Help - Search - Members - Calendar
Full Version: Far Cry 2 Trainer: Reported Virus
BitDefender Forum > English > Old Forum Topics > Malware Talk > False positive reporting
Paddy
Oct 23 2008, 11:00 AM
I'm 95% sure this is a false positive, but I'd like to double check.

I downloaded this trainer from a forum on gamefaqs.com (made by a regular member) and when I extracted it BitDefender went nuts. It says the file is a virus, "Virtool.529" to be exact.

Other members reported getting virus alerts too, and you can see these reports on the aforementioned forum (click the link).

As I understand it, the trainer was made with Cheat Engine, if that matters.

I ran the file in Sandboxie and it seemed clean.

The file is attached in a .RAR archive, with a password of infected, just in case it is indeed a virus!

Cheers biggrin.gif
Paddy
Oct 23 2008, 11:04 AM
Another trainer blocked as a virus:

"Application.Hatkeys.H"

C:\Windows\sysWOW64\H@tKeysH@@k.dll

Attached, with the same password.
Niels
Oct 24 2008, 01:17 PM
Hello Paddy,

That is just a riskware detection not a virus/trojan/... detection. The only purpose of this detection is to inform people of a certain application that can cause harm when you don't have installed them. I don't know if BitDefender will remove the detection of it. What you can do is exclude it or don't let BitDefender scan for riskware.

virtool means virus construction tool. Here a virus researcher should decide if it's a false detection or not.

Kind regards,
Niels
Paddy
Oct 24 2008, 02:23 PM
QUOTE (Niels @ Oct 24 2008, 12:17 PM) *
Hello Paddy,

That is just a riskware detection not a virus/trojan/... detection. The only purpose of this detection is to inform people of a certain application that can cause harm when you don't have installed them. I don't know if BitDefender will remove the detection of it. What you can do is exclude it or don't let BitDefender scan for riskware.

virtool means virus construction tool. Here a virus researcher should decide if it's a false detection or not.

Kind regards,
Niels

Thanks for the reply.

I think BitDefender considers the file to be more than "riskware", because it deletes it the moment I extract it from the archive without asking me. I'd imagine if it was riskware I would simply be altered, then asked if I permit the application to execute.

I found another trainer that doesn't give any alerts, however, so I'm not in any rush to have this one solved tongue.gif

Cheers!
crysty2k5
Oct 24 2008, 08:09 PM
Please wait for a Virus Researcher wink.gif
Niels
Oct 25 2008, 07:35 PM
Hello Paddy,

Some trainers could contain trojans. But you have downloaded it from a legitimate website. I don't say that that website can't be compromised. I don't know if the same actions are applied on riskware than on other infections. I think that it automatically deletes it. But I am not 100 % sure about it. When I once had installed a trainer the same file as yours was automatically deleted. You can try to change the actions that should be taken on infections and see if riskware now isn't deleted anymore. Glad that you appreciated my reply. You are welcome.

Kind regards,
Niels
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.