Trojan Virus in S&M S1E1?

ShimShim
edited February 2010 in Game Support
Antivir is giving me a trojan warning when I want to boot up the first episode of the first season of Sam & Max. It doesn't happen with the other Telltale games.

CmdLineExtInstallerExe.exe is infected with Trojan TF/Agent.375992.A

Getting ridd of it and re-downloading gives me the exact virus/trojan back.
Am I the only one?

<EDIT> Actually it happens also with the other episodes except episode 4 "Abe Lincoln" must die, I don't get a trojan warning with that one. I got that one some time ago when it was free - it fails however to connect to the community forums...

<EDIT 2> It seems that the community tracker is identified as a trojan in Antivir. Am I the only one using Antivir? When I refuse access to the named file the community tracker doesn't work.

Comments

  • DjNDBDjNDB Moderator
    edited January 2010
    I was able to reproduce the warning. The file is a part of securom and is signed by Sony DADC Austria AG (though with an expired certificate).
    I submitted it to Virustotal which produced positive results with 3 Antimalware products. Antivir and McAfee-GW-Edition possibly use the same engine, Sophos only is suspisious of the programs behaviour.
    I submitted it to Avira as a suspected false positive and will post the result when i get it. The same thing seems to have happened before (german) and i wildly guess that avira created some kind of exception in their engine for that files hash back than and the file securom transfers changed recently disabling that exception.
  • ShimShim
    edited January 2010
    Hey, thanks man!
    I also suspect this to be a false positive...
  • SegSeg
    edited January 2010
    This happens from time to time. Telltale Games uses NSIS for installers. A lot of software uses NSIS to install as it's free as in freedom and beer. A lazy virus definition expert flags the NSIS components, rather than the actual contents of the virus. Suddenly every piece of software that uses NSIS is flagged, creating these false positives. It happens every few months to a random anti-virus software program. It's like saying someone has gangrene just because they have a right leg.

    Ways to be sure you're OK:

    Obtain the game from TelltaleGames.com
    The installer files are served by Limelight, but if the TTG website is providing the link, you know it's OK!

    Check the Digital Signature
    All the installers distributed by Telltale for Wallace & Gromit & Monkey Island are digitally signed by "Telltale, Inc."

    You can check the properties for the digital cert on Vista and Win7 (WinXP support is broken for large files). Go into the Properties of a file, click the "Digital Signature" tab, and make sure you see "Telltale, Inc." as the name of the signer. If it's something different, or there's no "Digital Signature" tab, it may not be from Telltale.

    The other games aren't signed, so don't panic outright when you don't see a signature with them.
  • ShimShim
    edited January 2010
    Thanks again, Seg.
  • DjNDBDjNDB Moderator
    edited February 2010
    Today I got Aviras response, confirming it is a false positive, and that it will be removed from the virus definition file with one of the future updates.
  • SegSeg
    edited February 2010
    Thanks DjNDB for following up with Aviras!

    Moving forward anything new out of this studio will be signed. Some day we'll get the rest of the Telltale Games installers signed.
  • ShimShim
    edited February 2010
    Yeah, thanks again DjNDB!
This discussion has been closed.