View Full Version : Trojan Virus in S&M S1E1?
Antivir is giving me a trojan warning when I want to boot up the first episode of the first season of Sam & Max. It doesn't happen with the other Telltale games.
CmdLineExtInstallerExe.exe is infected with Trojan TF/Agent.375992.A
Getting ridd of it and re-downloading gives me the exact virus/trojan back.
Am I the only one?
<EDIT> Actually it happens also with the other episodes except episode 4 "Abe Lincoln" must die, I don't get a trojan warning with that one. I got that one some time ago when it was free - it fails however to connect to the community forums...
<EDIT 2> It seems that the community tracker is identified as a trojan in Antivir. Am I the only one using Antivir? When I refuse access to the named file the community tracker doesn't work.
01/29/2010, 06:42 am
I was able to reproduce the warning. The file is a part of securom and is signed by Sony DADC Austria AG (though with an expired certificate).
I submitted it to Virustotal (http://www.virustotal.com/analisis/543e6e705dd49f0347cc622e3741a7d45ee336a1c78e0cd0b5 fb4024ab1db901-1264777581) which produced positive results with 3 Antimalware products. Antivir and McAfee-GW-Edition possibly use the same engine, Sophos only is suspisious of the programs behaviour.
I submitted it to Avira as a suspected false positive and will post the result when i get it. The same thing seems to have happened before (http://forum.avira.com/wbb/index.php?page=Thread&postID=826052&highlight=CmdLineExtInstallerExe#post826052) (german) and i wildly guess that avira created some kind of exception in their engine for that files hash back than and the file securom transfers changed recently disabling that exception.
Hey, thanks man!
I also suspect this to be a false positive...
This happens from time to time. Telltale Games uses NSIS (http://nsis.sf.net) for installers. A lot of software uses NSIS to install as it's free as in freedom and beer. A lazy virus definition expert flags the NSIS components, rather than the actual contents of the virus. Suddenly every piece of software that uses NSIS is flagged, creating these false positives. It happens every few months to a random anti-virus software program. It's like saying someone has gangrene just because they have a right leg.
Ways to be sure you're OK:
Obtain the game from TelltaleGames.com
The installer files are served by Limelight, but if the TTG website is providing the link, you know it's OK!
Check the Digital Signature
All the installers distributed by Telltale for Wallace & Gromit & Monkey Island are digitally signed by "Telltale, Inc."
You can check the properties for the digital cert on Vista and Win7 (WinXP support is broken for large files). Go into the Properties of a file, click the "Digital Signature" tab, and make sure you see "Telltale, Inc." as the name of the signer. If it's something different, or there's no "Digital Signature" tab, it may not be from Telltale.
The other games aren't signed, so don't panic outright when you don't see a signature with them.
02/01/2010, 06:10 am
Today I got Aviras response, confirming it is a false positive, and that it will be removed from the virus definition file with one of the future updates.
Thanks DjNDB for following up with Aviras!
Moving forward anything new out of this studio will be signed. Some day we'll get the rest of the Telltale Games installers signed.
Yeah, thanks again DjNDB!
vBulletin® v3.8.2, Copyright ©2000-2013, Jelsoft Enterprises Ltd.