Trojan.Gen.X

[Emma]

This morning I tried to launch Anarchy the launcher attempts to download 2.81 mb of something ...

Then I get a message that Windows can not find ...\Anarchy Online\patchertmp\AnarchyPatcher.exe.

Then my Nortons blocks a file Trojan.Gen.X

I did not have any issues yesterday with Anarchy ... and I don't see any indication of patching today.

Any suggestions or clues?

Emma

[Emma]

Within my Norton's Recent Activity it says the Trojan.Gen.X was contained in the file / attempted 2.81 mb download sourced from: http://update.anarchy-online.com/c/M...chyPatcher.exe

I assume this Trojan is coming thru Funcom servers?

Anyone else seeing this? My housemate logged in 2 hours or so ago and did not get this message.

Emma

[DigitalBath]

It's extremely unlikely (nearly impossible) that this detection has anything to do with Funcom or AO directly.

It would look like something else you have on your computer (either something downloaded/ran/installed or just a simple USB Flash Drive or even CD or anything else with an auto run) brought you a little unwanted present.

I can confirm zero detections on 3 PC's that we have AO installed on over here.

Try running a full scan of your system with a reliable anti-malware and/or anti-virus software. Not sure Norton is still considered reliable as I haven't used it in many years.

[nanoforcer]

Norton is junk, that's what i think is the problem here given the info you posted.

[Aiken]

Do yourself a favour & ditch Norton, it's nothing but bloatware for your system. As suggested before, run a system scan with something reliable & also check with a malware scanner such as Spybot Search & Destroy.
Chances are high it's just a false-positive on Nortons side & it's nuked something important from the AO files, for reasons I'm sure only Norton will ever know.

[Ekarona]

My guess is that Norton's heuristic analyzer is just crap and found false positive...

[Emma]

If Norton's is so bad then why do many of the ISP's include it in their services? How would I know an anti-virus program I download wouldn't be just as bad as Norton's?

I have had issues with Norton's before when it didn't recognize a newly named Anarchy program included with an announced patch. I have never had issues when there were no scheduled patches.

Emma

[Caloss2]

AvG free and spybot will help massively, as will running malwarebytes on your system.

To answer you question, Norton pay those companies the most money to use their bloatware. Norton is trash honestly.

[Emma]

So anyways, installed a different virus software ... it is scanning now.

However, Norton's not withstanding ...

Something tried to download when I opened the launch screen and there are no patches today that I noticed ...

Emma

[DigitalBath]

So anyways, installed a different virus software ... it is scanning now.

However, Norton's not withstanding ...

Something tried to download when I opened the launch screen and there are no patches today that I noticed ...

Emma

It sounds like something was detected when you ran the launcher. It wasn't necessarily an attempt to download anything.

It may have been a false positive, as mentioned previously. That could be caused by a recent update to Norton's wacky virus definitions/heuristics and something that previously seemed fine to Norton in AO's files (because it was!), now seems not fine. It doesn't actually mean there's a virus involved.

If it wasn't a false positive, it may have simply been something else you had that calmly ran in the background infecting your stuff until a recent update to Norton's stuff picked up on it.

Did some reading.. Norton is really not up to par with even 100% free Anti-Virus and Anti-Malware software these days and may cause many issues (mostly major slowdown) in a system. The problem is it's apparently also notoriously hard to uninstall so BE CAREFUL.

[Fromm]

I'm glad to see this thread, as I came across this issue yesterday running Symantec, and although I was 99% certain it was a false positive, I am now even more certain. Some additional info:

Symantec updated the heuristic for Trojan.Gen.X yesterday, which is presumably why it all of a sudden decided that AO, or more specifically AnarchyPatcher.exe is a trojan. Symantec then deleted this file. The next time I went to launch AO, anarchy.exe noticed that the patcher was missing, and attempted to download it (hence the download). Symantec saw this, blocked the download, and then classified anarchy.exe as a SONAR.Dropper because it tried to install what it believed to be a trojan, and therefore Symantec decided to delete anarchy.exe.

To be fair, I can see how a program designed to patch existing files on your computer could appear to be malware to a heuristic based scan. It would probably be best if Funcom reached out to Symantec to get AnarchyPatcher.exe white listed, as I think this how these sort of things are normally resolved.

As far as the Norton/Symantec hate goes, don't read into it too much. In my opinion, there was a time where there were some better/more efficient options than Norton out there, but as long as you're running the latest version of Norton it's perfectly reasonable software. However, I don't actively keep up with the Norton side of things, as I use a different product by the same company, so my opinion may not be worth much. If you don't like it for other reasons or if it continues to give you issues with AO updates and patches, there are many great alternatives out there, both free and paid.

[Emma]

It appears that my issue was similar to yours Fromm ... the file the launcher wanted to download was the patcher.exe that Norton's had blocked/deleted. I did a full scan with new virus software and no issues found ... allowed the launcher to download the missing file ... and now doing another full scan for good measure.

Emma

[Aiken]

Just as a sidenote to this thread as it's kind've related. I haven't had an antivirus installed permanently on any of my machines in probably 5 or 6 years now. I occasionally scanned with various AV's over this time, just to be sure, and never had a hit. Ever. Ofc this is related to general safe browsing habits and such, but it's definitely worth noting.

[DigitalBath]

Just as a sidenote to this thread as it's kind've related. I haven't had an antivirus installed permanently on any of my machines in probably 5 or 6 years now. I occasionally scanned with various AV's over this time, just to be sure, and never had a hit. Ever. Ofc this is related to general safe browsing habits and such, but it's definitely worth noting.

Same here. Adopt safe browsing habits, run a clean system. Run proper checks with trustworthy software when you do your PC's spring cleaning (which you should do anyway).
Your system will perform better and you'll be safe.. and it's really not hard/time consuming to learn.

[Veebz]

Norton is not as bad as it used to be. It has an enormously poor reputation among the IT crowd because of their marketing tactics - they spent a lot of effort to become ubiquitous, but less effort to be good at their job. These days, however, Norton is pretty competitive as an anti-virus suite. That said, I don't agree with their nagware behavior and installation practices - so I don't use them.

If you're on a genuine copy of windows, the best free AV suite is Microsoft Security Essentials. It's 1) free 2) not nagging 3) comprehensive and 4) lightweight (Doesn't take up much resources). This is the only AV suite I use on any PC. Nod32 is often rated as simply the best AV/Anti-Malware suite - but it is expensive.

In addition to this, I've found that Malwarebytes and specific tools such as Kaspersky's TDSSKiller can clean 99% of infections in a short amount of time.

[Emma]

Thanks for all the input and suggestions. I consider myself to be a fairly safe browser. I uninstalled Norton's, installed the Microsoft Security Essentials and did full scan twice and it did not find any issues with Anarchy or otherwise. I feel comfortable that it was what you all called a false positive and the reason the launcher wanted to download something was because Norton's had deleted/quarantined the Anarchy patcher.

Emma

[Legendfluf]

Yeah, my Symantec Endpoint Protection pinned it too, but I just reversed the scan and put it under an exception.

[doctorgore]

Avast antivirus,comodo firewall,peerblock, any good spyware etc use them.

http://www.urbandictionary.com/defin...rton+antivirus

[Honorbound]

So anyways, installed a different virus software ... it is scanning now.

However, Norton's not withstanding ...

Something tried to download when I opened the launch screen and there are no patches today that I noticed ...

Emma

Nothing tried to download anything. AnarchyPatcher.exe is exactly 2.8 MB in size, and every time you start AO, the game will checksum all of its binary components like .exes and .dlls as a protection against tampering. Real time virus scanners work by hooking themselves to file open actions performed on protected file types, such as these, and scan the file before the requesting process is allowed to open them. Norton likely received a (bad) signature update since the last time you ran AO, and as it seems to often hapen with it, it contained incorrect data that caused a false positive on this file when it was scanned as the game tried to access it.

[Fromm]

Nothing tried to download anything. AnarchyPatcher.exe is exactly 2.8 MB in size, and every time you start AO, the game will checksum all of its binary components like .exes and .dlls as a protection against tampering. Real time virus scanners work by hooking themselves to file open actions performed on protected file types, such as these, and scan the file before the requesting process is allowed to open them. Norton likely received a (bad) signature update since the last time you ran AO, and as it seems to often hapen with it, it contained incorrect data that caused a false positive on this file when it was scanned as the game tried to access it.

Actually, the launcher did indeed download AnarchyPatcher.exe, as it noticed that it was missing because the virus scanner had deleted it. The virus scanner then deleted the freshly downloaded patcher as well.