Quantcast

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Chronicles of Spellborn Virused with TCP Backdoor

Was looking for new game, decided to give Chronicles of Spellborn a try.. BUT

Most current version of AVG 8.5 (19 May 2009) Brand new install from 3.0GB install downloaded from official site.

"C:SpellborninclientSBGame.dll" ;"Virus found Win32/Devir"; "Infected"

http://www.viruslist.com/en/viruses/encyclopedia?virusid=20467

Virus.Win32.Devir (Kaspersky Lab) is also known as: Win32.Devir (Kaspersky Lab), W32/Insane.dr (McAfee), Trojan Horse (Symantec), Win32.Deviator.12288 (Doctor Web), W32/Devir-A (Sophos), Win32/Devir.A (RAV), TROJ_DEVIR.A (Trend Micro), W32/Devir.15128 (FRISK), Win32:Deviator (ALWIL), Win32/Devir.15128 (Grisoft), Win32.Insane.7096.dr (SOFTWIN), Univ.B (Panda), WIN32 (Eset)

Description added May 31 2001

Behavior Virus

Technical details

This is a per-process memory resident parasitic poly-morphic Win32-virus. The virus infects PE EXE files that have .EXE filename extensions. When run, the virus infects files in current directory only.

The virus also stays in the system memory as a component of the infected host program, gains access to KERNEL functions and intercepts 10 of them: file opening, copying, moving functions, etc. When a PE EXE file is accessed by these functions, the virus infects it. As a result, the virus will infect all PE EXE programs that are accessed by infected the host program, and the virus will be active until the moment the host program exits. The virus also hooks, selecting a new directory function, and infects PE EXE files in there.

--

The PE EXE infection method is a complex and is similar to the Win32.Driller virus. The block of host file code that is overwritten by the virus poly-morphic routine in some cases may be also compressed during infection.

The virus also contains a backdoor routine that opens an Internet connection, waits for its author's instructions and then follows them: sends/receives files, executes programs, reports system information, etc.

The virus contains the following "copyright" text:

Intruder v.0.1 by Deviator//HAZARD

 

Guild Mistress/Leader: Circle of Reflection.
"The Second Official CoS Guild"
http://cos.oldmmogamers.net

Comments

  • DistasteDistaste Member UncommonPosts: 665

    False positive. It doesn't do anything to your computer except run the game.

  • daylight01daylight01 Member Posts: 2,250

     There was a thread about this in the TCoS board on this forum sometime ago,here is the link for you and it also tells you how to correct the problem,hope it helps and puts your mind at ease....

    http://www.mmorpg.com/discussion2.cfm/thread/231130/Win32-virus-detected.html

     

    image

    If someone had came up to me in 1980 when I was on my Atari 2600 and said we will be playing games with thousands of people at the same time.I guess my response would have been,"but I only have 2 joysticks"

    http://www.mmorpg.com/discussion2.cfm/thread/235780/page/8

  • Redline65Redline65 Member Posts: 486

    AVG gave me this alert too a week or so ago and I took the steps to add the exclusion to my Spellborn folder. All was well after that, but yesterday AVG gave me another alert for the Win32/Devir virus in some other folder for a .dll file. It's a little suspicious to me that the same virus would show up somewhere else.

  • GrenadierGrenadier Member Posts: 91
    Originally posted by Redline65


    AVG gave me this alert too a week or so ago and I took the steps to add the exclusion to my Spellborn folder. All was well after that, but yesterday AVG gave me another alert for the Win32/Devir virus in some other folder for a .dll file. It's a little suspicious to me that the same virus would show up somewhere else.

     

    Let me guess, in your System Volume Information folder? That is where your computer keeps its restore points. Its probably a copy of the same files.



    Its very annoying. I'll tolerate this kind of crap because I enjoy the game and don't want it to fail, but my patience with it is wearing thin. Acclaim and SiL are shooting themselves in the foot every chance they get. No cancel on the CC subscription, false positive virus warnings, a patch that was not very well received.... How many more of these do they think it takes to completely ruin the game's potential subscriber base?

  • Redline65Redline65 Member Posts: 486
    Originally posted by Grenadier

    Originally posted by Redline65


    AVG gave me this alert too a week or so ago and I took the steps to add the exclusion to my Spellborn folder. All was well after that, but yesterday AVG gave me another alert for the Win32/Devir virus in some other folder for a .dll file. It's a little suspicious to me that the same virus would show up somewhere else.

     

    Let me guess, in your System Volume Information folder? That is where your computer keeps its restore points. Its probably a copy of the same files.



    Its very annoying. I'll tolerate this kind of crap because I enjoy the game and don't want it to fail, but my patience with it is wearing thin. Acclaim and SiL are shooting themselves in the foot every chance they get. No cancel on the CC subscription, false positive virus warnings, a patch that was not very well received.... How many more of these do they think it takes to completely ruin the game's potential subscriber base?

    Exactly, it looked like it was a .dll file in the system restore folder. I agree with you though, stuff like this can only be bad for their business.

     

Sign In or Register to comment.