Antivirus Quarantined cw3.exe due to possible Trojan

DWCW3 · 275

DWCW3

  • Jr. Member
  • **
    • Posts: 14
on: August 28, 2019, 09:33:27 am
I fired up CW3 this morning and went to Colonial Space, then clicked on the 'Forum' link next to an interesting map and the game crashed.  Went to re-launch and discovered that Kaspersky had quarantined the .exe file and shows:

  • Quarantined   unknown object: 110 PDM:Trojan.Win32.Generic.nblk   c:\program files (x86)\steam\steamapps\common\creeper world 3\cw3.exe   Medium   

I'm assuming this is a false positive but wanted to see if anyone else was having a similar issue, or has had this issue in the past.  Kapersky also quarantined my gamesettings.xml file and stated that it was "rolling back changes" but I'm looking at the file in a text editor and can't see anything that doesn't look right.  Is it possible for the 'Forum' link to cause any changes to this .xml file that would trigger a threat reaction?

Thank you for your time!



Karsten75

  • Hero Member
  • *****
    • Posts: 6813
Reply #1 on: August 28, 2019, 11:15:30 pm
From time to time we have reports of 3rd party, aggressive anti-virus programs flagging or blocking CW3. A primary reason for this is that the game, in the greater scheme of things, is relatively unknown, so the AV writers don't automatically whitelist it.

There are procedures to do this, but those are onerous.

Additional, we can't aver with absolute certainty that  the executable on your computer is not corrupted. We know it is not corrupted in the download repository on knucklecracker.com, we know that it is not corrupted on Steam. We know, and assert that it has not been coded to be malicious.

What else can we tell you?

Update: Also, this thought that eluded me yesterday. You didn't download the game between the time that Kaspersky flagged it and the time prior to that that Kaspersky did not flag it, right? And I assume, based on your posting history that you have had the game for quite some time. If these assumptions are correct, then it is unlikely that the infection came to you vis the game - it may be that the executable got infected on your machine, but again, that is not under our control
« Last Edit: August 29, 2019, 08:16:01 am by Karsten75 »

"Any leftover cabbage can and will be mixed with mayo"
   - Cole's Law


DWCW3

  • Jr. Member
  • **
    • Posts: 14
Reply #2 on: August 29, 2019, 10:20:00 am
Thanks for the response.

I wasn't really concerned that the program itself was malicious, but I did have a small concern that maybe there was some way for the Colonial Space downloads to contain something.  I reacquired the .exe from Steam Validation, and will just continue to use as normal.



Karsten75

  • Hero Member
  • *****
    • Posts: 6813
Reply #3 on: August 29, 2019, 11:14:49 am
AH! That is an interesting question. The short answer is that there is no executable code in a map. The map is only ever loaded as data. During map upload, the map is not uploaded with any meta-data. So it would be incredibly hard and unlikely for it to be infected, and again, incredibly hard and unlikely for it to transmit that infection. Finally, one has  to bear in mind that virus writers usually target well-known, popular and widely used application niche that has the largest chance of spreading. A niche application like CW3 is also a far less likely target.  I'd be confident to reassure  you that CW3 map data files do not carry or transmit viruses - and if it did, the AV program would flag the actual file, not the application.

"Any leftover cabbage can and will be mixed with mayo"
   - Cole's Law