Quantcast Virus on EQ2MAP Updater? [confirmed no virus] - EQ2Interface
EQ2Interface.com
Search Downloads


Go Back   EQ2Interface > Featured Projects > EQ2MAP > EQ2Map Troubleshooting

Reply
Thread Tools Search this Thread Display Modes
  #1  
Unread 06-08-2005, 07:51 PM
Fanryan Fanryan is offline
A Young Mystail Rat
 
Join Date: Apr 2005
Server: Antonia Bayle
Posts: 2
Default Virus on EQ2MAP Updater? [confirmed no virus]

Donīt want to spoil the fun, but i tried the download several times today and everytime my Scanner (AntiVir. Version 6.31.00.01) warned me about the Trojan Dldr.IstBar.it.1.

The same on the Sourceforge files.

The eq2Interface Main package is unaffected. Only the "EQ2MAP Updater" seems to be infected.
Real problem or is just my scanner telling some weird tales?
Reply With Quote
  #2  
Unread 06-08-2005, 08:00 PM
taco-man's Avatar
taco-man taco-man is offline
EQ2MAP Updater Author
This person is a EQ2Map developer.
Interface Author - Click to view interfaces
 
Join Date: Nov 2004
Server: Antonia Bayle
Posts: 1,349
Send a message via AIM to taco-man Send a message via MSN to taco-man Send a message via Yahoo to taco-man
Default

I checked the install file and install directory with norton antivirus and spysweeper and niether found anything. i am the author of it though so feel free to wait for a response from someone else.
if you are still scared you could even just compile the program yourself using the source code (Assuming you know how)
also the installer was made using NSIS, which is an open source installation creator found at http://nsis.sourceforge.net/
what antivirus are you using?
__________________
EQ2MAP Updater Download
EQ2MAP Website
How to Install a custom interface

Last edited by taco-man : 06-08-2005 at 08:04 PM.
Reply With Quote
  #3  
Unread 06-08-2005, 08:05 PM
Dolby's Avatar
Dolby Dolby is offline
Bacon Eater
Premium Member
EQ2Interface Admin
This person is a EQ2Map developer.
 
Join Date: Feb 2004
Posts: 2,444
Default

Scans fine on this windows machine and on the server via clamscan
Reply With Quote
  #4  
Unread 06-08-2005, 08:06 PM
Sir Taleisin The Seer's Avatar
Sir Taleisin The Seer Sir Taleisin The Seer is offline
A Griffon
Interface Author - Click to view interfaces
 
Join Date: Jul 2004
Server: The Bazaar
Posts: 338
Default

I checked it with NOD32, no problems found.

perhaps Fanryan, someone has gotten into your browser and is linking viruses through random downloads. ( do you use IE? )
__________________
DawnTide
Reply With Quote
  #5  
Unread 06-08-2005, 08:10 PM
Laffs's Avatar
Laffs Laffs is offline
A Griffon
Interface Author - Click to view interfaces
 
Join Date: Dec 2004
Server: Runnyeye
Posts: 1,404
Default

Not having scanned it myself... But I would say its down to your scanner.. I have 100% trust in the guys that write stuff here inc .exe files... Unless the download has been hacked in some form, Its just gotta be down to the nature of the code it contains.. If you thik about it, It is a high security risk letting an .exe file connect to the net and download / replace files on your system... But then again MS does it all the time lmao!

As long as you got the file from here or the proper map site (sorry dont recall the url offhand =/) All will be fine.. there has been a couple of bugs peeps have reported in the new version but no virus!!

Personaly I would say this is one of very few sites where you can download with no worries... Its down to the nice nature of guys / girls that reside here and also damn good site management by Dolby, Kudane and others
__________________
Laffs UI Mods
I can only please one person per day. Today is not your day. Tomorrow doesn't look to good either !
(Wicann on Runnyeye)
Reply With Quote
  #6  
Unread 06-08-2005, 08:54 PM
depechenode's Avatar
depechenode depechenode is offline
A Griffon
Interface Author - Click to view interfaces
 
Join Date: Nov 2004
Server: Toxxulia
Posts: 584
Default

McAfee Security Suite 8.0 scans it fine. No Problems.

If you have such a virus, maybe the virus is attaching it self to files (.exe) as you run them. The virus is probably in another executeable that you ran and now in your machine. A true trojan virus, as it is masking itself into recently dl'ed ran progies that you are using.


I suggest a FULL scan of your system, AND run HiJack, a program that is free to download and will tell you if anything suspicious is hiding (even beyond virus progs) on your machine.

dn
Reply With Quote
  #7  
Unread 06-08-2005, 10:36 PM
Leon Leon is offline
A Coastal Crab
 
Join Date: Mar 2005
Server: Antonia Bayle
Posts: 1
Default Got Virus Warning on Uninstaller

I got after an update of my virus scanner a warning, telling me, the uninstaller of EQ2 Map Auto Updater would contain the trojan "TR/Dldr.IstBar.it.1".

(The setup file showed the same infection after opening the folder.)

As I don't feel safe enough to use the updater right now, I'd ask if anyone else got warnings -with fresh anti virus signatures-, or if I should check my scanner.

Somehow hoping it's false alarm, but better safe than sorry.

You may close this thread, I found another one here

Last edited by Leon : 06-08-2005 at 10:39 PM.
Reply With Quote
  #8  
Unread 06-08-2005, 10:47 PM
Reaven-X Reaven-X is offline
A Young Mystail Rat
 
Join Date: Feb 2005
Server: Antonia Bayle
Posts: 3
Default

My Computer and Notebook have found the Trojan Dldr.IstBar.it.1 in the Uninst.exe
Reply With Quote
  #9  
Unread 06-08-2005, 10:53 PM
Dolby's Avatar
Dolby Dolby is offline
Bacon Eater
Premium Member
EQ2Interface Admin
This person is a EQ2Map developer.
 
Join Date: Feb 2004
Posts: 2,444
Default

Again no virus here using multiple flavors of scanners. I check every report to make sure.
AVG Free, Norton 2005, Trend Micro (3 different computers)

Its safe.

What Anti-Virus software you guys using?

Last edited by Dolby : 06-08-2005 at 11:02 PM.
Reply With Quote
  #10  
Unread 06-08-2005, 11:39 PM
taco-man's Avatar
taco-man taco-man is offline
EQ2MAP Updater Author
This person is a EQ2Map developer.
Interface Author - Click to view interfaces
 
Join Date: Nov 2004
Server: Antonia Bayle
Posts: 1,349
Send a message via AIM to taco-man Send a message via MSN to taco-man Send a message via Yahoo to taco-man
Default

here is the full details of what the installer does. this is the file i have created to make the installer using NSIS
Code:
; HM NIS Edit Wizard helper defines
!define PRODUCT_NAME "EQ2MAP Updater"
!define PRODUCT_VERSION "1.0"
!define PRODUCT_PUBLISHER "Nathan Lockett"
!define PRODUCT_WEB_SITE "http://maps.eq2interface.com"
!define PRODUCT_DIR_REGKEY "Software\Microsoft\Windows\CurrentVersion\App Paths\EQ2MAP_Updater.exe"
!define PRODUCT_UNINST_KEY "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PRODUCT_NAME}"
!define PRODUCT_UNINST_ROOT_KEY "HKLM"

; MUI 1.67 compatible ------
!include "MUI.nsh"

; MUI Settings
!define MUI_ABORTWARNING
!define MUI_ICON "${NSISDIR}\Contrib\Graphics\Icons\modern-install.ico"
!define MUI_UNICON "${NSISDIR}\Contrib\Graphics\Icons\modern-uninstall.ico"

; Welcome page
!insertmacro MUI_PAGE_WELCOME
; Directory page
!insertmacro MUI_PAGE_DIRECTORY
; Instfiles page
!insertmacro MUI_PAGE_INSTFILES
; Finish page
!define MUI_FINISHPAGE_RUN "$INSTDIR\EQ2MAP_Updater.exe"
!insertmacro MUI_PAGE_FINISH

; Uninstaller pages
!insertmacro MUI_UNPAGE_INSTFILES

; Language files
!insertmacro MUI_LANGUAGE "English"

; MUI end ------

Name "${PRODUCT_NAME} ${PRODUCT_VERSION}"
OutFile "EQ2MAP-Updater-1.0.0-Setup.exe"
InstallDir "$PROGRAMFILES\EQ2MAP Updater"
InstallDirRegKey HKLM "${PRODUCT_DIR_REGKEY}" ""
ShowInstDetails show
ShowUnInstDetails show

Section "MainSection" SEC01
  SetOutPath "$INSTDIR"
  SetOverwrite ifnewer
  File "EQ2MAP_Updater.exe"
  CreateDirectory "$SMPROGRAMS\EQ2MAP Updater"
  CreateShortCut "$SMPROGRAMS\EQ2MAP Updater\EQ2MAP Updater.lnk" "$INSTDIR\EQ2MAP_Updater.exe"
  CreateShortCut "$DESKTOP\EQ2MAP Updater.lnk" "$INSTDIR\EQ2MAP_Updater.exe"
  CreateShortCut "$SMPROGRAMS\EQ2MAP Updater\EQ2MAP Updater Test Server.lnk" "$INSTDIR\EQ2MAP_Updater.exe /testserver"
  File "stop_button.png"
  File "update_button.png"
  File "AxInterop.SHDocVw.dll"
  File "Interop.SHDocVw.dll"
SectionEnd

Section -AdditionalIcons
  WriteIniStr "$INSTDIR\${PRODUCT_NAME}.url" "InternetShortcut" "URL" "${PRODUCT_WEB_SITE}"
  CreateShortCut "$SMPROGRAMS\EQ2MAP Updater\Website.lnk" "$INSTDIR\${PRODUCT_NAME}.url"
  CreateShortCut "$SMPROGRAMS\EQ2MAP Updater\Uninstall.lnk" "$INSTDIR\uninst.exe"
SectionEnd

Section -Post
  WriteUninstaller "$INSTDIR\uninst.exe"
  WriteRegStr HKLM "${PRODUCT_DIR_REGKEY}" "" "$INSTDIR\EQ2MAP_Updater.exe"
  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "DisplayName" "$(^Name)"
  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "UninstallString" "$INSTDIR\uninst.exe"
  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "DisplayIcon" "$INSTDIR\EQ2MAP_Updater.exe"
  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "DisplayVersion" "${PRODUCT_VERSION}"
  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "URLInfoAbout" "${PRODUCT_WEB_SITE}"
  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "Publisher" "${PRODUCT_PUBLISHER}"
SectionEnd


Function un.onUninstSuccess
  HideWindow
  MessageBox MB_ICONINFORMATION|MB_OK "$(^Name) was successfully removed from your computer."
FunctionEnd

Function un.onInit
  MessageBox MB_ICONQUESTION|MB_YESNO|MB_DEFBUTTON2 "Are you sure you want to completely remove $(^Name) and all of its components?" IDYES +2
  Abort
FunctionEnd

Section Uninstall
  Delete "$INSTDIR\${PRODUCT_NAME}.url"
  Delete "$INSTDIR\uninst.exe"
  Delete "$INSTDIR\Interop.SHDocVw.dll"
  Delete "$INSTDIR\AxInterop.SHDocVw.dll"
  Delete "$INSTDIR\update_button.png"
  Delete "$INSTDIR\stop_button.png"
  Delete "$INSTDIR\EQ2MAP_Updater.exe"

  Delete "$SMPROGRAMS\EQ2MAP Updater\Uninstall.lnk"
  Delete "$SMPROGRAMS\EQ2MAP Updater\Website.lnk"
  Delete "$SMPROGRAMS\EQ2MAP Updater\EQ2MAP Updater Test Server.lnk"
  Delete "$DESKTOP\EQ2MAP Updater.lnk"
  Delete "$SMPROGRAMS\EQ2MAP Updater\EQ2MAP Updater.lnk"

  RMDir "$SMPROGRAMS\EQ2MAP Updater"
  RMDir "$INSTDIR"

  DeleteRegKey ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}"
  DeleteRegKey HKLM "${PRODUCT_DIR_REGKEY}"
  SetAutoClose true
SectionEnd
__________________
EQ2MAP Updater Download
EQ2MAP Website
How to Install a custom interface
Reply With Quote
  #11  
Unread 06-08-2005, 11:59 PM
Reaven-X Reaven-X is offline
A Young Mystail Rat
 
Join Date: Feb 2005
Server: Antonia Bayle
Posts: 3
Default

I use AntiVir ( http://www.free-av.com/ ) and after i update the AntiVir-Files yesterday evening, it found the Trojan Dldr.IstBar.it.1 in the Uninst.exe at start up Windows and when i scan the eq2-map folder.
Reply With Quote
  #12  
Unread 06-09-2005, 12:06 AM
Kinidasi Kinidasi is offline
A Coastal Crab
 
Join Date: Feb 2005
Server: Antonia Bayle
Posts: 1
Default

I'm running Norton's Internet Security and just checked too, I got no Trojan. I'm usually wary of freeware antivirus software, simply because I've had problems with them before.
Reply With Quote
  #13  
Unread 06-09-2005, 12:13 AM
Reaven-X Reaven-X is offline
A Young Mystail Rat
 
Join Date: Feb 2005
Server: Antonia Bayle
Posts: 3
Default

I use antiVir since 3 years and have no problems. I've read some tests about free-av and it's a very good antivir-software with 3-5 updates every day. And the performance is better as other software how Norton, Kaspersky...
But i don't know what the problem is with the uninst.exe . Can someone check this?


Sorry about my bad english. I'm from switzerland.

Last edited by Reaven-X : 06-09-2005 at 12:15 AM.
Reply With Quote
  #14  
Unread 06-09-2005, 12:15 AM
Dolby's Avatar
Dolby Dolby is offline
Bacon Eater
Premium Member
EQ2Interface Admin
This person is a EQ2Map developer.
 
Join Date: Feb 2004
Posts: 2,444
Default

Cant find any info on that trojan... closest I can find is: http://sarc.com/avcenter/venc/data/adware.istbar.html

All I can tell you is its clean here (heck taco-man even posted the source code for that exe). checked about 15 times now on multiple machines and had friends check it too.

Last edited by Dolby : 06-09-2005 at 12:21 AM.
Reply With Quote
  #15  
Unread 06-09-2005, 12:28 AM
Dolby's Avatar
Dolby Dolby is offline
Bacon Eater
Premium Member
EQ2Interface Admin
This person is a EQ2Map developer.
 
Join Date: Feb 2004
Posts: 2,444
Default

Using your anti-virus I get the same warning now. However since AVGFree, Trend Micro, Norton, McAfee, ClamAV all dont have trouble with it I feel confident in saying its a pattern problem on AntiVir's end.
Reply With Quote
  #16  
Unread 06-09-2005, 12:38 AM
taco-man's Avatar
taco-man taco-man is offline
EQ2MAP Updater Author
This person is a EQ2Map developer.
Interface Author - Click to view interfaces
 
Join Date: Nov 2004
Server: Antonia Bayle
Posts: 1,349
Send a message via AIM to taco-man Send a message via MSN to taco-man Send a message via Yahoo to taco-man
Default

please see this news on NSIS's webpage. http://nsis.sourceforge.net/index.ph...D=2&tt_news=24
if you still dont believe me, NSIS is open source and you can have a look for yourself at the source code and see that it doesnt have spyware/viruses/trojans. Sorry to anyone who has antivirus software that has false positives, all you can do is report it to your antivirus software vendor and hope they fix it. Luckily none of the major anti-virus have false positives, it just appears that the smaller less known/maintained do.
__________________
EQ2MAP Updater Download
EQ2MAP Website
How to Install a custom interface
Reply With Quote
  #17  
Unread 06-10-2005, 03:08 AM
Fanryan Fanryan is offline
A Young Mystail Rat
 
Join Date: Apr 2005
Server: Antonia Bayle
Posts: 2
Default Send File to AntiVir

I send the file to AntiVir yesterday.
Till now i didnīt get a direct reply but they updatet their scanner today and tadaa NO Virus is found in the EQ2MAP_Updater.


So at least i assume they got mail about the problem


Sorry for stirring things up.
Reply With Quote
  #18  
Unread 06-10-2005, 03:14 AM
Cairenn's Avatar
Cairenn Cairenn is offline
Credendo Vides
Premium Member
EQ2Interface Admin
 
Join Date: Jun 2004
Posts: 138
Default

Quote:
Originally Posted by Fanryan
Sorry for stirring things up.
You have to be careful when downloading and running .exe files, no one here will dispute that. By far better to question and be sure. I don't think anyone is upset with you for "stirring things up".

*Goes back to lurking in the shadows*
Reply With Quote
  #19  
Unread 06-11-2005, 03:32 AM
Sir Taleisin The Seer's Avatar
Sir Taleisin The Seer Sir Taleisin The Seer is offline
A Griffon
Interface Author - Click to view interfaces
 
Join Date: Jul 2004
Server: The Bazaar
Posts: 338
Default

Quote:
Originally Posted by Cairenn
*Goes back to lurking in the shadows*
~shines flashlight on Cairenn~ bloody lurkers
__________________
DawnTide
Reply With Quote
  #20  
Unread 12-25-2005, 05:31 AM
yevun yevun is offline
A Coastal Crab
 
Join Date: Dec 2005
Server: Antonia Bayle
Posts: 1
Default Well

In all honesty, I do not trust Norton / Mcafee, waste of money. My friends mother bought the Suite Edition, and after a long scan... no virsus.

Yet, I ran my trusted AVG and it found, no lie 73 virsuses. My friend was stunned. The program is CONSTANTLY updated 5 days aweek, sat / sun no updates but any other time during the week it will update. Why waste money on virus protection thats only partail?

Anywho, I just did a quick scan to see myself, I came up clean. So I too can verify that the files are untampered.
Reply With Quote
  #21  
Unread 12-25-2005, 11:21 AM
skeeterboy skeeterboy is offline
A Young Mystail Rat
 
Join Date: Nov 2005
Server: Antonia Bayle
Posts: 6
Lightbulb No problems

I have been running EQ2mapautoupdater with no problems and no viruses or anything discovered and I am a techy nut, so I can strip the files down and search thoroughly through them. Try this, open up the folder with the files in them and do a separate scan of each file, then make sure you have the hidden files (if any) available for view and check those also. But at the same time I have to agree with you on the reliability of Norton and Mcafee.
Reply With Quote
  #22  
Unread 08-04-2006, 07:20 AM
gothhenge gothhenge is offline
A Coastal Crab
 
Join Date: Aug 2006
Server: Lucan DLere
Posts: 1
Send a message via ICQ to gothhenge Send a message via AIM to gothhenge Send a message via MSN to gothhenge Send a message via Yahoo to gothhenge
Thumbs Up

Tried with 2 different computers. One running WinXP Pro SP2 and McAfee Enterprise 8.0, the other running WinXP Pro (no SP at all) with Avast 4.7; each one with all the virus database updates. Neither computer found a virus in the installer or the app.

Thank you for writing a great program
Reply With Quote
  #23  
Unread 08-04-2006, 01:16 PM
dragowulf's Avatar
dragowulf dragowulf is offline
A man among men
This person is a EQ2Map developer.
Interface Author - Click to view interfaces
 
Join Date: Dec 2004
Server: Nagafen
Posts: 934
Send a message via AIM to dragowulf Send a message via MSN to dragowulf
Default

I use Avast 4.7 Anti-Virus Pro. on 1 computer and Kaspersky Anti-Virus 6 on the other, both computers have EQII on them, both run EQIIMap.

The only FALSE problem I have encountered with Avast, was whence installing BLP2 Viewer it says that it is a trojan, when it's not...it's false labeling a .exe, a virus. You must have that problem with yours
__________________
May Jesus Have Mercy On Us
Reply With Quote
  #24  
Unread 10-07-2007, 07:54 PM
floekunslifenip floekunslifenip is offline
A Coastal Crab
 
Join Date: Oct 2007
Server: Antonia Bayle
Posts: 1
Talking Just want 2 re assure u guys

I have downloaded it on my 3 computers and i got a trojen warning but i had a family member walking me though the process and said everythig was fine. IT WAS! I learned most programes they block is te program is un sure.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 07:40 PM.


Our Network
EQInterface | EQ2Interface | War.MMOUI | WoWInterface | VGInterface | LoTROInterface | MMOInterface