 |
 | Trojan.Mybot - Big Fish Games |  |
|
care4turtles
|
|
I have bought 24+ PC Downloaded games from Big Fish Games over the last 3 years.
Recently, the games I play most have been showing the following, now quarantined viruses. C:\Documents and Settings\All Users\.clamwin\quarantine\infected.nhkwqzz.exe: Trojan.Mybot-10203 FOUND C:\Documents and Settings\All Users\.clamwin\quarantine\infected.qjmzfps.exe: Trojan.Mybot-10203 FOUND C:\Documents and Settings\All Users\.clamwin\quarantine\infected.rfxgdvv.exe: Trojan.Mybot-10203 FOUND C:\Program Files\Magic Match\rfxgdvv.exe: Trojan.Mybot-10203 FOUND This company website says: Support Center > Virus Messages Virus Messages Why do I get the message that my game contains a virus? Explanation: Some anti-viral or personal firewall applications incorrectly identify our games as containing viruses and disrupt or block the software from running. Please be assured that the games coming from us are virus free. To avoid this issue, there are two things to try: Option A: If you update your version of your virus protection program you should find that this problem no longer occurs. You can update your virus protection program from the manufacturers web site and restart your computer. If you have removed the game from your computer, simply re-download it again from our web site and it should work fine. Option B: IF YOUR ANTI VIRUS SOFTWARE DETECTS THE PRODUCT AS A VIRUS OR TROJAN (only some anti virus products exhibit this behavior) SET AN EXCLUSION FOR THE FOLDERS CONTAINING YOUR GAME. To Mark the files or folders containing downloaded games as safe, refer to your anti virus/personal firewall product manual or help page for instructions on setting exclusions. Why did I received a message that your game contained a Trojan Horse? If you use AVG anti-virus, please update your software in order to fix this error. There was an update to this program to correct the flagging of our software as a Trojan error. After you update your copy, please re-start your computer and re-install your game(s). I'm completely confused and pissed off........ Are these bad or not? Should I be worried about re-installing all these games? Thanks in Advance....... |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
The detections could very well be a false positive--especially if you have used the games before without any problems. This can happen with any antivirus from time-to-time. What you should do is upload each game (one at a time) to the Jotti scanning service at https://virusscan.jotti.org/ on the Web and see what other antivirus programs say about the file(s). If several other AVs find a file is infected, it probably is. If only a couple of other AVs find an infection, it is probably a false positive, and you should go to the Clam virus submission page at https://cgi.clamav.net/sendvirus.cgi and fill out the form. Be sure to check the False Positive box, and tell them the name of the false detection in the notes box. You will be helping to make Clam/ClamWin better.
Regards,l |
|||||||||||
|
|||||||||||||
|
| |
|
care4turtles
|
|
Ran Jotti's malware scan on 2 of the games.
Both of their status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Scanner results CPsecure Found RiskTool.W32.PsKill.Q So, This means it is indeed infected?? Not a False Positive? Also, Sounds like it may be in ClamWin database already too?? GEEZZZZZ  |
|||||||||||
|
|||||||||||||
|
| Re: Trojan.Mybot - Big Fish Games | |
|
b0ne
|
|
It would appear to be a false positive, however, there are some concerning things about this company: 1) Magic-Match can be downloaded and played without installing the third party "big fish" software. 2) The file name that they're using is essentially a non-sensical randomized name. One of the typical reason to randomize a file name is to attempt to hide something.... be it hiding a file name from an anti-malware program or a tool that targets a file by name. 3) The file has been wrapped in a pretty complicated "application protector" called https://www.siliconrealms.com/index.shtml Armadillo. 4) The bfgservice.exe program seems to re-launch this "rfxgdvv.exe" on a regular basis, and every time a game is run. A runtime log was recorded using "Process Monitor" from sysinternals, and it does not appear to make any changes to your system, it merely seems to be some sort of licensing enforcement module which coincides with it being "protected" by Armadillo. |
|||||||||||||
|
|||||||||||||||
|
 | Trojan.Mybot - Big Fish Games | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.