Virus infection?

  • Masterfox
    24th Mar 2016 Member 0 Permalink

    I just downloaded and installed the new version(91.1) of TPT, but my AVG detected a virus in it and deleted the programm. The virus code is "idp ares generic", am I the only one with that issue here? Can I skip it or is my PC really infected?

  • jacob1
    24th Mar 2016 Developer 1 Permalink
    It's probably a false positive. Not sure what it is matching, but it says it is just some generic match.

    You can see a virus total report here: https://www.virustotal.com/en/file/b4fbe3217647b99589faf429f73808cea056712fa5ac4a32eb5749bb11a21850/analysis/
    Another "generic" match, but trust me it is safe. Even AVG says so :P


    You can redownload the game here: https://powdertoy.co.uk/Download/powder-win32.zip
    Edited once by jacob1. Last: 25th Mar 2016
  • Masterfox
    24th Mar 2016 Member 0 Permalink

    Yeah, it is not a problem of the Game, but rather, I get this when I try to access the server by the means of opening the FP. So, it seems to be not only on my side, but rather a problem with one of the saves on the FP? BTW It is really not the Game, AVG scanned it here locally as well and gave no problem.

     

    Edit:

     

    Well yeah, nothing about false positive, my router firewall is like panicking whenever I try to open up the FP. 3 most common messages are:

    "TCP/UDP port scan"

    "UDP Flood"

    "ICMP Flood"

    So, it seems like your Page is infected as far as I can see?

    Edited once by Masterfox. Last: 24th Mar 2016
  • jacob1
    25th Mar 2016 Developer 0 Permalink
    @Masterfox (View Post)
    Those are normal router messages. There's always a barrage of packets from everywhere on the internet scanning for holes. Are you sure those things only open up when trying to open the front page? Seems unlikely.

    I tried googling for idp.ares.generic but couldn't figure out what it was. Maybe i'm just unable to find the page where they describe the virus. It is almost certainly a false positive though, and only AVG seems to have a problem with it.

    If you can figure out how to set an exemption that should work. Maybe there is a spot to report false positives to AVG so they can fix it, although from what I saw people have been getting false positives on some other programs for a few months (rarely).

    Also the website can't be "infected" lol. TPT just fetches a json api, it doesn't load any other data or ads / similar. An infected website would be targeting browsers (usually through ads), not targeting a game that only fetches single pages and thumbnails.
  • funky3000
    25th Mar 2016 Member 0 Permalink

    I keep getting a "threat" as well, AVG keeps catching it in generic something or other. Too annoyed to really bother remembering exactly what it was, but it seems my threat is a common issue.

     

    I assume we can expect an update rather soon?

  • jacob1
    25th Mar 2016 Developer 0 Permalink
    @funky3000 (View Post)
    What would the update change? I don't know how to fix it. It isn't an actual virus or anything, just a false positive.

    Is there any way to tell AVG to ignore it?
  • Masterfox
    25th Mar 2016 Member 0 Permalink

    I think there could be one, but yes, the messages only came when I tried to open the FP, to close in time to be random in my opinion.

    Edited once by Masterfox. Last: 25th Mar 2016
  • funky3000
    25th Mar 2016 Member 0 Permalink

    My errors occur when I try to open up the online saves. Before it can load anything it goes unresponsive and AVG gets angry.

     

    But I could try to get AVG to play nice.

  • zaccybot2
    25th Mar 2016 Member 0 Permalink

    When the window pops up and blacks out the rest of the screen click at the bottom 'More options' then 'Allow' and forget it even happened. Avg is crap sometimes

  • Masterfox
    26th Mar 2016 Member 0 Permalink

    @zaccybot2 (View Post)

     Nice idea, but my router firewall is literally going crazy when I open up online saves, so it seem so AVG is right... Maybe someone reverse engineered the script for loading the saves? This would bypass both TPT and uploading the save in terms of virus checks, I guess. Anyways, there *definitely* is something wrong with this game, to much traffic on my router for my taste.

    Edited once by Masterfox. Last: 26th Mar 2016
Locked by jacob1: old thread / no virus in tpt