similar threads

Used tags

virus

Rate this thread