PDA

View Full Version : Trojan found in game file


NEZ-Leader
06-16-2009, 02:03 PM
I don't know if it's a false-positive, but I was launching steam and I found a trojan in one of the SLAMIT files.
My Resident Shield popped up about 30secs after I launched it with this:
http://img230.imageshack.us/img230/5419/slamittrojan.jpg

I have a 3yr degree with computers, (A+, MCSA, CCNA, Class M licensed/certified) my computer is extremely clean.

Obviously I deleted my local files immedietly, so now I'm not safe from my own purchased games anymore? They're slipping bombs into broken software for fun?

I wonder if that licensing company (Strategy First) that tried to "fix" the game can explain this one (someone might want to alert authorities about this one, since they're scammers to begin with, how many more illegal and malicious actions are they going to get away with?).

SD24
06-16-2009, 02:26 PM
Well AVG has a nasty habit of giving out fake alerts. A while back, when Crysis was released, AVG AntiVirus detected a trojan in my retail DVD. So I wouldn't trust it too much.

NEZ-Leader
06-16-2009, 02:46 PM
sadly, I neglected to scan it with a few other ones I have in here, and that data has been deleted (not about to re-download it, broken anyways, ♥♥♥♥♥♥bags gg), but that Resident Shield is quite reliable (I find personally), and I used the seperate scanner itself (the screenshot), and I wasn't doing anything on Steam other than launching Steam itself.
I've had the game data installed on my drive ever since I purchased it and it never set anything off before when I opened Steam. All of a sudden yesterday, it did.

AVG treats certain batch-type/runtime files as trojans when they may not be, but it's a "warning" message, not a "found" message (things like key generators, registry key auto-merger scripts, xml's with strange media types embedded in it, etc).

JacKPorT
07-09-2009, 02:08 PM
WinXP NOD32 v3.0.684.0 virus base(4229)(20090709) alerts Win32/Trojan Agent on ...\program files\steam\steamapps\common\slamit pinball big score\Trap.exe, what's wrong with this game?

freibooter
07-12-2009, 02:39 PM
It's not a Trojan or malware of any kind, it's your anti-virus´ behavioral analysis being overly sensitive.
"Trap.exe" disables various keyboard shortcut including your task-manager so that you can use "SlamIt" mode without worrying about triggering anything that would kick you out of the game.
As far as I know trap.exe is not vital for Big Score to function properly, so if you're paranoid deleting the file is not a big issue.

I personally wouldn't trust a single AV-scanner to give me 100% correct results, either way.

I personally use http://www.virustotal.com (through it's nifty shell-extension (http://www.virustotal.com/vtsetup.exe)) in addition to my resident scanner on both suspicious files that my AV does not complain about as well as the ones that it does. No AV is error free and false positives are becoming a growing problem for most of them.

NEZ-Leader
08-13-2009, 02:54 PM
Telling me "it's a false positive" with no explaination doesn't make me sleep better at night.

An anti-virus program, finding a file named trap.exe, what conclusion would you first think of?
Coming from a 3yr degree, and 3x certified, that sounds like a keylog or process-hijack file, which is why it's not installed anymore in my system.

So is this game going to be patched or did I waste my money?

The game WAS fun the 3 times I played it before it became disabled, trojan warning, then uninstallation.

Another high-quality broken software offering from steam, yay

EDIT: Yes I read the sticky but that post was not there when I made mine.

freibooter
08-23-2009, 04:53 PM
Telling me "it's a false positive" with no explaination doesn't make me sleep better at night.

An anti-virus program, finding a file named trap.exe, what conclusion would you first think of?
Coming from a 3yr degree, and 3x certified, that sounds like a keylog or process-hijack file, which is why it's not installed anymore in my system.

Considering that it does, if only temporarily, disable access to the task manager, kind of makes it a process hijacker and I fully understand why most AVs' heuristics ring the alarm bells. The game works without this file, though. Well, "it works" as well as with the file ... which sadly isn't really that well at all.

So is this game going to be patched or did I waste my money?

Technetium stopped all communication an by now it feels almost safe to say that the game will probably never be patched.

EDIT: Yes I read the sticky but that post was not there when I made mine.

Yes, it was. It actually was posted months before your thread was created. But stickies are easy to miss. :)

alannathanson
09-10-2009, 08:36 AM
McAfee reported a trojan in Sub Command. Has anyone else run across this?

Toridas
09-10-2009, 11:22 AM
I would think that someone that has **ZOMG A DEGREE IN COMPUTERS AND 17 CERTIFICATIONS** (seriously, do you mention that every time you post on the internet? be more pretentious please) would know that a program designed to DISABLE YOUR KEYBOARD would show up as a false positive. No, they aren't going to patch it, because that is the main functionality of the program.

crustyspot
09-17-2009, 08:21 PM
Hey guys, what virus slows your system down to a crawl 24x7x365, bugs you with popups every hour, stops your games from communicating on the net, falsly tells you half your files are infected, and forces you to pay $50 to get rid of them?

Why it's called a virus scanner of course!

Most of these antivirus programs remind me of the terror color codes that used to be so popular. Oh crap, today is Chartreuse! Duck and Cover!

None of these Steam games have viruses. Disable your resident shields or get rid of the scanners altogether and stay off Myspace and Limewire, stop searching for song lyrics and free music, stay away from keygen code sites, and don't believe for a second that you are infected via a pop up window telling you so online. Or if you are so inclined to surf the unsafe sites, do it in Sandboxie or a virtual machine.

And it doesn't take a Class M electrical license (LOL NEZ-Leader) to stay clean.

BFeely
10-27-2009, 04:09 PM
Microsoft Security Essentials detects it as a "generic" detection, but it also allows you to specifically allow it.

Dipso
10-29-2009, 04:54 AM
Yea, Security Essentials kicked on this one for me too.

Most antivirus software allow you to ignore or allow a file that is detected falsely, This is the case here.

The file has functionality that hooks into windows in a way that is suspicious to many of these programs detection routines. It happens, get over it.

If your AV doesn't allow you to ignore or report false positives, contact your vendor for help with this.

Dipso
10-29-2009, 05:01 AM
Coming from a 3yr degree, and 3x certified, that sounds like a keylog or process-hijack file, which is why it's not installed anymore in my system.


...or it sounds exactly like the post above this comment. A program that "traps" certain keypresses like those that would throw you out of a game...

And as stated the game should function without the "offending" file, if you feel extra paranoid today.

Also.. stop with the degree flaunting, it makes you look like someone who needs to be knocked of their high horse. :rolleyes: (Most likely _some_ of the people you are bashing have masters or higher degrees... 3yrs is nothing in this day of age...)

vhold
01-06-2010, 10:09 AM
Came here for the samething.. Microsoft Security Essentials flagged Trap.exe as Trojan:Win32/Orsam!rts

Vimpel
01-13-2010, 03:48 PM
very amusing thread.

your 17 degrees in "computerology" didnt make you any more flexible than outright believing an original game released trough steam is trying to hijacking your computer with an executable virus called "trap.exe"?

false positives are common for legit executables that for whatever reason happen to tap into input devices routines.

deeeg
03-12-2010, 12:21 PM
Hi, same problem here... sorry but i dont feel the taste of humor ofthat situation, i install today and have this message...


http://monimag.eu/upload/395/steam-pinball-virus-01.png


what do i do please?

hentaicabbit
03-15-2010, 10:28 PM
Trap.exe only looks like a virus because it disables the "Windows" keys on your keyboard.

More info from PinballAddicts.com (http://www.pinballaddicts.com/index.php?option=com_content&task=view&id=356&Itemid=2)Technetium Games, the developers of SlamIt pinball have released patch V1.2 independent of Steam (V1.2 is not available on Steam for various reasons and must be downloaded from the developers site and applied to your Steam game manually).

Previous versions of the update contained a file ironically named trap.exe that was falsely being detected as a virus by several major Virus checkers, however the latest version has had this file removed from the update to prevent any confusion. If you have the program already then you already have the required trap.exe. From my discussions with the developer, this file was the cause of many headaches both for them and endusers but is pivotal to the game itself, it temporarily disables the windows keys on your keyboard so you can slam the keys in "SlamIt" mode. Unfortunately this action mimics the action of a known virus, hence the false positive.

So now you know that it's a false positive. Submit the file to your antivirus scanner's maker so they'll know it's a false positive.

Edit: Here's some more info directly from the game's Developer (http://forums.steampowered.com/forums/showpost.php?p=9306004&postcount=10).

Alkpaz2
06-13-2010, 12:56 AM
I had to exclude all of Steam from my anti-virus.. and yes I know antivirus software gives false positives, but now they make it a little harder to exclude files that are considered "safe" by individual users. Also, you don't necessarily catch the exclusion the first time you run it, which you discover later down the line it disabled or killed a program you know to be "okay".

The Paradox
06-24-2010, 01:44 PM
I had excluded this file, I will never play on slam mode, so it is unnecessary and will not change my gaming experience.

onisciente
06-25-2010, 08:36 PM
http://monimag.eu/upload/479/steam virus.png
When I downloaded the game....

ModemMayhem
07-03-2010, 09:16 PM
It's not just a problem with trap.exe. BTW: Many antivirus programs has identified it as a threat, enough to make me hesitate to run this program. See here: http://www.virustotal.com/analisis/ea4987d12daad9d02799a6f597eef54aa6322116056ca8d764 a26ab99903e81f-1278215366

If that's not bad enough, their 1.2 patch is also considered a virus, at least according to Symantec. See here: http://safeweb.norton.com/report/show?url=http:%2F%2Fwww.slamitpinball.com%2FForum% 2Fucp.php%3Fmode=register

Personally, I'm not taking any chances. Think I'll load up Big Race instead.

JojoTheSlayer
07-06-2010, 12:44 AM
It's not just a problem with trap.exe. BTW: Many antivirus programs has identified it as a threat, enough to make me hesitate to run this program. See here: http://www.virustotal.com/analisis/ea4987d12daad9d02799a6f597eef54aa6322116056ca8d764 a26ab99903e81f-1278215366

If that's not bad enough, their 1.2 patch is also considered a virus, at least according to Symantec. See here: http://safeweb.norton.com/report/show?url=http:%2F%2Fwww.slamitpinball.com%2FForum% 2Fucp.php%3Fmode=register

Personally, I'm not taking any chances. Think I'll load up Big Race instead.

A)The patch has the same file. Its still trap.exe that is the false positive.

B) Of course other virus program would call this out as a possible w32 virus. Its a "unknown" exe file wich disables windows functions (windows keys to not jump out of the game).

C) Common sense. Its on Steam. Dont you think, after considering the information provided from several sources. This game would have been pulled if it was a hijack scam?

People shouldnt "flash" there supposed PC knowledge when they are clearly just making it up or have hypochondria like irrational paranoia in regards to there PC. PC safety is paramount, but common. Common sense needs to prevail.

ModemMayhem
07-06-2010, 06:30 AM
Consider, then, this vaguely worded response from Symantec after trap.exe was analyzed specifically. I suppose they're just "flashing" their knowledge?

- - -

The Symantec Insight Dispute team has reviewed your recent submission to the Insight Dispute Submission form Webpage form "Slamit Pinball." In light of further investigation and analysis, Symantec has found that the current recommendation on this program is correct and will not be changed.

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.


Sincerely,

Symantec Insight Dispute Team

Regional Coffee
07-06-2010, 04:43 PM
Really people, just read the damn thread. It's been explained time and time again why AV's seem to regard this as a potential infection - that doesn't mean it is. I have an old freeware app that's always detected as a possible virus, but it's definitely not - it's just the way it calls certain windows functions that rate as "suspicious" to the AV vendor.

Disable your Steam folder from AV scans. Fixed.

But hey, to be on the safe side - REFORMAT YOUR PC!!!

JojoTheSlayer
07-10-2010, 12:14 AM
Ffs.
Its a standard "better safe than sorry" response.
It wouldnt surprise me if they only, if at all, just checked if the file had virus like behavior. As in disabling Windows features, which it does.

If you want to be a schmuck and let stuff like this scare you. Go ahead.

Consider, then, this vaguely worded response from Symantec after trap.exe was analyzed specifically. I suppose they're just "flashing" their knowledge?

- - -

The Symantec Insight Dispute team has reviewed your recent submission to the Insight Dispute Submission form Webpage form "Slamit Pinball." In light of further investigation and analysis, Symantec has found that the current recommendation on this program is correct and will not be changed.

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.


Sincerely,

Symantec Insight Dispute Team