World of Warcraft trojan/virus or AVG false positive?
World of Warcraft players who are using Grisoft’s AVG virus scanner are getting a nasty surprise today when they try to launch Warcraft - AVG is telling them that they are infected with Trojan Horse Generic5.jmy. The infected file in question is Fmod.dll, which is an audio related dll file used by Blizzard. Many, many Warcraft users also use AVG anti-virus, so this issue potentially affects well over two hundred thousand users.
Update #5 (2:03 am C.S.T.) Is it possible that AVG is experiencing yet another false positive? On one of our test systems, AVG is identifying GoogleDesktopUpdate.exe and GoogleDesktopSetup.exe as the Trojan horse Generic5.jjp, very similar to Generic5.jmy (see below). If you are experiencing this issue, then PLEASE LEAVE A COMMENT so we can further analyze this problem. I’d like to know if this is another false positive, or some sort of real Trojan on this machine. If this is another false positive, then this has to go down as a pretty bad week for Grisoft/AVG - meddling with the programs of two of the biggest (and richest) software companies around!!!
Update #4 (9:00 pm C.S.T.) AVG has now released a patch to fix the Warcraft/Fmod.dll issue. If you are on this site because AVG has reported that you have the Generic5.jmy Trojan, or that Fmod.dll is infected, you should double-click on the AVG icon in your toolbar (lower right hand side of your screen) and then click the update button (again, lower right of the AVG window). You should then restart your system, and your problem should go away. If you did happen to quarantine or delete the Fmod.dll file, then read on for the solution to your problem:
Update #3 (6:20 pm C.S.T.) Here is a link to download a replacement Fmod.dll so you don’t have to run the repair utility! CLICK HERE. Here’s a description of the issue from Blizzard’s Darth: “Extract that DLL into your World of Warcraft folder. Note that if AVG is still running, it may quarantine this file again. The purpose of this file is that it’s a quick link to the file. You don’t have to run the Repair utility and wait until it scans everything. It won’t fix your AVG problem because there’s nothing wrong with fmod.dll.”(Link) Over 3000 visitors to this post in the last few hours!
UPDATE 2 It appears this issue is a false positive reported by AVG (which makes one wonder about Blizzard’s code) and should be fixed via an update sometime later today. You can CLICK HERE for updates, or double click the AVG icon and click “update”.
To Digg this story, CLICK HERE and vote for it!
Those that are experiencing this issue are having a difficult time logging onto Warcraft, and some bugs are being reported. The question of the hour is, of course - is this a security lapse on the part of Blizzard, or is this a false positive reported by AVG? A major company distributing malware or insecure files is not unheard of (see the recent Wordpress update issue), but this would likely be the largest such incident in years.
At this point, the only solution found to work is to disable AVG’s resident shield, but this will leave you unprotected when connected to Warcraft, and various worms, and Trojan horses are able to install themselves on unpatched and unprotected systems when they are merely connected to the internet. We are working on a better solution, and will publish one as soon as we find and test it. (or as soon as Blizzard gives an update as to what is going on?)
Here’s some posts from the Warcraft forums on the issue - thus far Blizzard hasn’t given a response, but I will keep this post updated throughout the day, so please check back.
All links below go to forums.worldofwarcraft.com
Primary Post: CLICK HERE
Post 2
Post 3
Post 4
Post 5
Post 6
Here is a possible fix (posted on the forums by Gerock and untested by us) for those running Windows Vista: “ OK FOR VISTA USERS: Listen up. Ok close the AVG. Right click the taskbar icon and click close. Completely close it. Then right click the desktop icon and select “Run as Admin” Once you’ve ran it as admin go to the vault, and restore the dll to the world of warcraft folder. THEN you go to the resident shield/properties/enable sheild and Disable it. I know making the anti-virus pointless BUT if you want to get on, do it. Once you have disabled it, just load WoW like normally. It worked for me. Anyone else?”
Credit to Devon of WanderingFro for bringing this to our attention.
P.S. Check out our Nutritional Supplements Site.
July 11th, 2007 at 4:39 pm
Thanks for posting, you’re the only hit on google for it!
July 11th, 2007 at 5:57 pm
you’re a life saver, i couldnt find anything else about this <3
July 11th, 2007 at 7:10 pm
Indeed thanks for posting, for anyone with AVG there is a new update available. Run that and either restore the file from the vault or use the link provided above to get the file. All is good now in the world … of Warcraft.
July 12th, 2007 at 6:49 am
I just got AVG complaining about googledesktopsetup
July 12th, 2007 at 7:16 am
AVG just flagged my GoogleDesktopSetup.exe as a Trojan Horse Generic5.JJP this morning.
July 12th, 2007 at 9:19 pm
Thought this was a real Trojan before Blizzard told my to re-update AVG. Sooo…. I un-installed WoW, and when I went to Re-install it, I found that Windows would not recognize my DVD drives. I have attempted to re obtain these drivers but have been unable to do so…..any useful tips?
July 13th, 2007 at 12:41 am
Just to let you know, AVG also identifies GoogleDesktopSetup.exe as a Trojan Horse Generic5.jjp here. I deleted the files (part panic, part “I don’t need them anyway”) but now the trojan is found in some restore-files.
Sigh…
July 15th, 2007 at 11:59 am
As a side note AVG also removed fmod.dll from Settler’s 10th Anniversary edition, so no doubt it will remove it from other games as well (the one for settlers being half the size of the one included with WoW)
July 16th, 2007 at 9:26 pm
In all the posts I have read in the last two days, on both Wow forums, and many others, I have never experienced my ongoing problem anywhere. As many others, I have AVG, but mine is the free version, whihc doesn’t make much difference if AVG is not allowing Wow to use it’s fmod.dll file… I have read many of Blizzard’s emplyees’ post’s on how to fix this problem head-on. This is to delete/remove your fmod.dll file from your World of Warcraft folder, and to download their supported fmod.dll file, and they claim it’ll work. I have tried this multiple tikes over and over again, not working anytime. I have seen many people post saying that Blizzard is their savior and Blizzard is god, but Blizzard hasnt helped me a bit. Whenever I try starting Wow, its says: ” This application failed to start because fmod.dll was not found. Re-installing the application may fix this problem.” Now…. I have already had to re-install Wow once before for an issue before, and i’m not about to do so again, taking a wholes day time out of my life….unless I spend a couple more days on this stupid issue.. In any case, my AVG has notihng to say on Wow’s part, it neither detects said virus/trojan at all! I specifically scan Wow itself and still doesn’t gripe about any threats…. SOMEONE OUT THERE, PLEASE READ THIS AND HELP, I HAVE NO SOLUTION GIVEN TO ME SO FAR!!!!
July 16th, 2007 at 9:38 pm
You left an anonymous comment (the one above me) How are we supposed to contact you to help you?
Please comment again and leave an email address or website where you can be reached.
July 17th, 2007 at 2:53 pm
I am the guy who left that huge anonymous comment above, I have since that post cut my loses, and am in the middle of re-installing Wow… again no one else has my problems….
September 15th, 2007 at 1:06 pm
I downloaded both Fmod and Divxdecoder.dll, so now the game will launch. But it is saying “Unable to validate game version” ><