AGEOD Forums

My antivirus software suddenly claims that the file "AGESettings.exe" "is" the trojan "TR/Crypt.XPACK.Gen". I have no experience whatsoever with these matters. Normally I would probably just delete the file. However, I believe it is required for AACW to run properly. What should I do? If I delete it, will the game recreate it?

Thanks for any advice anyone can provide.

Striclty speaking, I think it only modifies some values in some of the configuration files and is therefore unused later on (unless you want to have an easy way to change those values later)

Rafiki wrote:Striclty speaking, I think it only modifies some values in some of the configuration files and is therefore unused later on (unless you want to have an easy way to change those values later)

Moreover, the settings can be edited directly in the general settings file opened with any notepad.

Thank you, Gentlemen. So basically you are saying I can delete this file without problem?

Still wonder why of all the 300,000 files on my machine it would have to pick THIS.

Yup, delete it. Given the likely infestation, you can't use for anything anyway.

Thank you.

Although, it's really funny. I am doing a complete system check right now, and now the AV programme claims that Agesettings.exe in NCP is likewise infected with the same trojan.

Does this sound likely? I am beginning to think this is a false positive, caused by some strange similitary of strings or something like that ...

I do hate computers. leure:

Sounds strange and I'm starting to think it may be a false positive too. Which AV program is it? Perhaps others here have experience with it?

It's Avira AntiVir. It's a free one (for private use) ... yes, yes, I know, but it's really good.

Or at least I thought so until now.

Rather than assume that this virus goes hunting for Ageod game files to infect them ... Rafiki, what do you say, you send me your Agesettings.files for these two games per email and I put them in my games, then check again with the AV software ... if it sounds the alarm again, we know it must be false.

I'd like to do that, but unfortunately, my Windows installation is "unavailable" (as in "the harddisk it's on is refusing to return my calls). I'd send a mail to support@ageod.com asking for those files, that way you *know* they are clean, and things get done by the book

Gotcha. Hope you get your computer problems sorted out ...

Well, I wrote to Ageod support asking for clean copies of the files and got them together with a kind explanation, from which I quote:

"Ageod is using an encryption technology to protect their products from being reverse-engineered. In very rare cases this might cause false positives in connection with certain anti-virus software."

Which is of course fine and I am in fact very relieved that I don't actually have a trojan ...

Only on second thought I am still perplexed, because what is the solution? I can't leave the Agesettings.exe files in the game folders because whenever I go there, my AV software goes crazy over this "trojan". Already once it completely crashed my computer over this. These files, fortunately, are not needed, the games run without them. But what if next time my AV software thinks the main game executable is a trojan?

I thought maybe I could just tell my AV programme to leave this file alone, but this doesn't work ... what can I do?

Any advise from a kind soul more experienced with computers than I am would be much appreciated.

Is "use a different AV program" an option?

I suspect this is not the kind of advice you are looking for, but is the only solution i can think of...
Change to another antivirus
I can recommend Avast which i use since 3 years ago .
It's free like the one you use, works great... and it has nothing to say about AGEod files
Regards!

False positives can occur, with every anti virus software and not only for Ageod software.

Your anti virus software is surely updated daily, every update can solve your problem. As a workaround you might simply delete the AGESettings as it is not needed, or you compress it (for example with Winrar or Winzip) and add a password protection to the archive, so the virus scanner can not access the file.

Cheers
Norbert

BTW: If you like you can also use the free online scanner from Kaspersky to check the AGESettings file.
http://www.kaspersky.com/scanforvirus

deleted

The best solution, before the next antivir update :

if you feel this is defiantly a false positive then you can add it to your Guard exceptions list

http://forum.avira.com/thread.php?postid=327789#post327789

boudi wrote:The best solution, before the next antivir update :

if you feel this is defiantly a false positive then you can add it to your Guard exceptions list

http://forum.avira.com/thread.php?postid=327789#post327789

I believe this is what I've been looking for ... pray, how is it done? Thanks in advance.

Gray_Lensman wrote:This is an excellent suggestion. By doing so you can still run it by double-clicking the .zip file then double-click the internal AGESettings.exe file. I suppose the password protection prevents the AV scanner from looking inside the .zip file. Very slick idea.

Unfortunately not. The moment you even open the zip archive, the AV kicks in. It's very quick and I have consistently failed to fool it.

Rafiki wrote:Is "use a different AV program" an option?

Only as a last resort. I have a rather good opinion of Antivir. It's lean, fast, accurate, updated every other day or so, and completely free. I have had Norton for some years and had nothing but problems. It slowed down my machine, quarreled with my Firewall, and cost money.

Regarding exception, you need to click the little + sign next to "guard", and then again next to "scan", in configuration (expert mode) to get to the exception page for the guard.

http://forum.avira.com/thread.php?postid=200174#post200174

I will try this this morning at home, i hope that il will be ok after that.

Heldenkaiser wrote:Only as a last resort. I have a rather good opinion of Antivir. It's lean, fast, accurate, updated every other day or so, and completely free.

i can't say better. Antivir =

Welcome back, Mr boudi!
A listing of files alongside their results can be found below:

File ID Filename Size (Byte) Result
3804226 AGESettings.exe 936 KB FALSE POSITIVE


Please find a detailed report concerning each individual sample below:

Filename Result
AGESettings.exe FALSE POSITIVE

The file 'AGESettings.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

Problème réglé, merci qui ?

deleted

I *hope* that it means that whatever they detected within AGESettings.exe has been removed from the virus definition files, not that the file itself won't be checked.

I also hope this will be fixed in a real sense, rather than just worked around. I managed to tell Antivir to ignore the file Agesettings.exe, however, this does nothing about its finding the same "trojan" in the system recovery files every other hour ... files that have some (many figures).exe name that changes every time.

Did I mention I hate computers? leure:

Heldenkaiser wrote:I also hope this will be fixed in a real sense, rather than just worked around. I managed to tell Antivir to ignore the file Agesettings.exe, however, this does nothing about its finding the same "trojan" in the system recovery files every other hour ... files that have some (many figures).exe name that changes every time.

Did I mention I hate computers? leure:

If it is found in several several files than it is very likely that you really have that trojan.
Judging the posts in the Avira forum TR/Crypt.XPACK.Gen seems to be a real threat at the moment.

May I suggest AVG antivirus (free or full) ?
No problems until now (well, I did had a virus detected in a Montjoie patch once )

AVG free is good, but it's not exactly lean or fast, at least on my system.