Infostealer from Divx

Started by Artrubian, May 15, 2010, 12:12:55 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Artrubian

Anyone tech savvy with some info that they could spare...alms...alms...alms for the infected....i downloaded DIVX AVI player and wham now everytime i open my wow page Nortons pops up with an infostealer blocked warning. Go figure though it cant find any virus's or anything of the sort to fix...couple other websites said to try Search and destroy but guess what...also came up with nothing else. i don't dare to log into anything further until i get this resolved and since i know a lot of you have quite a lot of experience in PC biology i was hoping maybe someone had some good information they wouldn't mind offering up to me. Thanks in advance yawl are A list in my book anyways. Arty



Update edit: apparently I'm not the only one going through this today. as of forum posts on WOW website today Nortons 360 may be giving a false positive on that file. I'm currently updating to the latest 4.0.1.32 version of nortons which has proven for a couple to take care of the concern. ill post again if this does for anyone else that may be getting this occurrence

Update: ok it just happened to be coincidental that this began as i downloaded the DIVX player. it is a false positive with Nortons VS wow. not sure what they changed as of this morning to cause this but that is what it is. if you update your nortons to the current version <actually download it from their site uninstall/reinstall> it will fix this concern. Thanks again. Arty


Shadowwolf

The latest version of DiVX has the optional install of Norton 360, if you didnt uncheck the box during the install, it put it on your machine. My suggestion to fix the annoyance would just be look at your installed files and remove any occurrences of Norton 360, if theres none showing, remove DiVX and try installing it again watching closely for when it asks if you want Norton 360. Its a common trend to bundle installs lately, Java has been doing it as well, rather annoying but an inevitable and unavoidable progression path for free software =(
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess


Grendeel

Yeah i wasnt paying attention and i think it was with a Java update (?) i got a macaphee type install (which was really just a redirect to their site to buy it).  I just removed it using add/remove programs.  I was paying attention on the divx update and chose the "dont install" option for norton :P

Certain sites i just took it as safe to assume they wouldnt install anything nefarious.  I guess this isnt true anymore, even with the more "safe" sites now.

Shadowwolf

They're all trying to make a buck. Its not as bad as spyware/adware but its a close second.
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess


fiere redfern

FYI, the same thing is happening with Symentec. I ran LiveUpdate, but even after that, starting WoW triggered the warning. There are hundreds of posts on the forums about the same issue; the universal conclusion (aside from a few tin-foil hats) is that the files (scan.dll or scan.dll.new) are only used to send non-specific system information to Blizzard for the purposes of beta testing, PTRs, whathaveyou. Updating to the most recent version of your anti-virus software should stop that from popping up. My provider, Symentec, hasn't yet so what I ended up doing (though I wouldn't recommend it) was adding the entire World of Warcraft folder to the exceptions list, since my scanner was deleting scan.dll.new every time it saw it.

Artrubian

yea i already had Nortons 360 installed on my pc which is what caused it in the first place not the biggest fan of it but its better than no AV at all. and since its made by symantic its the same one. there is an updated version of the AV's which will stop it from showing up as an infostealer. just not a big fan of logging onto WOW and seeing the Ohh S%$U INfostealer has been detected...lol


Shadowwolf

Actually, and ironically, those 2 files are Blizz's method of defense against some trojan password stealers that are masked as addons, hehe. When you logon, WoW does a quick check for exe style addons and reports them.
Come to the darkside, we have cookies.
"A flute with no holes is not a flute, and a donut with no hole is a danish" - Chevy Chase as Ty Webb in Caddyshack
"Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind."- Dr. Suess


Artrubian

lol Symantic FTW then i guess ehh...


Belandand

Hey Arty-guess who. I have the same problem. I optedf or the cheap version of Norton (basic coverage). Don't get scurred. If it has the file "pathway" of scan.dll or something weird like that, it's Blizzard. This "false-positive" issue has been one of themost widely reported AV issues with WoW.

Apparently, everytime you log in, Blizzard checksthe information on your system to look at your hardwar specs-or so Blizzard forum posts state. There is not a virus on your computer IF and ONLY IF Norton reports the pseudo Infostealer file as having the scan.dll thingie.

If you're scared, google infostealer and WoW. You should reach the appropriate forum posts.

Also, if your system has been comprised, I've read that Avaste or AVG are pretty good at helping to remove these things fromy our system. Norton isn't that great.

Hope this helps- sorry if it's redundant.

fiere redfern

Fix'd.

QuoteWe are writing in relation to your submission through Symantec's on-line Security Risk / False Positive Dispute Submission form for your software scan.dll and scan.dll.new in World of Warcraft being detected by Symantec Software. In light of further investigation and analysis Symantec is happy to remove this detection from within its products.

The updated detection will be distributed in the next set of virus definitions, available daily, or weekly via LiveUpdate, depending on Symantec product version, or daily from our website at

http://securityresponse.symantec.com/avcenter/defs.download.html.

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor, Symantec offers the possibility of adding your software to its database of known clean files in order to reduce the possibility of false positives. If you wish to participate in this program, please complete the attached form and return to this address.

Sincerely,

Symantec Security Response