EQ2Interface - Virus on EQ2MAP Updater? [confirmed no virus]

EQ2Interface (https://www.eq2interface.com/forums/index.php)

- EQ2Map Troubleshooting (https://www.eq2interface.com/forums/forumdisplay.php?f=36)

- - Virus on EQ2MAP Updater? [confirmed no virus] (https://www.eq2interface.com/forums/showthread.php?t=3240)

Virus on EQ2MAP Updater? [confirmed no virus]

Don´t want to spoil the fun, but i tried the download several times today and everytime my Scanner (AntiVir. Version 6.31.00.01) warned me about the Trojan Dldr.IstBar.it.1.

The same on the Sourceforge files.

The eq2Interface Main package is unaffected. Only the "EQ2MAP Updater" seems to be infected.
Real problem or is just my scanner telling some weird tales?

I checked the install file and install directory with norton antivirus and spysweeper and niether found anything. i am the author of it though so feel free to wait for a response from someone else.
if you are still scared you could even just compile the program yourself using the source code (Assuming you know how)
also the installer was made using NSIS, which is an open source installation creator found at http://nsis.sourceforge.net/
what antivirus are you using?

Scans fine on this windows machine and on the server via clamscan

I checked it with NOD32, no problems found.

perhaps Fanryan, someone has gotten into your browser and is linking viruses through random downloads. ( do you use IE? )

Not having scanned it myself... But I would say its down to your scanner.. I have 100% trust in the guys that write stuff here inc .exe files... Unless the download has been hacked in some form, Its just gotta be down to the nature of the code it contains.. If you thik about it, It is a high security risk letting an .exe file connect to the net and download / replace files on your system... But then again MS does it all the time lmao!

As long as you got the file from here or the proper map site (sorry dont recall the url offhand =/) All will be fine.. there has been a couple of bugs peeps have reported in the new version but no virus!!

Personaly I would say this is one of very few sites where you can download with no worries... Its down to the nice nature of guys / girls that reside here and also damn good site management by Dolby, Kudane and others :)

McAfee Security Suite 8.0 scans it fine. No Problems.

If you have such a virus, maybe the virus is attaching it self to files (.exe) as you run them. The virus is probably in another executeable that you ran and now in your machine. A true trojan virus, as it is masking itself into recently dl'ed ran progies that you are using.

I suggest a FULL scan of your system, AND run HiJack, a program that is free to download and will tell you if anything suspicious is hiding (even beyond virus progs) on your machine.

dn

Got Virus Warning on Uninstaller

I got after an update of my virus scanner a warning, telling me, the uninstaller of EQ2 Map Auto Updater would contain the trojan "TR/Dldr.IstBar.it.1".

(The setup file showed the same infection after opening the folder.)

As I don't feel safe enough to use the updater right now, I'd ask if anyone else got warnings -with fresh anti virus signatures-, or if I should check my scanner.

Somehow hoping it's false alarm, but better safe than sorry.

You may close this thread, I found another one here

My Computer and Notebook have found the Trojan Dldr.IstBar.it.1 in the Uninst.exe

Again no virus here using multiple flavors of scanners. I check every report to make sure.
AVG Free, Norton 2005, Trend Micro (3 different computers)

Its safe.

What Anti-Virus software you guys using?

here is the full details of what the installer does. this is the file i have created to make the installer using NSIS

Code:

; HM NIS Edit Wizard helper defines

!define PRODUCT_NAME "EQ2MAP Updater"

!define PRODUCT_VERSION "1.0"

!define PRODUCT_PUBLISHER "Nathan Lockett"

!define PRODUCT_WEB_SITE "http://maps.eq2interface.com"

!define PRODUCT_DIR_REGKEY "Software\Microsoft\Windows\CurrentVersion\App Paths\EQ2MAP_Updater.exe"

!define PRODUCT_UNINST_KEY "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PRODUCT_NAME}"

!define PRODUCT_UNINST_ROOT_KEY "HKLM"



; MUI 1.67 compatible ------

!include "MUI.nsh"



; MUI Settings

!define MUI_ABORTWARNING

!define MUI_ICON "${NSISDIR}\Contrib\Graphics\Icons\modern-install.ico"

!define MUI_UNICON "${NSISDIR}\Contrib\Graphics\Icons\modern-uninstall.ico"



; Welcome page

!insertmacro MUI_PAGE_WELCOME

; Directory page

!insertmacro MUI_PAGE_DIRECTORY

; Instfiles page

!insertmacro MUI_PAGE_INSTFILES

; Finish page

!define MUI_FINISHPAGE_RUN "$INSTDIR\EQ2MAP_Updater.exe"

!insertmacro MUI_PAGE_FINISH



; Uninstaller pages

!insertmacro MUI_UNPAGE_INSTFILES



; Language files

!insertmacro MUI_LANGUAGE "English"



; MUI end ------



Name "${PRODUCT_NAME} ${PRODUCT_VERSION}"

OutFile "EQ2MAP-Updater-1.0.0-Setup.exe"

InstallDir "$PROGRAMFILES\EQ2MAP Updater"

InstallDirRegKey HKLM "${PRODUCT_DIR_REGKEY}" ""

ShowInstDetails show

ShowUnInstDetails show



Section "MainSection" SEC01

  SetOutPath "$INSTDIR"

  SetOverwrite ifnewer

  File "EQ2MAP_Updater.exe"

  CreateDirectory "$SMPROGRAMS\EQ2MAP Updater"

  CreateShortCut "$SMPROGRAMS\EQ2MAP Updater\EQ2MAP Updater.lnk" "$INSTDIR\EQ2MAP_Updater.exe"

  CreateShortCut "$DESKTOP\EQ2MAP Updater.lnk" "$INSTDIR\EQ2MAP_Updater.exe"

  CreateShortCut "$SMPROGRAMS\EQ2MAP Updater\EQ2MAP Updater Test Server.lnk" "$INSTDIR\EQ2MAP_Updater.exe /testserver"

  File "stop_button.png"

  File "update_button.png"

  File "AxInterop.SHDocVw.dll"

  File "Interop.SHDocVw.dll"

SectionEnd



Section -AdditionalIcons

  WriteIniStr "$INSTDIR\${PRODUCT_NAME}.url" "InternetShortcut" "URL" "${PRODUCT_WEB_SITE}"

  CreateShortCut "$SMPROGRAMS\EQ2MAP Updater\Website.lnk" "$INSTDIR\${PRODUCT_NAME}.url"

  CreateShortCut "$SMPROGRAMS\EQ2MAP Updater\Uninstall.lnk" "$INSTDIR\uninst.exe"

SectionEnd



Section -Post

  WriteUninstaller "$INSTDIR\uninst.exe"

  WriteRegStr HKLM "${PRODUCT_DIR_REGKEY}" "" "$INSTDIR\EQ2MAP_Updater.exe"

  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "DisplayName" "$(^Name)"

  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "UninstallString" "$INSTDIR\uninst.exe"

  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "DisplayIcon" "$INSTDIR\EQ2MAP_Updater.exe"

  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "DisplayVersion" "${PRODUCT_VERSION}"

  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "URLInfoAbout" "${PRODUCT_WEB_SITE}"

  WriteRegStr ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}" "Publisher" "${PRODUCT_PUBLISHER}"

SectionEnd





Function un.onUninstSuccess

  HideWindow

  MessageBox MB_ICONINFORMATION|MB_OK "$(^Name) was successfully removed from your computer."

FunctionEnd



Function un.onInit

  MessageBox MB_ICONQUESTION|MB_YESNO|MB_DEFBUTTON2 "Are you sure you want to completely remove $(^Name) and all of its components?" IDYES +2

  Abort

FunctionEnd



Section Uninstall

  Delete "$INSTDIR\${PRODUCT_NAME}.url"

  Delete "$INSTDIR\uninst.exe"

  Delete "$INSTDIR\Interop.SHDocVw.dll"

  Delete "$INSTDIR\AxInterop.SHDocVw.dll"

  Delete "$INSTDIR\update_button.png"

  Delete "$INSTDIR\stop_button.png"

  Delete "$INSTDIR\EQ2MAP_Updater.exe"



  Delete "$SMPROGRAMS\EQ2MAP Updater\Uninstall.lnk"

  Delete "$SMPROGRAMS\EQ2MAP Updater\Website.lnk"

  Delete "$SMPROGRAMS\EQ2MAP Updater\EQ2MAP Updater Test Server.lnk"

  Delete "$DESKTOP\EQ2MAP Updater.lnk"

  Delete "$SMPROGRAMS\EQ2MAP Updater\EQ2MAP Updater.lnk"



  RMDir "$SMPROGRAMS\EQ2MAP Updater"

  RMDir "$INSTDIR"



  DeleteRegKey ${PRODUCT_UNINST_ROOT_KEY} "${PRODUCT_UNINST_KEY}"

  DeleteRegKey HKLM "${PRODUCT_DIR_REGKEY}"

  SetAutoClose true

SectionEnd

I use AntiVir ( http://www.free-av.com/ ) and after i update the AntiVir-Files yesterday evening, it found the Trojan Dldr.IstBar.it.1 in the Uninst.exe at start up Windows and when i scan the eq2-map folder.

I'm running Norton's Internet Security and just checked too, I got no Trojan. I'm usually wary of freeware antivirus software, simply because I've had problems with them before.

I use antiVir since 3 years and have no problems. I've read some tests about free-av and it's a very good antivir-software with 3-5 updates every day. And the performance is better as other software how Norton, Kaspersky...
But i don't know what the problem is with the uninst.exe . Can someone check this?

Sorry about my bad english. :D I'm from switzerland.

Cant find any info on that trojan... closest I can find is: http://sarc.com/avcenter/venc/data/adware.istbar.html

All I can tell you is its clean here (heck taco-man even posted the source code for that exe). checked about 15 times now on multiple machines and had friends check it too.

Using your anti-virus I get the same warning now. However since AVGFree, Trend Micro, Norton, McAfee, ClamAV all dont have trouble with it I feel confident in saying its a pattern problem on AntiVir's end.

please see this news on NSIS's webpage. http://nsis.sourceforge.net/index.ph...D=2&tt_news=24
if you still dont believe me, NSIS is open source and you can have a look for yourself at the source code and see that it doesnt have spyware/viruses/trojans. Sorry to anyone who has antivirus software that has false positives, all you can do is report it to your antivirus software vendor and hope they fix it. Luckily none of the major anti-virus have false positives, it just appears that the smaller less known/maintained do.

Send File to AntiVir

I send the file to AntiVir yesterday.
Till now i didn´t get a direct reply but they updatet their scanner today and tadaa NO Virus is found in the EQ2MAP_Updater.

So at least i assume they got mail about the problem :o

Sorry for stirring things up.

Quote:

Originally Posted by Fanryan

Sorry for stirring things up.

You have to be careful when downloading and running .exe files, no one here will dispute that. By far better to question and be sure. I don't think anyone is upset with you for "stirring things up".

*Goes back to lurking in the shadows*

Quote:

Originally Posted by Cairenn

*Goes back to lurking in the shadows*

~shines flashlight on Cairenn~ bloody lurkers :p

In all honesty, I do not trust Norton / Mcafee, waste of money. My friends mother bought the Suite Edition, and after a long scan... no virsus.

Yet, I ran my trusted AVG and it found, no lie 73 virsuses. My friend was stunned. The program is CONSTANTLY updated 5 days aweek, sat / sun no updates but any other time during the week it will update. Why waste money on virus protection thats only partail? :mad:

Anywho, I just did a quick scan to see myself, I came up clean. So I too can verify that the files are untampered. :nana:

I have been running EQ2mapautoupdater with no problems and no viruses or anything discovered and I am a techy nut, so I can strip the files down and search thoroughly through them. Try this, open up the folder with the files in them and do a separate scan of each file, then make sure you have the hidden files (if any) available for view and check those also. But at the same time I have to agree with you on the reliability of Norton and Mcafee.

Tried with 2 different computers. One running WinXP Pro SP2 and McAfee Enterprise 8.0, the other running WinXP Pro (no SP at all) with Avast 4.7; each one with all the virus database updates. Neither computer found a virus in the installer or the app.

Thank you for writing a great program :D

I use Avast 4.7 Anti-Virus Pro. on 1 computer and Kaspersky Anti-Virus 6 on the other, both computers have EQII on them, both run EQIIMap.

The only FALSE problem I have encountered with Avast, was whence installing BLP2 Viewer it says that it is a trojan, when it's not...it's false labeling a .exe, a virus. You must have that problem with yours

Just want 2 re assure u guys

I have downloaded it on my 3 computers and i got a trojen warning but i had a family member walking me though the process and said everythig was fine. IT WAS! I learned most programes they block is te program is un sure.:nana::nana::nana::nana::nana::nana:

I use AVG Antivirus and it has put everything in quarantine.