Author Topic: False Positive: Starcraft II (Read 8184 times)

GUNxSPECTRE · « **on:** September 17, 2010, 08:00:31 PM »

This morning only minutes ago, I did a quick scan and the scan found this:

StarCraft_2_NA_en-US.exe
Win32:Malware-gen
Severity: High

I know this is a false positive. Blizzard is a trusted company and I doubt they would send malware to customers...

EDIT: Put it in the Virus Chest anyway. Better safe than sorry, though I did 2 quick scans and 1 full system scan yesterday and they all found nothing...

DavidR · « **Reply #1 on:** September 17, 2010, 08:40:24 PM »

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

GUNxSPECTRE · « **Reply #2 on:** September 18, 2010, 12:01:10 AM »

Quote from: DavidR on September 17, 2010, 08:40:24 PM

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

Did that, and it turned out that 4/30-some virus scanners claimed that it was infected (AVAST and AVAST 5 being two of them). So I deleted that old copy of the .exe. Only a couple of minutes ago, I went to my Blizzard account and downloaded a fresh new .exe of the same name and I scanned it also in Virus Total, and it came up completely clean. Did Avast update in that time to include the false positive during those times or was I really holding onto an infected copy. I have no clue how it could've gotten infected considering I scan my computer EVERYDAY with avast! and malwarebytes anti-maleware at LEAST 2 times a day...

DavidR · « **Reply #3 on:** September 18, 2010, 12:41:54 AM »

If GData was one of the others (and used the same malware name) it uses avast as one of its two scanners so now we have a collective 1, what other scanner was the 4th ?

- The avast Win32:Malware-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

Send the sample to avast as a possible False Positive:
Open the chest and right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

- In the meantime (if you accept the risk), add the full path to the file (don't exclude the folder as that leaves too bigh a hole) to the exclusions lists:
File System Shield, Expert Settings, Exclusions, Add and
avast Settings, Exclusions

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the File System Shield and avast Settings, exclusions lists.

ToM ™ · « **Reply #4 on:** September 24, 2010, 08:34:59 AM »

It is fixed, sorry for inconvenience.

SafeSurf · « **Reply #5 on:** September 24, 2010, 10:07:52 AM »

GUNxSPECTRE,

The recent definitions update fixed this problem.

Now that your issue is now resolved/fixed, please go back to the first open post in this topic, click the modify button in that Post and change the title/subject, add [Resolved] to the beginning of the title so this thread can be closed.

Feel free to come back any time you need help, to learn something new, or just to ask questions. We are here 24/7 for your convenience. Thank you.

salient1 · « **Reply #6 on:** October 03, 2010, 01:40:30 AM »

I just had Avast report Starcraft II file as malware. I tried filling out the form saying it was a false positive but it wouldn't take it and now I can't play the game because it's destroyed the file in question so I can't authenticate in to BattleNet anymore. Good job.

Please tell me how to fix this.

Rafel · « **Reply #7 on:** October 03, 2010, 02:47:17 PM »

I had the same problem. Repair the game and no problems

salient1 · « **Reply #8 on:** October 03, 2010, 08:15:16 PM »

Quote from: Rafel on October 03, 2010, 02:47:17 PM

I had the same problem. Repair the game and no problems

I tried that. The SC2 repair app reported there was no problem but it was still broken.

Rafel · « **Reply #9 on:** October 03, 2010, 09:34:40 PM »

If you uninstall and reinstall??

Author Topic: False Positive: Starcraft II (Read 8184 times)

GUNxSPECTRE

False Positive: Starcraft II

DavidR

Re: False Positive: Starcraft II

GUNxSPECTRE

Re: False Positive: Starcraft II

DavidR

Re: False Positive: Starcraft II

ToM ™

Re: False Positive: Starcraft II

SafeSurf

[RESOLVED] Re: False Positive: Starcraft II

salient1

Re: False Positive: Starcraft II

Rafel

Re: False Positive: Starcraft II

salient1

Re: False Positive: Starcraft II

Rafel

Re: False Positive: Starcraft II