• This is a political forum that is non-biased/non-partisan and treats every person's position on topics equally. This debate forum is not aligned to any political party. In today's politics, many ideas are split between and even within all the political parties. Often we find ourselves agreeing on one platform but some topics break our mold. We are here to discuss them in a civil political debate. If this is your first visit to our political forums, be sure to check out the RULES. Registering for debate politics is necessary before posting. Register today to participate - it's free!

Trojan False Positive

Jetboogieman

Somewhere in Babylon
Moderator
DP Veteran
Joined
Jan 12, 2010
Messages
35,120
Reaction score
44,000
Location
Somewhere in Babylon...
Gender
Undisclosed
Political Leaning
Undisclosed
So my anti-virus picked up a Trojan last night emminating from a game I got off gog.com "Star Wars: Galactic Battlegrounds".

appeared to affect the player.exe file flagging as a PHW-Banker Trojan, I've had this game for a long time and it never flagged anything before in previous scans.

however around March 3rd, players who'd bought the game from steam, humble bundle and gog all started reporting recieving different hits from antivirus, one Trojan, the other an info stealer file, no one has both, but it did seem to depend on their antivirus.

Some people have said flat out its a false positive created by the player.exe file because it was the multiplayer file from way back when and something to do with that.

I'm inclined to believe it's a false positive because I immediately quarantined the file, deleted the game completely, ran a full system scan and nothing, I then proceeded to run a thorough no holds barred full system scan in safe mode and malware byte scan and nothing at all came up.

However what irks me about when the virus scanner prompted the alert was when my wife visited the wal mart website to do online shopping, could it have laid dormant in my Mozilla? I have deleted that as well just to be safe as I know sometimes that is possible.

What do you think?
 
One guys theory from steam forums was pretty interesting:

I want to say that file is your user profile for the old MP connection. From a day gone by when connection to the internet to play games was a lot harder. When the game is installed that file is trying to connect to the host server but with none to find your AntiVirus program is flagging it as it tries to reach somewhere on the internet that it can not verify its validity. So it marks it as suspicious.

I am not any kind of computer expert but that is what it seems to be given what I do know.
 
If you suspect it is a false positive, use other means to confirm it. Dont blindly trust your anti-virus.

There are online virus scanners that can do the job. Or download Malwarebytes or similar to do a check.
 
My IT security SiL uses about a dozen different AV programs when testing a PC. Keeps them all on a flash drive in his pocket.
 
If you suspect it is a false positive, use other means to confirm it. Dont blindly trust your anti-virus.

There are online virus scanners that can do the job. Or download Malwarebytes or similar to do a check.

Good advice, it may be nothing but that's really something you don't want to chance.
 
Back
Top Bottom