intfiction.org

The Interactive Fiction Community Forum
It is currently Tue Jun 27, 2017 2:00 am

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 14 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Project Delta: Trojan?
PostPosted: Fri Oct 03, 2008 7:29 pm 
Offline

Joined: Sun Jul 20, 2008 4:32 pm
Posts: 14
My virus software is flagging the nxi.exe as a suspicious file, containing a CRYP_MEW-11 Trojan. Has anybody else ran into this, is this file safe? Personally I'm kind of hesitant to run an exe from the comp on this computer, and my virus software blocked The Missing Piece from touching the internet after installing.

Any help would be appreciated, even from the authors.

- D


Top
 Profile Send private message  
 
PostPosted: Fri Oct 03, 2008 9:23 pm 
Offline

Joined: Fri Oct 03, 2008 8:15 pm
Posts: 133
Location: Germany
Hello,

I'm the author of Project Delta.
We are not allowed to discuss our games in public until the comp is over.

All I can tell you is this:

The executable is packed with MEW, a free exe-packer program which can be found at:
http://www.softpedia.com/get/Programmin ... W-SE.shtml

E.


Last edited by Retro on Mon Oct 27, 2008 1:06 pm, edited 1 time in total.

Top
 Profile Send private message  
 
PostPosted: Fri Oct 03, 2008 10:20 pm 
Offline
User avatar

Joined: Sun Oct 05, 2014 9:51 pm
Posts: 1070
AVG Free Edition doesn't give a warning. And it didn't trigger Corporate Norton Antivirus on my work PC (although I haven't actually tried to run it yet).


Top
 Profile Send private message  
 
PostPosted: Fri Oct 03, 2008 11:48 pm 
Offline

Joined: Sun Jul 20, 2008 4:32 pm
Posts: 14
Sweet, thanks for getting back to me, I feel a lot better about the file. This is the computer that I program IF on, so I really don't run anything on it, and I was a little worried. I'll be trying it out tomorrow. :D

- D


Top
 Profile Send private message  
 
PostPosted: Sat Oct 04, 2008 12:07 am 
Offline

Joined: Fri Oct 03, 2008 8:15 pm
Posts: 133
Location: Germany
I'm getting suspicious about this myself... Who knows, maybe when you pack exe-files with it then MEW adds a trojan-code without the author's knowledge.

I should use another packer in the future.

E.


Last edited by Retro on Mon Oct 27, 2008 1:09 pm, edited 1 time in total.

Top
 Profile Send private message  
 
PostPosted: Sat Oct 04, 2008 9:09 am 
Offline

Joined: Sun Jul 20, 2008 4:32 pm
Posts: 14
EK_Dev wrote:
I'm getting suspicious about this myself... Who knows, maybe when you pack exe-files with it then MEW adds a trojan-code without the author's knowledge.


Maybe, maybe not. I'm using Trend Micro's PC-cillin on this machine, and it could just be seeing an exe wrapped in MEW and flagging it suspicious because it doesn't know any better. When I scan it with NOD32 on my Vista box nothing comes up, but like I said, this is my dev box and I'm a little sensitive about it. ;) Just knowing that you did use a MEW wrapper makes me feel better, because it explains why it was flagged on this machine.

- D


Top
 Profile Send private message  
 
PostPosted: Sat Oct 04, 2008 11:26 am 
Offline

Joined: Fri Oct 03, 2008 8:15 pm
Posts: 133
Location: Germany
DrkStarr wrote:
Maybe, maybe not. I'm using Trend Micro's PC-cillin on this machine, and it could just be seeing an exe wrapped in MEW and flagging it suspicious because it doesn't know any better. When I scan it with NOD32 on my Vista box nothing comes up, but like I said, this is my dev box and I'm a little sensitive about it. ;) Just knowing that you did use a MEW wrapper makes me feel better, because it explains why it was flagged on this machine.


I have Vista with Norton Protection Center and Norton Internet Security installed on my machine. I have just scanned all my harddrives and the nxi.exe. Nothing found.

This is strange. Why would an antivirus program such as PC-cillin flag a compressed executable as a trojan virus?


Last edited by Retro on Mon Oct 27, 2008 1:11 pm, edited 1 time in total.

Top
 Profile Send private message  
 
PostPosted: Sat Oct 04, 2008 12:20 pm 
Offline

Joined: Sun Jul 20, 2008 4:32 pm
Posts: 14
Maybe this will help.

This is the link Trend Micro gives me:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=Cryp_MEW-11

It also says:
Aliases: Generic.dx (McAfee), Trojan.Dropper (Symantec), Troj/Patch-F (Sophos),
In the wild: Yes
Overall risk rating: Low

Description:
This is the Trend Micro heuristic detection for suspicious files that manifest similar behavior and characteristics as malware packed by MEW.

I know this is not what you want to hear, but maybe it is spyware. I can't submit it for review, so I really don't know, but if it is malware, maybe you can contact Stephen Granade and submit a new version using UPX.

- D


Top
 Profile Send private message  
 
PostPosted: Sat Oct 04, 2008 2:07 pm 
Offline

Joined: Fri Oct 03, 2008 8:15 pm
Posts: 133
Location: Germany
Quote:
Description:
This is the Trend Micro heuristic detection for suspicious files that manifest similar behavior and characteristics as malware packed by MEW.


Oh, I see. You have activated heuristic detection in your antivirus program. This is not recommended really. You should have turned it off, because it tends to give lots of false warnings on files, even on normal Windows system files.


Last edited by Retro on Mon Oct 27, 2008 1:13 pm, edited 2 times in total.

Top
 Profile Send private message  
 
PostPosted: Sat Oct 04, 2008 2:41 pm 
Offline

Joined: Sun Jul 20, 2008 4:32 pm
Posts: 14
EK_Dev wrote:
Oh, I see. You have activated heuristic detection in your antivirus program. This is not recommended really. You should have turned it off, because it tends to give lots of false warnings on files, even on normal Windows system files.

Well, the software installs with heuristic detection turned on, I've never had any problems with it, so I've never had to turn it off.

So maybe we're back to:
DrkStarr wrote:
It could just be seeing an exe wrapped in MEW and flagging it suspicious because it doesn't know any better.

Which is what I was thinking in the first place when you said that you used a MEW wrapper, but when you said that the authors site was suspicious I was a little worried.

I'm thinking that there's probably nothing wrong with the file, sorry for all the confusion - D


Top
 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 14 posts ]  Go to page 1, 2  Next

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot] and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group