back door virus warning

Discussion in 'The Temple of Elemental Evil' started by tom, Jun 13, 2008.

Remove all ads!
  1. Half Knight

    Half Knight Gibbering Mouther

    Joined:
    May 16, 2007
    Messages:
    2,148
    Likes Received:
    0
    Nay. I've used that crack since i joined here, and never had problems.
    In fact, it's not an AVG problem, it's windows who's been shitty.

    That call to microsoft, must be the firewall itself, or the system, checking for a database to identify the "threat", or at least trying to connect.
    The .exe has been reported a few posts above as safe, but windows-AVG combo don't recognize it.
    I really doubt that a small, old file has some powerful, never-known-before virus, capable of cheating all kind of antivirus programs for so many time.
     
  2. Zebedee

    Zebedee Veteran Member Veteran

    Joined:
    Apr 2, 2005
    Messages:
    1,755
    Likes Received:
    0
    Yeah I know. Which means that Windows has one huge security flaw at the moment, because the alternative to an inactive virus is someone went straight through the windows firewall (fully patched and updated) like it didn't exist.

    Zone alarm time for me I think.

    Anyways, back to getting a new install up and running and making sure Avast is ok with it.
     
    Last edited: Aug 11, 2008
  3. Sergio Morozov

    Sergio Morozov Paladin

    Joined:
    Aug 28, 2008
    Messages:
    495
    Likes Received:
    0
    So, can anyone tell me if there is a virus in the noCD ToEE.exe-s?

    My NOD32 detects a trojan in short .exe files (says probably a modified agent/win32), but, according to various i-net databases that trojan is bigger than the file (1.5 times bigger or something in kB-s) and it should delete the original file after launching.
     
  4. Scryler

    Scryler Night's Wordsmith

    Joined:
    Sep 3, 2008
    Messages:
    2,247
    Likes Received:
    4
    I read the entire thread and am not able to determine if there is or isn't a virus/trojan in the nocd ToEE.exe. I have the no loot problem, so reinstalled everything, including the nocd ToEE.exe and my AVG8 put the nocd ToEE.exe in the virus vault, as others have reported. AFAIK, AVG8 has never given me any problems before. So...is there, or isn't there? I do hope someone will respond. Thanks in advance.
     
  5. Half Knight

    Half Knight Gibbering Mouther

    Joined:
    May 16, 2007
    Messages:
    2,148
    Likes Received:
    0
    I can see at least four (4) post, that say there's NO TROJAN in the no-cd patch. Read carefully. :chairshot

    For the last time: is a Windows problem, combined with some (ok, most of them) antivirus programs.

    So, for lazyness sake,people that not read all the thread or look carefully, i'm going to make this clear:

    NO TROJAN VIRUS IN NO-CD PATCH

    There, clear and big.
     
    Last edited: Sep 11, 2008
  6. Scryler

    Scryler Night's Wordsmith

    Joined:
    Sep 3, 2008
    Messages:
    2,247
    Likes Received:
    4
    Thank You.

    I did read the entire thread.

    It just didn't sound conclusive to me.

    So thank you for clarifying...I appreciate it.
     
  7. Rodzaju

    Rodzaju Member

    Joined:
    Aug 4, 2008
    Messages:
    32
    Likes Received:
    0
    Does anyone who uses avg 7.5 know how to stop it quarantining toee.exe everytime it scans?
    I remember someone posting that they set it to ignore this file (too lazy to find the exact post now).
    I can't find this option anywhere.
     
  8. Sergio Morozov

    Sergio Morozov Paladin

    Joined:
    Aug 28, 2008
    Messages:
    495
    Likes Received:
    0
    Yes, thanks for saying that aloud!

    By the way, if someone would open NoCD.v.2 and original Toee.exe in text viewer (I used Lister from Windows Commander)...
    That someone would be able to compare the files string-by-string...
    And NoCd has very small quantity of strings, which are not in the original file.
    And most of those are empty or contain a logo of... Well, certain group.
    Interesting. I tried to take the strings, which are different and check them with antivirus, but all my text editors wrap text, so after resaving file as .txt its structure is lost.

    O.K. After all this is not very important now.
     
  9. hq-hq

    hq-hq Einridi

    Joined:
    Sep 12, 2008
    Messages:
    1
    Likes Received:
    0
    ai,

    yesterday i want to play toee again after years, patched the 3.0 patch and loaded the no cd file. 17kb very small i thought. started.... and netlimiter asked me if i wonna block toee exe...
    very strange i thought... so i loaded av and as you know after the scan of the file -> trojan horse <-

    because of the netlimiter blocking question i am sure it has also a trojan function - the toee exe file

    i cant find changes on my windows, so i think it tries to load the real trojan program or tries to send data and and and... i don`t know. the only thing i can say that "hans schulze" sounds ugly strange
     
  10. Rodzaju

    Rodzaju Member

    Joined:
    Aug 4, 2008
    Messages:
    32
    Likes Received:
    0
    This is the post I was talking about.
    I can't find an exclude option anywhere in AVG7.5
     
  11. Jadefang

    Jadefang Member

    Joined:
    Nov 25, 2003
    Messages:
    41
    Likes Received:
    0
    I think you need to have a paid version of AVG to use ignore settings, IIRC.

    Had anyone actually reported this file as a false positive to AVG?
     
  12. Half Knight

    Half Knight Gibbering Mouther

    Joined:
    May 16, 2007
    Messages:
    2,148
    Likes Received:
    0
    I dunno, i have the free version, and has all the options.
    The current version is 8, not 7.5, so maybe the option isn't available.

    What?
    Reportan illegal no-cd crack? ;)

    Humm, maybe reporting the type of file could work...

    Anyways, i've checked the FAQ on
    TEXT REMOVED
    and the 5 point says why you'll probably get the alert. Something about how the system works. In any case, they make it clearly which file is the alert/false positive, and yes, it is exactly that one.

    So again, THERE ARE NO VIRUS. :)
     
    Last edited by a moderator: Oct 24, 2008
  13. darkmoon

    darkmoon Member

    Joined:
    Aug 3, 2006
    Messages:
    10
    Likes Received:
    0
    It's relatively safe to assume that it is a false alarm. (referring to the 33kB .exe)

    Clamwin (on-demand-scanner) gives the alarm too. labeling it as a totally unknown and nonexistent trojan. Antivir does not detect it. And since it wasn't detected for 4 years its quite sure that some parts of a new trojan code are close to the code the crack used.
    Another likely possiblity is the increasing tendency of AV producers to add NoCD cracks to their lists.

    I also did a thorough check on a test machine for hidden processes, internet traffic and alike. Nothing was found. Also notice the HEAVY decrease of size from the original. The cracked exe circumvents the arbitrary decoding routine for the Safedisc/securom sectors on the CD.
     
  14. Stohrm Knightforger

    Stohrm Knightforger Dwarven Cleric

    Joined:
    Dec 8, 2008
    Messages:
    50
    Likes Received:
    0
    McAfee was doing the same thing; reporting a trojan and deleting a DLL file that would prevent me from launching the game. This was right before I discovered all the nifty Co8 stuff and I had to delete ToEE and reinstall it to get it to work (prior to saying "to hell with McAfee"). However, as soon as I would save a game then reload later (which happens frequently due to feeble attempts at killing monsters before their time) the (supposed) Trojan would be back.

    I would have to agree that it's a Microsoft Bug (and I'm running XP, btw, not Vista).

    As to whether Microsoft is aware of it, I couldn't say. I know my wife's PC has been reporting a Trojan left and right (and I just finished installing Defender Pro 2009 on it).

    Again, I seriously doubt that her's has a real trojan either unless it found it's way there via the Microsoft update.
     
  15. kylan271

    kylan271 Established Member

    Joined:
    Jan 29, 2009
    Messages:
    192
    Likes Received:
    0
    OK I think I know what gives..it is the Registration exe as used by Hasbro that is causing probs. It downloads to your computer and sends of your private data to wherever and thus listed as a threat. My Windows Defender picked it up and I checked on internet and other gamers get it using similar games. My Spybot and AVAST does not list it. Yahoo AntiSpy also picked up something similar...but can not confirm. The program seems to come up when I play the game and my Windows Defender goes 'ape' at me.. ^_*

    Check for : jatmlano.sys It is found in Doc&Settings/Admin/LocalSettings/Temp/jatmlano.sys attaching to your Drivers and 31744bytes sized.
     
Our Host!