AAO25.com
Assist => Feedback & Suggestions => Bug Reports => Topic started by: OICURMT2! on Sunday, July 14, 2013, 04:20:01 AM
-
25Assist v7.32 - AVG Threat Detection.
Screenshot enclosed.
(https://aao25.com/forum/proxy.php?request=http%3A%2F%2Fi115.photobucket.com%2Falbums%2Fn290%2FOh_I_See_You_Are_Empty%2FAUSAAO25%2F25Assist-AVGThreatDetection.png&hash=e85d7d12800b01a466a3fc229787a4d3)
-
I don't think it has to do with assist, but: http://www.bleepingcomputer.com/forums/t/176761/virus-found-win32cryptor/
-
Interesting v7.31 didn't do this...
v7.32 spawns an executable in the 25Assist (under roaming) area and then tries to execute it...
I'll check for Malware, I'm very careful about running software/programs.
OIC!
-
I don't think it has to do with assist, but: http://www.bleepingcomputer.com/forums/t/176761/virus-found-win32cryptor/
The plot thickens... Malwarebyte detected nothing... and we have another Aussie player who is in the same situation.
What is interesting is that the executable that 25Assist creates differs in name every time. It is only created when you click on "Join Server".
I've never been able to use 25Assist to update, so I generally download the zipfile via a mirror. I'll try a different mirror to see if the malware was put in the zipfile at the mirror repo.
OIC!
-
Avast also says there is problem for me when I let assist update. I just told Avast to ignore it for now.
-
hmm
I packed my 25Assist.exe and uploaded the file to Jotti
http://virusscan.jotti.org/pt-br/scanresult/1290ab3ba4f4379cb456755c43544b8fed0a70b0
-
i use avg too but didn't have any issues, no threats found on the latest update or any update at all.
-
@OICURMT2!
You should quarantine the file and send it over to the lab for review.
It maybe a false positive.
For more information see:
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=395
or
http://samplesubmit.avg.com/de-de/false-detection
You might as well send it to me to have it checked:
newmal (at) arcor (dot) de
@Possessed
Already done:
https://www.virustotal.com/de/file/b92071cb71ea66aac39a428ab83810145aa3d907d1482a66c13fcbfec6c166cb/analysis/
-
@OICURMT2!
You should quarantine the file and send it over to the lab for review.
It maybe a false positive.
For more information see:
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=395
or
http://samplesubmit.avg.com/de-de/false-detection
You might as well send it to me to have it checked:
newmal (at) arcor (dot) de
@Possessed
Already done:
https://www.virustotal.com/de/file/b92071cb71ea66aac39a428ab83810145aa3d907d1482a66c13fcbfec6c166cb/analysis/
I've never known 25Assist to spawn randomly named executables. Therefore, I have to conclude that either 25Assist was infected when zipped up or that somehow I have acquired malware. I highly doubt if it is a false positive on a randomly named spawned exe file.
Looks like I'm in for the long haul to track this problem down...
-
http://virusscan.jotti.org/pt-br/scanresult/cba6194006ba06f2559ea5225540b31f6309cafd
must be false a positive, win 32 crypto is in the family http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Sefnit for other AV's, only 2 have triggered it and I checked for possible left dlls etc etc, found nothing,I checked msconfig and it has no new entries.
-
Avast also says there is problem for me when I let assist update. I just told Avast to ignore it for now.
Now there's a person willing to take a chance... lol
-
@OICURMT2!
I've never known 25Assist to spawn randomly named executables.
It's not a randomly named file but the mutex of 25Asssist.exe.
While 25Assist.exe is the hard disk file, "vfcnp2v0.exe" is loaded to memory.
-
http://virusscan.jotti.org/pt-br/scanresult/cba6194006ba06f2559ea5225540b31f6309cafd
must be false a positive, win 32 crypto is in the family http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Sefnit for other AV's, only 2 have triggered it and I checked for possible left dlls etc etc, found nothing,I checked msconfig and it has no new entries.
Your first link... does 25Assist spawn a randomly named executable? (gReUUMjG.exe in this case)...
-
I have the same problem..Virus was found by AVG 2013.The name of virus is Win32/cryptor.I tried to check my aa pack by http://virusscan.jotti.org/en but it did not find anything.The virus is always opened by pressing "Join Game".
-
Don't worry guys, that exe spawns everytime with a different file name to stop people tampering with it and preventing assist getting your hardware ID. Its about making life more difficult for hackers and thats always a good thing, shame its cauing false detections though.
-
We could bring this case to an end if even on AVG-user would follow those instructions:
For more information see:
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=395
or
http://samplesubmit.avg.com/de-de/false-detection
-
@OICURMT2!
It's not a randomly named file but the mutex of 25Asssist.exe.
While 25Assist.exe is the hard disk file, "vfcnp2v0.exe" is loaded to memory.
Your first link... does 25Assist spawn a randomly named executable? (gReUUMjG.exe in this case)...
Filename seems to change every time you hit "Deploy"
-
Don't worry guys, that exe spawns everytime with a different file name to stop people tampering with it and preventing assist getting your hardware ID. Its about making life more difficult for hackers and thats always a good thing, shame its cauing false detections though.
i willl submit a false detection report to avg.
-
Now there's a person willing to take a chance... lol
LOL I just tried to launch assist on my laptop and it is running AVG and it to gave an Win32/cryptor found and shuts assist down. It's definitely in the update.
-
We could bring this case to an end if even on AVG-user would follow those instructions:
Assuming it is a false positive...
Are you confirming it is?
-
i willl submit a false detection report to avg.
Good enough for me... I'll include it in the white-list...
-
Guys I cannot join the error comes up.
When I open the assist and try join the server the avg anti virus detects a threat called ''Cryptus''
(https://aao25.com/forum/proxy.php?request=http%3A%2F%2Flightpics.fr%2Fimages%2F2013%2F07%2F14%2Fq2tZ0.png&hash=ac29eba32838141a5ae9c9070ee25506)
Then the table with an error comes up:(https://aao25.com/forum/proxy.php?request=http%3A%2F%2Flightpics.fr%2Fimages%2F2013%2F07%2F14%2FPEmt5.png&hash=9b6cb25070f376bfb7b8f10c7686e6cf)
then it shuts down assist, please fix it i was able to play fine until new update.:(
-
Have submitted a false positive report to AVG, you will have to wait until they update it. Until then you can white-list it or temporarily turn off avg.
-
You have to either make an exception for "25Assist.exe" or wait till an updated virus definition will be released.
-
Yeh turning off avg and joining the server works:) thanks jonny
Just turn off avg and it will work but now i get open slot kick...omg even tho my connection is very good.
-
Seeing a lot of people getting kicked for closed auth slot this morning then they rejoin and about two minutes they are getting kicked again.
-
same problem here mehhh, ill put my avg off
-
fix the problem jonny i wanna play lol, yeh mixk same 2 min and getting kied all the time, tried pb reinstall nothing works
-
Yeh turning off avg and joining the server works:) thanks jonny
Just turn off avg and it will work but now i get open slot kick...omg even tho my connection is very good.
turn avg off ''till you reboot pc''
you're probably clicking on ''temp avg off for 5 mins'' which causes it I guess.
-
no i turned it till i restart my laptop nothing works
-
The problem isn0t Assist but people using AVG :P
Please install http://www.bitdefender.com/solutions/free.html ;)
-
sergio but it was fine until the latest update, and this would mean removing avg from pc?
-
sergio but it was fine until the latest update, and this would mean removing avg from pc?
no,
-
The problem isn0t Assist but people using AVG :P
Please install http://www.bitdefender.com/solutions/free.html ;)
doesn't work
-
Don't worry guys, that exe spawns everytime with a different file name to stop people tampering with it and preventing assist getting your hardware ID. Its about making life more difficult for hackers and thats always a good thing, shame its cauing false detections though.
gj !
-
The problem isn0t Assist but people using AVG :P
Please install http://www.bitdefender.com/solutions/free.html ;)
It isn't that simple... AVG may have a false positive this time, but maybe another AV may have it next time... best way is to make sure the fingerprint is registered with AV programs so that there is no further false positives...
-
auth slot kick should be fixed now, it fixed mine.
-
It isn't that simple... AVG may have a false positive this time, but maybe another AV may have it next time... best way is to make sure the fingerprint is registered with AV programs so that there is no further false positives...
As I stated Avast says its a virus also.
-
Hello so I try joining a server to play on and it comes up wit this message:
[ An exception of class NilObjectException was not handled. The application must shut down. ]
So I press Ok and aa25assist shuts down.
Then my antivirus detects a virus in my 25assist file so I remove it then I try getting into a server again, but the same message keeps popping up... :oops:
Can you guys please help?
Thanks.
-
what is your anti virus?
-
Hello so I try joining a server to play on and it comes up wit this message:
[ An exception of class NilObjectException was not handled. The application must shut down. ]
So I press Ok and aa25assist shuts down.
Then my antivirus detects a virus in my 25assist file so I remove it then I try getting into a server again, but the same message keeps popping up... :oops:
Can you guys please help?
Thanks.
Disable your antivures and try joining the server, should be okay.
-
i dont have AV at all :)
-
Disable your antivures and try joining the server, should be okay.
This... or ignore the ''virus'' with your antivirus, don't delete it and it will work aswell
-
Oooh thanks guys i've disabled my AVG for the meantime and yh it works thx a bunch <3
-
Sounds like an overbearing anti-virus that slows your computer down. Real glad I stopped using AVG a long time ago.
-
AVG no longer detects the file as a virus.
Before:
Detection Rate 5 / 45
2013-07-14 09:19:51 UTC
Now:
Detection Rate 4 / 45
2013-07-17 14:49:01 UTC
Still:
Ikarus
McAfee
McAfee-GW-Edition
TrendMicro-HouseCall
-
Not bothered about this anymore, in the next update the hwid will be read natively without external exe.