AV Alert

Anything related to MMOViper that doesn't fit in a better forum. All are welcome to participate. Also use this area for pre-sale members to ask questions.

Moderator: ScreamingEagle

Locked
Message
Author
pandaslg
Posts: 3
Joined: Fri Jul 18, 2014 5:59 pm

AV Alert

#1 Post by pandaslg »

Hi my AV gave alert on the new ffxiv bot so I checked online : https://www.virustotal.com/fr/file/6112 ... 412031997/

8 positives

Should we be worried ? And when unzipping the file, it tried to change my UAC too.

PitViper
Site Admin
Posts: 20778
Joined: Tue Oct 16, 2007 7:01 am

Re: AV Alert

#2 Post by PitViper »

No virii/trojans in viper. It is because of the way that the bot interacts with games, always makes it seem suspicious. Normally programs do not go around reading and interacting with other running programs.

pandaslg
Posts: 3
Joined: Fri Jul 18, 2014 5:59 pm

Re: AV Alert

#3 Post by pandaslg »

Hm ok, Did you use Themida ? It would explain the alert/false positive.

Thanks for the reply.

pandaslg
Posts: 3
Joined: Fri Jul 18, 2014 5:59 pm

Re: AV Alert

#4 Post by pandaslg »

I still can't use it my AV keeps deleting it
20141002 130856 Le fichier "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130856 Le contrôle sur accès a refusé l'accès à l'emplacement "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" pour l'utilisateur AUTORITE NT\Système
20141002 130856 Le fichier "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130903 Le fichier "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130903 La valeur de registre "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130903 La valeur de registre "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130904 Le fichier "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" a été nettoyé(e).
20141002 130904 La valeur de registre "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" a été nettoyé(e).
20141002 130904 La valeur de registre "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" a été nettoyé(e).
20141002 130904 Le virus/spyware 'Mal/FakeAV-OP' a été supprimé.

Why is FF14ViperBot.exe trying to mess up with this registry keys in the first place ?

PitViper
Site Admin
Posts: 20778
Joined: Tue Oct 16, 2007 7:01 am

Re: AV Alert

#5 Post by PitViper »

It tries to find out if it needs to prompt for a UAC/Consent privileges consent to launch.

As I said above, you have to add an exception for Viper to run.

I'm not going to go through what viper does internally. As this might open it up for detection by games.

It does not have any virii/trojans in it. Been in business for 10 years. Take it or leave it.

Locked

Return to “General Discussion Area”