Virus infection?
-
@Masterfox (View Post)
Neither AVG nor your router firewall are correct. (Unless you have some kind of virus that modified Powder.exe after you downloaded it, but that sounds unlikely).
I tried WireShark and some program called Process Monitor from Microsoft. Wireshark didn't reveal anything suspicious, just a ton of requests to things like GET /1843495_small.pti HTTP/1.1, it has to make a separate request for every thumbnail (I thought it reused the connections, my mod does this at least ...). Process Monitor showed that it only communicates with two servers, cateserv.powdertoy.co.uk and bagels.powdertoy.co.uk. These are our own servers here, which are harmless.
You can see the Process Monitor results here, but they aren't too interesting (doesn't show which pages were requested): https://dl.dropboxusercontent.com/u/43784416/PowderToy/Logfile.CSV
The md5 of the 91.1 Powder.exe is bbc635ff27fd5163d004aa9865431c57, if you want to make sure you are using the same exe file.
I might install AVG to see what I can do about it (D:), or investigate more about what is causing it. Maybe it doesn't like how we make http requests by hand? Some kind of http library would fix that. Or maybe it doesn't like how we do dns requests, or how we spam dns requests for every single download.
Edit:
Can anyone with AVG test this build? https://powdertoy.co.uk/Download/Builds/Build-326/powder-win32.zipEdited 2 times by jacob1. Last: 26th Mar 2016 -
@Masterfox (View Post)
If the game was infected the rest of us using it would experience the same problems as well. So it's *definitely* something wrong with your firewall and/or AVG. Or like @jacob1 said a virus already on your system corrupted your powder.exe, but that is unlikely. -
@Masterfox (View Post)
That still seems unlikely, but I guess you never know ...
How did you get the md5? Make sure you take it of Powder.exe version 91.1, not Powder.exe version 91.0 or Powder.zip -
Used a normal md5 hasher from online md5.com, why are you asking? BTW I just remembered there was something like a "trapdoor virus", it infects the router and then modifies the packets after analysing them. Perhaps something like that?
Edited once by Masterfox. Last: 27th Mar 2016 -
@Masterfox (View Post)
http://onlinemd5.com/ ? It gave BBC635FF27FD5163D004AA9865431C57 for me. What hash did it give for you? -
@Masterfox (View Post)
I just want to know what the md5 is so I can compare it to other versions and stuff, or if someone else has an exe file with that md5 would be useful to know.
I still think it is extremely unlikely you would get a virus at the same time everyone else with AVG got false positives in 91.1. Maybe something did modify Powder.exe, but dunno. It is very odd. -
I just checked connections, it showed a rather active connection to www.[REDACTED].kr, a site I do not know what it is for and seems to be known in the Web for Malware.Oh, okay, nvm, I just saw there is a new update, that site is gonna be something else.Edited 4 times by Masterfox, jacob1. Last: 1st Apr 2016 -
@Masterfox (View Post)
Well if it has malware don't post it :P
Anyway, the official builds definitely don't make requests to that site. So hopefully you can figure out the issue.
