Active Protection Event Details
Event Type 2 -- Notify
Timeout 0(s)
Monitor Source 2003 -- On File Access
Message ID {00D77100-6DBA-4CEA-871F-A6B993DBFD0A}
Monitor Type 2 -- File
Recommend System Scan Yes
AP SDK Version 4.0.3904
Threat Definitions Version 7767
Event Actor Enum 2 -- Object
Event Date/Time 2010-12-23T00:38:21



Application Information
File Path C:\Windows\system32\rundll32.exe
Process ID 2520
File Size 45568(B)
CRC8 7AF67C01D60B0000
Application Rating 1 -- Known Good
Added To Always Allow List No
Company Microsoft Corporation
File Version 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name Microsoft® Windows® Operating System
Product Version 6.1.7600.16385
Description Windows host process (Rundll32)
Copyright © Microsoft Corporation. All rights reserved.



Attempted to modify the following file
File Path C:\Program Files (x86)\Steam\steamapps\weepinangel\bloody good time\bin\unitlib.dll
MD5 2b81835884e7e78c6cb9f0fd39d4c801
CRC8 608F0DC157AC0000
Application Rating 2 -- Known Bad
Threat ID 4150696



Action Taken
Action 2 -- Blocked
Reason 2 -- VIPRE Known

it wants to get you vacbanned?

Just had the same virus!!!!!! How'd you deal with it? What virus software are you running?

Just went and scanned it manually through my brothers comp, same threat found. This is very intriguing.

No problems here, Avira Antivir in use. Must have a false positive.

same here, nothing found with ESET Nod32.

Norton 360 just came up with that for me.

Im pretty sure i found the same one with micro soft security essentials
but i ignored it thinking that it was a false alarm :O

Sunbelt VIPRE is what I use. It says at the bottom of my OP.

Avast here. Just got the same warning. It is most likely a false positive. Though I've noticed the game process is still active after closing the game sometimes... maybe it's a bug that also causes AV software to read a false positive.

i've ignored it. did i make a mistake?

No problems here, Avira Antivir in use. Must have a false positive.Indeed. False positives are one reason why I'm not using any AV software at all.

i've ignored it. did i make a mistake?Not really, but if you chose to ignore your AV software's warnings, you might as well uninstall it. Which is not a bad idea IMHO.

Kaspersky.. Found it on my PC (both, the Game and the dedicated Server)
Found it on a Friends PC ...
Found it on another Laptop..

What the hell is this thing?

Another "useing some bad code" like Ubisoft did on Vegas 2 (they used a Crack of a known releasegroup to "patch" their game for D2D and Steam) or what?

No clue. Avast thinks it's a virus as well. So far Norton, Kapersky and Avast say virus, while all others (to my knowledge) say it's clean. Anyone running say AVG or McAfee that can confirm one way or the other?

I've got McAfee, but I don't have BGT insalled at the moment. I'll install it tomorrow and scan it and see what comes up.

Well, after today's update, it's no longer flagged by Avast. Going with false positive on my box.

I got it on Avast as well. I deleted it (moved it to chest actually) and had steam verify the files. Didn't get another warning.

Norton Internet Security 2011 found it too. It put it in quarantine(deleted it). Had steam verify files, and all was OK, and it did not replace the file.
I then ran BGT in arcade mode, ran fine. Then, did another scan of the BGT folder and steam had put it back, apparently, when I launched BGT. See below:


e:\valve\steam\steamapps\*******\bloody good time\bin\unitlib.dll
____________________________
____________________________
On computers as of:
12/30/2010 at 8:58:01 PM
Last Used:
12/30/2010 at 9:20:26 PM
Startup Item:
No
Launched:
No
____________________________
____________________________
Many Users
Thousands of users in the Norton Community have used this file.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
Origin
Downloaded from URL Not Available


Source: External MediaSource File:
steam.exe
File Created:
unitlib.dll

____________________________
File Actions
Infected file: e:\valve\steam\steamapps\***********\bloody good time\bin\unitlib.dll
Removed
____________________________
File Thumbprint - SHA:
Not Available
____________________________
File Thumbprint - MD5:
Not Available
____________________________

Of particular interest is the part in Bold.
Since Steam.exe keeps putting it back, I must assume it is a false positive.

my Avira Antivir also complained about this file.

bloody good time\bin\unitlib.dll
[FIND] Is the trojan horse TR/Dldr.Injecter.eym

Same thing as dukmiester2, happened just now with Norton, probably a false positive.
This is OuterLight we're talking about, and I trust them. :)
I can't say the same about UbiSoft, the publisher who pulled the rug out from OL.
(Yes, I know they are making the 'constant online' games only need to connect when they start, but still...) :mad:

c:\program files (x86)\steam\steamapps\~~~~~~\bloody good time\bin\unitlib.dll
____________________________
____________________________
On computers as of:
12/23/2010 at 11:20:56 PM
Last Used:
1/3/2011 at 9:21:34 PM
Startup Item:
No
Launched:
No
____________________________
____________________________
Many Users
Thousands of users in the Norton Community have used this file.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus.
Programs that infect other programs, files,
or areas of a computer by inserting themselves
or attaching themselves to that medium.
____________________________
Origin
Downloaded from URL Not Available


Source: External MediaSource File:
steamtmp.exe
File Created:
steam.exe
File Created:
unitlib.dll

____________________________
File Actions
File: c:\program files (x86)\steam\steamapps\~~~~~~\bloody good time\bin\unitlib.dll
Removed
____________________________
File Thumbprint - SHA:
Not Available
____________________________
File Thumbprint - MD5:
Not Available
____________________________
I turned off all my Norton services with the 15 minute option, of note is the *Auto-Protect* feature,
also known as 'That file looks strange, not very many people have it, and it kinda reminds me of a virus. I'm quarantining it.' Mode.
I then made it restore the file, told Norton "Be cool" by specifying the file as being fine, *exonerating* it from autodelete hell.
Norton hasn't complained yet.

Just experienced this when moving my Steam directory to another drive (as I have my AV ignore Steam on my main drive to avoid false positives in games).

If the Outerlight devs are still reading this forum, maybe they can talk with the AV companies so they stop flagging this file?

I've got McAfee VirusScan Enterprise.

Listed by several antivirus software

MD5: 2b81835884e7e78c6cb9f0fd39d4c801
SHA256: 4025cdc9a544a8146cb8ad7716095bca8013edd94000edce21 da6cd28ab4418f


http://www.virustotal.com/file-scan/report.html?id=4025cdc9a544a8146cb8ad7716095bca801 3edd94000edce21da6cd28ab4418f-1301703411

I have no clue what the file does myself, if its part of the internet MP part of the game I would not know since i play SP/Arcade mostly

i get this also, Eset Smart secuity

so i take its a false positive?