Chase and Sam

Welcome to the Home Page of Chase Thompson and Sam Knowles. We're tech journalists, web designers and computer security consultants from Birmingham. Hear Tech Talk Saturday's at 11:00am on WAPI 1070 and see us on TV (Thursday night, 9:55pm) hosting Tech Check on WBRC6 - the local Fox affiliate. Call us on Saturdays at: 1-866-927-1070

Home Page

ChaseandSam.com contains great downloads, advice, amazing videos & much more. In addition, Chase and Sam have been in the tech business for many years. Our specialties are web site design and office computer security. If we can help you, please click on the Hire Us button below.

Archive: antivirus

World of Warcraft trojan/virus or AVG false positive?

Posted on 11 July 2007 Comments (16)
Tags: Trojan horse, Warcraft, World of Warcraft, antivirus, avg, security

World of Warcraft players who are using Grisoft’s AVG virus scanner are getting a nasty surprise today when they try to launch Warcraft - AVG is telling them that they are infected with Trojan Horse Generic5.jmy. The infected file in question is Fmod.dll, which is an audio related dll file used by Blizzard. Many, many Warcraft users also use AVG anti-virus, so this issue potentially affects well over two hundred thousand users.

Update #5 (2:03 am C.S.T.) Is it possible that AVG is experiencing yet another false positive? On one of our test systems, AVG is identifying GoogleDesktopUpdate.exe and GoogleDesktopSetup.exe as the Trojan horse Generic5.jjp, very similar to Generic5.jmy (see below). If you are experiencing this issue, then PLEASE LEAVE A COMMENT so we can further analyze this problem. I’d like to know if this is another false positive, or some sort of real Trojan on this machine. If this is another false positive, then this has to go down as a pretty bad week for Grisoft/AVG - meddling with the programs of two of the biggest (and richest) software companies around!!!

Update #4 (9:00 pm C.S.T.) AVG has now released a patch to fix the Warcraft/Fmod.dll issue. If you are on this site because AVG has reported that you have the Generic5.jmy Trojan, or that Fmod.dll is infected, you should double-click on the AVG icon in your toolbar (lower right hand side of your screen) and then click the update button (again, lower right of the AVG window). You should then restart your system, and your problem should go away. If you did happen to quarantine or delete the Fmod.dll file, then read on for the solution to your problem:

Update #3 (6:20 pm C.S.T.) Here is a link to download a replacement Fmod.dll so you don’t have to run the repair utility! CLICK HERE. Here’s a description of the issue from Blizzard’s Darth: Extract that DLL into your World of Warcraft folder. Note that if AVG is still running, it may quarantine this file again. The purpose of this file is that it’s a quick link to the file. You don’t have to run the Repair utility and wait until it scans everything. It won’t fix your AVG problem because there’s nothing wrong with fmod.dll.”(Link) Over 3000 visitors to this post in the last few hours!

UPDATE 2 It appears this issue is a false positive reported by AVG (which makes one wonder about Blizzard’s code) and should be fixed via an update sometime later today. You can CLICK HERE for updates, or double click the AVG icon and click “update”.

To Digg this story, CLICK HERE and vote for it!

Those that are experiencing this issue are having a difficult time logging onto Warcraft, and some bugs are being reported. The question of the hour is, of course - is this a security lapse on the part of Blizzard, or is this a false positive reported by AVG? A major company distributing malware or insecure files is not unheard of (see the recent Wordpress update issue), but this would likely be the largest such incident in years.

At this point, the only solution found to work is to disable AVG’s resident shield, but this will leave you unprotected when connected to Warcraft, and various worms, and Trojan horses are able to install themselves on unpatched and unprotected systems when they are merely connected to the internet. We are working on a better solution, and will publish one as soon as we find and test it. (or as soon as Blizzard gives an update as to what is going on?)

Here’s some posts from the Warcraft forums on the issue - thus far Blizzard hasn’t given a response, but I will keep this post updated throughout the day, so please check back.
All links below go to forums.worldofwarcraft.com

Primary Post: CLICK HERE
Post 2
Post 3
Post 4
Post 5
Post 6

Here is a possible fix (posted on the forums by Gerock and untested by us) for those running Windows Vista: “ OK FOR VISTA USERS: Listen up. Ok close the AVG. Right click the taskbar icon and click close. Completely close it. Then right click the desktop icon and select “Run as Admin” Once you’ve ran it as admin go to the vault, and restore the dll to the world of warcraft folder. THEN you go to the resident shield/properties/enable sheild and Disable it. I know making the anti-virus pointless BUT if you want to get on, do it. Once you have disabled it, just load WoW like normally. It worked for me. Anyone else?”

Credit to Devon of WanderingFro for bringing this to our attention.

P.S. Check out our Nutritional Supplements Site.

Google

RECENT POSTS

Our Pages

Our Archive

Recent Comments

MostComments

Friends Of Show

Recent Readers and Visitors.Recent Readers

10/24/2008

10/24/2008

10/03/2008

10/03/2008

09/23/2008

09/22/2008

09/22/2008