Got Virus In The Client!

[西门吹血 0]

Y my Norton tell got [packer.win32.main007.a] virus in the Full.zip file?

can any GM check and repair!

[Exec 0]

nothing to worry about, always happened that the client looked like a virus for Norton, nothing to worry about

[Hellion 0]

i also has that "probelm",there's any way that GM can fix it somehow,because its quite anoying!?.

[~JingGM 0]

There is NO virus in the client that you download from the main HB Nemesis website, don't worry.

 

 

All you need to do is disable your anti-virus scanner, extract the files, and you can play Nemesis.

[Guerrero 0]

Norton anti virus is hopeless.

 

When i had that, a paid subscription mind you- i got more viruses than I do with free AVG ...

 

Delete Norton, its a big company which dominates the market. They blab on about viruses and this and that but in all reality Ad-Aware and AVG is all you really need IMO. Both are free.

 

 

 

 

[~elguason 0]

AVG

NOD

Avira

 

---

 

Turn off your anti virus, Ctrl+Alt+Delete and close everything related to your antivirus... Then download the Patch/helgame.

 

[~scatterp 0]

had a long and difficult chat with these anti virus guys they now understand the problem and have given us a reference number and are working to fix the issue (supposedly)

 

https://www-secure.symantec.com/en/uk/norto...vid=&pid=cs

 

if you connect to this url please state that your case number is 493146959

and please also post a log of the chat here

 

scatterp has entered room.

 

Kesari has entered room.

 

Kesari(Tue May 26 11:07:24 UTC+0100 2009)>You are being transferred to Kesari.

 

scatterp(Tue May 26 19:07:35 UTC+0100 2009)>hi

 

Kesari(Tue May 26 11:07:35 UTC+0100 2009)>Hi Welcome to Norton Support , my name is Kesari, Can I please have a minute to go through the information you have provided

 

scatterp(Tue May 26 19:07:47 UTC+0100 2009)>sure...

 

Kesari(Tue May 26 11:07:47 UTC+0100 2009)>Please don?t follow this now ? but just in case we get disconnected for any reason, you can follow these instructions to reconnect to me. You'll need to do this within a couple of minutes of being disconnected:

Can you please make a note of these instructions.

1) Open up Internet Explorer and then go to www.norton.com/connectme

2) Enter the [Connection Code] 221954

3) Click on [submit]

 

Kesari(Tue May 26 11:07:55 UTC+0100 2009)>Hello Simon how are you doing today?

 

scatterp(Tue May 26 19:08:00 UTC+0100 2009)>hi not to bad

 

scatterp(Tue May 26 19:08:16 UTC+0100 2009)>norton is detecting an application from my website as a virus...

 

Kesari(Tue May 26 11:08:21 UTC+0100 2009)>Simon how may I help you today?

 

scatterp(Tue May 26 19:08:34 UTC+0100 2009)>is there anyway we could get it removed by provideing a signature..

 

scatterp(Tue May 26 19:08:46 UTC+0100 2009)>its packed to prevent hackers...

 

scatterp(Tue May 26 19:09:14 UTC+0100 2009)>its detected as packer.win32.main007.a

 

Kesari(Tue May 26 11:09:22 UTC+0100 2009)>May I confirm that you are getting false virus threat messages

 

scatterp(Tue May 26 19:09:50 UTC+0100 2009)>ok i know that already...

 

scatterp(Tue May 26 19:09:57 UTC+0100 2009)>but problems is some users do not know

 

scatterp(Tue May 26 19:10:51 UTC+0100 2009)>so i want to send you the file in question so it can be whitelisted...

 

Kesari(Tue May 26 11:11:05 UTC+0100 2009)>Simon, I can connect to your computer and work to resolve the problem from here, while you sit back and watch.

This is a secure connection, and I won't access any personal information on your computer. If at any point you are concerned, you can disconnect me by clicking on the [End] button. I'd encourage you to view the troubleshooting from your end.

If for any reason you need to leave your computer, let me know via the chat window and we'll disconnect the remote session and resume once you're back.

Shall we go ahead with the remote connection?

 

scatterp(Tue May 26 19:11:39 UTC+0100 2009)>hmm the problem is not with my computer...

 

scatterp(Tue May 26 19:11:51 UTC+0100 2009)>the problem is with your product...

 

scatterp(Tue May 26 19:12:13 UTC+0100 2009)>your "flex filter" for packer.win32.main007.a is wrongly defined some how..

 

scatterp(Tue May 26 19:12:43 UTC+0100 2009)>i do not have the anti virus installed on this system also..

 

Kesari(Tue May 26 11:13:47 UTC+0100 2009)>But Simon according to the symantec it is virus threat

 

scatterp(Tue May 26 19:14:18 UTC+0100 2009)>yes exactly... so this is the problem...

 

scatterp(Tue May 26 19:14:38 UTC+0100 2009)>if symantec said "microsoft word" was a virus threat

 

scatterp(Tue May 26 19:14:43 UTC+0100 2009)>it would be a problem...

 

scatterp(Tue May 26 19:14:56 UTC+0100 2009)>because microsoft word is not a virus threat its a word processor...

 

scatterp(Tue May 26 19:15:25 UTC+0100 2009)>so some "change" would need to be made inside symantech anti virus...

 

Kesari(Tue May 26 11:16:35 UTC+0100 2009)>Simon many files and virus messages are created after verifying and doing a lot of research on and we cannot change any list . I am sorry about that

 

scatterp(Tue May 26 19:17:28 UTC+0100 2009)>the list is changed almost weekly (thats the update button)

 

scatterp(Tue May 26 19:17:38 UTC+0100 2009)>i am "helping" with that verification...

 

scatterp(Tue May 26 19:17:46 UTC+0100 2009)>since this was NOT verified correctly...

 

Kesari(Tue May 26 11:18:07 UTC+0100 2009)>Yes Simon you can update that.

 

scatterp(Tue May 26 19:18:35 UTC+0100 2009)>hmm do you have a second line support you could transfer me to.. i do not think you are understanding what i am telling you...

 

scatterp(Tue May 26 19:19:32 UTC+0100 2009)>i can not update that its a file on symantech controled servers...

 

Kesari(Tue May 26 11:20:21 UTC+0100 2009)>Simon I do understand If you still want I can transfer you to my supervisor . But he cannot change any white listed programs . And we cannot update in the Symantec servers directly

 

scatterp(Tue May 26 19:20:39 UTC+0100 2009)>ok please transfer me to your supervisor..

 

Kesari(Tue May 26 11:22:03 UTC+0100 2009)>Okay Simon just be online please make a note of this case number for your future reference 493146959

 

scatterp(Tue May 26 19:22:29 UTC+0100 2009)>or better if you can transfer me to the department that CAN update the symantec servers.. that would be the correct department..

 

scatterp(Tue May 26 19:25:33 UTC+0100 2009)>i think is Symantech Security Response department..

 

Kesari(Tue May 26 11:25:40 UTC+0100 2009)>Simon but we cannot change or modify any details . You can just update that

 

scatterp(Tue May 26 19:26:02 UTC+0100 2009)>ok let me try to explain to you more clearly...

 

scatterp(Tue May 26 19:26:13 UTC+0100 2009)>do you know what is c++ ?

 

Kesari(Tue May 26 11:26:46 UTC+0100 2009)>Yes

 

scatterp(Tue May 26 19:26:55 UTC+0100 2009)>the product symantech anti virus is written in c++

 

scatterp(Tue May 26 19:27:01 UTC+0100 2009)>its job.. find viruses...

 

Kesari(Tue May 26 11:27:13 UTC+0100 2009)>Yes you are right

 

scatterp(Tue May 26 19:27:21 UTC+0100 2009)>to do this you need copys of viruses to make "signatures"

 

scatterp(Tue May 26 19:27:35 UTC+0100 2009)>you get these because customers submit susspicious files here https://submit.symantec.com/websubmit/retail.cgi

 

Kesari(Tue May 26 11:27:47 UTC+0100 2009)>Yes are right

 

scatterp(Tue May 26 19:27:55 UTC+0100 2009)>then you take a small section of that file like a fingerprint and scan for it...

 

scatterp(Tue May 26 19:28:08 UTC+0100 2009)>some times those fingerprints work well...

 

scatterp(Tue May 26 19:28:17 UTC+0100 2009)>some times those fingerprints do not work so well..

 

scatterp(Tue May 26 19:28:28 UTC+0100 2009)>when they do not work well.. thats a "bug"

 

scatterp(Tue May 26 19:28:33 UTC+0100 2009)>or programing error...

 

scatterp(Tue May 26 19:29:01 UTC+0100 2009)>the guys that write these signature files that become "updates" need to know when there are problems..

 

scatterp(Tue May 26 19:29:20 UTC+0100 2009)>and software publishers need to inform the guys who write these updates when there are problems..

 

scatterp(Tue May 26 19:29:37 UTC+0100 2009)>for example imagine you spend 5 years writing a computer program in c++

 

scatterp(Tue May 26 19:29:43 UTC+0100 2009)>and you have a forum...

 

scatterp(Tue May 26 19:29:57 UTC+0100 2009)>and in the forum all your users use symantec anti virus...

 

scatterp(Tue May 26 19:30:13 UTC+0100 2009)>and they all tell you that they can not use your product symantec says its a virus...

 

scatterp(Tue May 26 19:30:23 UTC+0100 2009)>then you need to think...

 

scatterp(Tue May 26 19:30:37 UTC+0100 2009)>A) symantech anti virus is broken let me tell the programmers ...

 

scatterp(Tue May 26 19:30:50 UTC+0100 2009)>B)my program must be broken let me fix it...

 

scatterp(Tue May 26 19:30:57 UTC+0100 2009)>which answer makes more sense to you ?

 

Kesari(Tue May 26 11:32:42 UTC+0100 2009)>I am sorry to say Simon that I cannot help you regarding this issue . If you want I can transfer you to my supervisor . You can speak with him regarding this issue.

 

scatterp(Tue May 26 19:33:08 UTC+0100 2009)>ok but you did not answer the question...

 

Kesari(Tue May 26 11:34:42 UTC+0100 2009)>It is very difficult. I am sorry I will not be able to answer that properly

 

scatterp(Tue May 26 19:36:19 UTC+0100 2009)>ok for future refrence answer is A

 

scatterp(Tue May 26 19:36:29 UTC+0100 2009)>because otherwise the users of the forum post things like:

 

scatterp(Tue May 26 19:36:33 UTC+0100 2009)>Norton anti virus is hopeless.

 

When i had that, a paid subscription mind you- i got more viruses than I do with free AVG ...

 

Delete Norton, its a big company which dominates the market. They blab on about viruses and this and that but in all reality Ad-Aware and AVG is all you really need IMO. Both are free.

 

scatterp(Tue May 26 19:36:59 UTC+0100 2009)>ok so please transfer me to your supervisor... and i will try to resolve this issue with him..

 

Kesari(Tue May 26 11:38:58 UTC+0100 2009)>Okay Please be online I will quickly transfer you

 

scatterp(Tue May 26 19:39:02 UTC+0100 2009)>ok

 

Kesari(Tue May 26 11:39:22 UTC+0100 2009)>Please wait, while the issue is escalated to another *spam*yst.

 

Amar has entered room.

 

scatterp(Tue May 26 19:39:49 UTC+0100 2009)>hi Amar

 

Amar(Tue May 26 11:40:01 UTC+0100 2009)>Hi , simon my name is Amar your case has been escalated to me, can I have a minute to go through the details of this case?

 

scatterp(Tue May 26 19:40:20 UTC+0100 2009)>sure.. might be easyer if i just explained..

 

Kesari has left room.

 

Amar(Tue May 26 11:41:03 UTC+0100 2009)>Please go ahead.

 

scatterp(Tue May 26 19:41:35 UTC+0100 2009)>i have a zip on my website and users are saying that symantech anti virus is detecting it as a virus

 

scatterp(Tue May 26 19:41:45 UTC+0100 2009)>i know that i can submit a "virus" sample..

 

scatterp(Tue May 26 19:42:05 UTC+0100 2009)>to symantech to have new viruses appended to the updates from symantechs servers..

 

scatterp(Tue May 26 19:42:17 UTC+0100 2009)>but i need to sumbit a false positive sample in this case

 

scatterp(Tue May 26 19:42:32 UTC+0100 2009)>since my application is detected as a virus when in fact its not a virus...

 

scatterp(Tue May 26 19:43:41 UTC+0100 2009)>packer.win32.main007.a

 

scatterp(Tue May 26 19:43:51 UTC+0100 2009)>is the signature thats triggered..

 

scatterp(Tue May 26 19:44:30 UTC+0100 2009)>in this file http://helbreathnemesis.com/downloads/full.zip

 

Amar(Tue May 26 11:44:37 UTC+0100 2009)>As I understand that the Norton product is detecting a good file as Virus. Am I correct.

 

scatterp(Tue May 26 19:44:45 UTC+0100 2009)>yes

 

Amar(Tue May 26 11:45:15 UTC+0100 2009)>Please don?t follow this now ? but just in case we get disconnected for any reason, you can follow these instructions to reconnect to me.. You'll need to do this within a couple of minutes of being disconnected:

Can you please make a note of these instructions?

 

1) Open up Internet Explorer and then go to www.norton.com/connectme

2) Enter the [Connection Code] 291375

3) Click on [submit]

 

scatterp(Tue May 26 19:45:44 UTC+0100 2009)>so the signature or fingerprint that the programmers of norton antivirus are using in this case are "badly written"

 

scatterp(Tue May 26 19:46:00 UTC+0100 2009)>so its like a bug report basicly..

 

Amar(Tue May 26 11:46:03 UTC+0100 2009)>You Don't worry I will take care of this issue.

 

scatterp(Tue May 26 19:46:39 UTC+0100 2009)>ok thanks

 

scatterp(Tue May 26 19:47:02 UTC+0100 2009)>can i get a email address i can contact you on should this issue not be resolved ?

 

scatterp(Tue May 26 19:48:06 UTC+0100 2009)>also the department that handles this issue should know that the file is packed to prevent game hacking... (thats cheating in online games)

 

Amar(Tue May 26 11:48:28 UTC+0100 2009)>I will give you the reference number where in case the issue is not resolved you can contact us back using the number.

 

scatterp(Tue May 26 19:48:40 UTC+0100 2009)>ok great thanks...

 

scatterp(Tue May 26 19:49:23 UTC+0100 2009)>we have a lot of customers effected by this issue also so i will give them a link to live chat and provide them with the refrence number to resolve any issues they may have

 

Amar(Tue May 26 11:51:43 UTC+0100 2009)>The number is for this particular issue and belongs to you. You can ask them to contact us separately without the number We will provide different case number.

 

scatterp(Tue May 26 19:52:00 UTC+0100 2009)>ok

 

Amar(Tue May 26 11:52:03 UTC+0100 2009)>Your case no is 493146959

 

scatterp(Tue May 26 19:52:20 UTC+0100 2009)>can you create a case number that they can use ?

 

Amar(Tue May 26 11:52:48 UTC+0100 2009)>Are you chatting with me from the computer that has the issue?

 

scatterp(Tue May 26 19:53:08 UTC+0100 2009)>no...

 

Amar(Tue May 26 11:53:40 UTC+0100 2009)>Do you have access to that computer.

 

scatterp(Tue May 26 19:53:54 UTC+0100 2009)>not currently..

 

scatterp(Tue May 26 19:54:29 UTC+0100 2009)>but i mean its symantech customers and they are not so happy...

 

scatterp(Tue May 26 19:54:50 UTC+0100 2009)>here is one example of a post on our forum:

 

scatterp(Tue May 26 19:54:51 UTC+0100 2009)>Norton anti virus is hopeless.

 

When i had that, a paid subscription mind you- i got more viruses than I do with free AVG ...

 

Delete Norton, its a big company which dominates the market. They blab on about viruses and this and that but in all reality Ad-Aware and AVG is all you really need IMO. Both are free.

 

Amar(Tue May 26 11:55:52 UTC+0100 2009)>Alright,you can ask them to contact with your case number we will help them.

 

scatterp(Tue May 26 19:56:28 UTC+0100 2009)>ok thank you

 

scatterp(Tue May 26 19:56:34 UTC+0100 2009)>thats great thanks for all the help..

 

scatterp(Tue May 26 19:58:22 UTC+0100 2009)>i will end the session now have a great day

 

scatterp(Tue May 26 19:58:25 UTC+0100 2009)>bye

 

Amar(Tue May 26 11:58:46 UTC+0100 2009)>Just give me a moment.

 

scatterp(Tue May 26 19:58:57 UTC+0100 2009)>ok...

 

scatterp(Tue May 26 19:59:00 UTC+0100 2009)>no problem..

 

Amar(Tue May 26 12:01:59 UTC+0100 2009)>Simon, what I would suggest you is if you could contact us when you are in front of the computer so that We can take the control of the computer and resolve the issue.

 

scatterp(Tue May 26 20:02:56 UTC+0100 2009)>well thing is its not my computer.. its my users../symantech anti virus users...

 

scatterp(Tue May 26 20:03:20 UTC+0100 2009)>i can have those users contact you quoteing that refrence number until symantech is able to fix the problem with the signature code..

 

Amar(Tue May 26 12:04:03 UTC+0100 2009)>Alright, you give the reference number to them and ask them to contact us.

 

scatterp(Tue May 26 20:04:31 UTC+0100 2009)>ok and you will notify the submissions department to fix the problem in the next updates ?

 

Amar(Tue May 26 12:06:47 UTC+0100 2009)>I will be able to do it only after checking the particular file.

 

scatterp(Tue May 26 20:07:20 UTC+0100 2009)>ok are you able to download it from the url i provided ?

 

Amar(Tue May 26 12:08:35 UTC+0100 2009)>No, I am unable to download the product.

 

scatterp(Tue May 26 20:09:10 UTC+0100 2009)>ok so i should reconnect with a computer runing your product quoteing the refrence number

 

scatterp(Tue May 26 20:09:22 UTC+0100 2009)>and then you can send the problem to the submisions dept ?

 

Amar(Tue May 26 12:10:14 UTC+0100 2009)>Yes.

 

scatterp(Tue May 26 20:10:26 UTC+0100 2009)>ok i will do that..

 

Amar(Tue May 26 12:10:59 UTC+0100 2009)>Thank you .

 

scatterp(Tue May 26 20:11:15 UTC+0100 2009)>or one of my users will..

 

Amar(Tue May 26 12:11:30 UTC+0100 2009)>Is there anything else that I can help you with?

 

scatterp(Tue May 26 20:11:51 UTC+0100 2009)>does the user need specificly to talk to you for the submision to be made ?

 

Amar(Tue May 26 12:13:38 UTC+0100 2009)>Not necessary,they can talk to any one from Norton, we will take care of the issue.

 

scatterp(Tue May 26 20:13:58 UTC+0100 2009)>great thanks very much

 

scatterp(Tue May 26 20:14:06 UTC+0100 2009)>nothing else..

 

scatterp(Tue May 26 20:14:12 UTC+0100 2009)>have a great day !

 

scatterp(Tue May 26 20:14:17 UTC+0100 2009)>cya..

 

Amar(Tue May 26 12:14:17 UTC+0100 2009)>Thank you for contacting Norton support. Have a great day!

 

[~farjat 0]

very interesting.

 

But isnt only norton the problem.

So i guess theres some reference we should change also.

[Synz 0]

The packer you use to protect the client uses heuristics that are detected by several anti-virus programs. These are false positives and should be ignored.

 

Similar programs, such as cracks use similar methods that also produce false positives.

 

 

In basic terms, the algorithmic functions protecting the .exe are detected by Symantec to be malicious code.

[~scatterp 0]

synz the sad part is there tech support dont understand this

[Parian 0]

lol, scat...

 

That conversation was funny, Kesari cracks me up =P

 

Seemed very condescending to you, and acting as if you were the idiot, haha.

 

And did s/he even understand English...? Saying it was a problem on YOUR computer, haha :P

 

xD

[~SexyBitch 0]

The packer you use to protect the client uses heuristics that are detected by several anti-virus programs. These are false positives and should be ignored.

 

Similar programs, such as cracks use similar methods that also produce false positives.

 

 

In basic terms, the algorithmic functions protecting the .exe are detected by Symantec to be malicious code.

 

Oh so you looked into the packer we use, did you get anywhere or did the packer stop you ?

[Synz 0]

The packer you use to protect the client uses heuristics that are detected by several anti-virus programs. These are false positives and should be ignored.

 

Similar programs, such as cracks use similar methods that also produce false positives.

 

 

In basic terms, the algorithmic functions protecting the .exe are detected by Symantec to be malicious code.

 

Oh so you looked into the packer we use, did you get anywhere or did the packer stop you ?

I'm sure I could, but I don't really feel the need to take the time to do so.