Possible virus in renegadeserver.exe [message #433385] |
Sat, 24 July 2010 00:59 |
|
My AVG Anti-Virus reports that renegadeserver.exe from the renegade FDS is infected with a virus. Does anyone else get reports for that file?
Windows says the file is 94,208 bytes in size, does this match with what everyone else gets?
Just trying to confirm if its a genuine report or not.
Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
|
|
|
Re: Possible virus in renegadeserver.exe [message #433387 is a reply to message #433385] |
Sat, 24 July 2010 01:13 |
|
Goztow
Messages: 9738 Registered: March 2005 Location: Belgium
Karma: 13
|
General (5 Stars) Goztoe |
|
|
jonwil wrote on Sat, 24 July 2010 09:59 | My AVG Anti-Virus reports that renegadeserver.exe from the renegade FDS is infected with a virus. Does anyone else get reports for that file?
Windows says the file is 94,208 bytes in size, does this match with what everyone else gets?
Just trying to confirm if its a genuine report or not.
|
My renegadeserver.exe is 27 KB (date: 19 Jan 2005)
You can find me in The KOSs2 (TK2) discord while I'm playing. Feel free to come and say hi! TK2 discord
|
|
|
|
|
|
Re: Possible virus in renegadeserver.exe [message #433393 is a reply to message #433385] |
Sat, 24 July 2010 02:31 |
|
I sent the file to AVG as a "possible false positive" so they can confirm whether its a bogus report or not (and if its a bogus report, fix AVG in the next update to not report on it)
Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
|
|
|
|
Re: Possible virus in renegadeserver.exe [message #434142 is a reply to message #433385] |
Mon, 02 August 2010 19:45 |
|
The AVG team got back to me and said "there was virus code in those files" (both RenegadeServer.exe and Register.exe were triggering AVG) and sent the following files back as clean files:
http://www.cncmods.net/files/clean.zip
Given that others have reported this issue, it sounds like the actual FDS installer on the Westwood FTP may be infected with this virus.
If anyone has any information one way or the other (I doubt that all the people with problems actually have a virus that infected their RenegadeServer.exe files separately) please post here.
I am going to send an email to the new EA community guy explaining the situation so they can possibly look into it.
Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
|
|
|
|
Re: Possible virus in renegadeserver.exe [message #434145 is a reply to message #433385] |
Mon, 02 August 2010 20:34 |
|
Its the free version.
And the MS product is NOT better than AVG, at least not on Windows XP.
Also, its not an infection in renegadefds_1037.exe, its an infection in a file inside RenegadeFDS_1037.exe (which your AV isn't likely to pick up since AVs dont generally understand that particular installer format and cant scan inside it)
I seriously doubt the AVG people would have said "those files you send do contain a virus, here are clean versions" (the clean versions ARE different to the other versions btw) unless they actually DID contain a virus.
I downloaded http://downloads.cncfps.com/Westwood/renegade/dedicatedserver/renegade_fds_1037. exe and unpacked it with an installer unpacker and the files in that one ALSO contain the virus.
The same register.exe (the one that causes AVG to trigger) was also shipped with various builds of RA:APB and was (after I told people to scan it) tripping several AV programs.
Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
|
|
|
Re: Possible virus in renegadeserver.exe [message #434147 is a reply to message #433385] |
Mon, 02 August 2010 21:07 |
|
I'm still not sure tbh, I scanned a few copies register.exe (and renegadeserver.exe) from a few installers from a few different sources, none of them were detected as viruses, another Nod32 user (who also didn't detect them as viruses) I know has submitted both files to ESET (makers of Nod32) so I won't know for sure until he gets response back from them.
I'm not saying it's impossible that my AV could be wrong, that is still to be seen, I'm going to try a few different AVs now tbh.
Lone0001.ca
C&C Files
[Updated on: Mon, 02 August 2010 21:09] Report message to a moderator
|
|
|
Re: Possible virus in renegadeserver.exe [message #434148 is a reply to message #433385] |
Mon, 02 August 2010 21:19 |
raven
Messages: 595 Registered: January 2007 Location: Toronto, Ontario
Karma: 0
|
Colonel |
|
|
How odd..
both the RenegadeServer.exe executables were detected as viruses on the Jelly box.. they have since been replaced however its weird that this all just happened recently :\
-Jelly Administrator
-Exodus Administrator
|
|
|
|
|
Re: Possible virus in renegadeserver.exe [message #434156 is a reply to message #433385] |
Tue, 03 August 2010 02:46 |
|
Per (the new community guy at EA) said this
"Thank you for the heads up. I'll send it to the studio so they can make sure it gets sorted."
Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
|
|
|
|
Re: Possible virus in renegadeserver.exe [message #434204 is a reply to message #433385] |
Tue, 03 August 2010 22:29 |
Rocko
Messages: 833 Registered: January 2007 Location: Long Beach, California
Karma: 0
|
Colonel |
|
|
yos'is just axd my homboi dat werk at EA clinnin the john and he da 1 who told me dat some1 put da viriz up in der fo payback about renegade 2 mel gibson style
black and proud
|
|
|
|
Re: Possible virus in renegadeserver.exe [message #434693 is a reply to message #433385] |
Fri, 13 August 2010 05:48 |
|
3 things here:
1.I did submit it to virus-total and a few others picked it up as well as AVG
2.Others have reported things other than AVG picking it up
and 3.The AVG team (who are presumably experts in their field) would not have sent me an email saying "the file you submitted does contain a virus, here is a cleaned file" unless it actually did contain one
Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
|
|
|
|
Re: Possible virus in renegadeserver.exe [message #435561 is a reply to message #433385] |
Thu, 26 August 2010 11:50 |
cnc95fan
Messages: 1261 Registered: July 2007
Karma: 0
|
General (1 Star) |
|
|
I just did a scan there and Avast! found that the Register.exe in APB BETA, WDUMP.exe from Renegade Public Tools, Register.exe from the FDS and RenegadeServer.exe all contained the same "Injected AZ" thing.. I downloaded my FDS from Game-Maps
|
|
|
Re: Possible virus in renegadeserver.exe [message #435597 is a reply to message #433385] |
Thu, 26 August 2010 22:15 |
|
Gen_Blacky
Messages: 3250 Registered: September 2006
Karma: 1
|
General (3 Stars) |
|
|
Must be a false positive the only thing RenegadeServer.exe does is launch server.dat and if crashes RenegadeServer.exe will restart server.dat. It might read some stuff from the config file. Like danpaul said just rename server.dat to somthing.exe and it will start the fds and if you close it wont try to restart. If you run server.dat instead of the luancher I think it will have problems with xwis.
Mine is the same as jonwills 92.0 KB (94,208 bytes). Microsoft
Security Essentials dosent pick anything up.
[Updated on: Thu, 26 August 2010 22:20] Report message to a moderator
|
|
|
|
Re: Possible virus in renegadeserver.exe [message #435869 is a reply to message #433385] |
Mon, 30 August 2010 21:35 |
|
Regardless of what different anti-virus programs pick up (or don't pick up), the AVG people (who's day job is reverse engineering and disassembling viruses) said that the files I sent them contained viruses. If these experts say they contain viruses (and have supplied files that dont contain viruses) then that's good enough for me to assume that there was SOMETHING wrong with the files.
Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
|
|
|
|