Page 1 of 1

AV Alert

Posted: Mon Sep 29, 2014 11:15 pm
by pandaslg
Hi my AV gave alert on the new ffxiv bot so I checked online : https://www.virustotal.com/fr/file/6112 ... 412031997/

8 positives

Should we be worried ? And when unzipping the file, it tried to change my UAC too.

Re: AV Alert

Posted: Tue Sep 30, 2014 1:19 am
by PitViper
No virii/trojans in viper. It is because of the way that the bot interacts with games, always makes it seem suspicious. Normally programs do not go around reading and interacting with other running programs.

Re: AV Alert

Posted: Tue Sep 30, 2014 11:07 am
by pandaslg
Hm ok, Did you use Themida ? It would explain the alert/false positive.

Thanks for the reply.

Re: AV Alert

Posted: Thu Oct 02, 2014 1:21 pm
by pandaslg
I still can't use it my AV keeps deleting it
20141002 130856 Le fichier "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130856 Le contrôle sur accès a refusé l'accès à l'emplacement "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" pour l'utilisateur AUTORITE NT\Système
20141002 130856 Le fichier "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130903 Le fichier "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130903 La valeur de registre "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130903 La valeur de registre "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" appartient au virus/spyware 'Mal/FakeAV-OP'.
20141002 130904 Le fichier "D:\Users\&&&\Downloads\FF14ViperRelease2.0.9.9b\FF14ViperBot.exe" a été nettoyé(e).
20141002 130904 La valeur de registre "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" a été nettoyé(e).
20141002 130904 La valeur de registre "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" a été nettoyé(e).
20141002 130904 Le virus/spyware 'Mal/FakeAV-OP' a été supprimé.

Why is FF14ViperBot.exe trying to mess up with this registry keys in the first place ?

Re: AV Alert

Posted: Thu Oct 02, 2014 2:48 pm
by PitViper
It tries to find out if it needs to prompt for a UAC/Consent privileges consent to launch.

As I said above, you have to add an exception for Viper to run.

I'm not going to go through what viper does internally. As this might open it up for detection by games.

It does not have any virii/trojans in it. Been in business for 10 years. Take it or leave it.