!!! VIRUS in Release 1.2.2 !!!
by Ron Barbosa · in General Discussion · 09/02/2004 (11:30 am) · 10 replies
Hey all...I'd hate to cause a ruckus, but I checked my virus scan console today and I noticed a virus was located in 3 files on my system. One of the 3 files was
\torque\install_build\nsisd.dll
After a few scans/cleans, the virus was gone, but it required the deletion of the above file.
I was unsure if the file was infected upon receipt, or if the virus altered the file, so I connected to CVS, downloaded the file again, and immediately did a virus scan of the \torque directory.
The same file was again found to be infected.
The virus is classified as the Downloader-OG Trojan.
FYI...this file has been located on my system for several months, and it was never found to contain a virus in the past. It was only after a recent update of my virus catalog that this file was seen to be infected.
Torque users may want to update their virus catalogs and scan their systems.
Any information regarding when it will be safe to download this file again would be greatly appreciated.
Sorry for any panic this might cause. ;(
--RB
\torque\install_build\nsisd.dll
After a few scans/cleans, the virus was gone, but it required the deletion of the above file.
I was unsure if the file was infected upon receipt, or if the virus altered the file, so I connected to CVS, downloaded the file again, and immediately did a virus scan of the \torque directory.
The same file was again found to be infected.
The virus is classified as the Downloader-OG Trojan.
FYI...this file has been located on my system for several months, and it was never found to contain a virus in the past. It was only after a recent update of my virus catalog that this file was seen to be infected.
Torque users may want to update their virus catalogs and scan their systems.
Any information regarding when it will be safe to download this file again would be greatly appreciated.
Sorry for any panic this might cause. ;(
--RB
#2
I know that I haven't ever recieved any issues with Virii and the latest TGE head that I pulled down, but that was a month ago.
Logan
09/02/2004 (12:01 pm)
Can anyone confirm this? I would hate to see a ruckuss made over something that could very well be an isolated problem on a particular users system.I know that I haven't ever recieved any issues with Virii and the latest TGE head that I pulled down, but that was a month ago.
Logan
#3
I'd check the virus engine manufacturers website as they normally get a few calls on this and would post this info if it were a false positive. I know typically Norton / Symantec would post something.
I'll update when I get home and see if I get it as well. But I'd suggest, as Michael did, that you contact GG.
09/02/2004 (12:05 pm)
It may be a false positive, meaning it isn't really a virus. However, it could also be a threat from a previous unknown virus/type.I'd check the virus engine manufacturers website as they normally get a few calls on this and would post this info if it were a false positive. I know typically Norton / Symantec would post something.
I'll update when I get home and see if I get it as well. But I'd suggest, as Michael did, that you contact GG.
#4
The first time this virus was detected on my machine was after the 8/27 weekly catalog update.
It is possible that a virus already present in my system later infected this file, but after a clean scan, and subsequent download, the same file was found to be infected.
I'd love to forward this to the staff at GG, but I don't know where to find their email addresses, and I don't have time to look right now.
--RB
09/02/2004 (12:13 pm)
Hey all...if it is a false positive, it's quite consistent.The first time this virus was detected on my machine was after the 8/27 weekly catalog update.
It is possible that a virus already present in my system later infected this file, but after a clean scan, and subsequent download, the same file was found to be infected.
I'd love to forward this to the staff at GG, but I don't know where to find their email addresses, and I don't have time to look right now.
--RB
#5
09/02/2004 (12:17 pm)
We are aware now :) Thanks. I'd suspect this is just a false positive, but this file has already been removed anyway for the 1.3 release-- if you update HEAD right now, you'll see it was removed. So.. prob solved already, even if there never was one. ;)
#6
I will update again and post my findings.
Sorry for any alarms...just trying to safeguard the Torque community from viruses.
--RB
09/02/2004 (12:19 pm)
Hey all...just a quick update...there is some indication on the McAfee web site that this may be a false positive. It appears related to the 4388 DAT...supposedly fixed in the 4389 DAT.I will update again and post my findings.
Sorry for any alarms...just trying to safeguard the Torque community from viruses.
--RB
#7
09/02/2004 (12:23 pm)
Appreciate the effort Ron :) See my post above too, please.
#8
Again...sorry for the alarm...
--RB
09/02/2004 (12:29 pm)
Hey all...okay...it appears that this is fixed in the 4389 DAT.Again...sorry for the alarm...
--RB
#9
But, as Josh said, it's out of the HEAD now.
09/02/2004 (12:31 pm)
NSIS false-positives in Norton. It did the same thing under McAfee as well.But, as Josh said, it's out of the HEAD now.
#10
09/02/2004 (5:04 pm)
Hey, better a false positive than a false negative. 
Torque 3D Owner Michael Cozzolino
Big Monk Games