Post Reply Home » Forums » MMO Forums » EverQuest 2 » EverQuest 2 Premium Discussions

Think your system sent me a virus : EverQuest 2 Premium Discussions

Posted: March 9th, 2006
loraik
I have had my system off all day, came home turn on system, XP loads up along with ZoneAlarm and Norton Antivirus (same OL same OL) I fire up XU and click on Play as soon as I do it makes it as far as "XUnleashed Client: Launching. . ." then NA pops up and says it found a virus in my windows system folder called "mchInjDrv.sys" it stops XU from loading any further but allows EQ2 to continue to load like nothing is wrong. Norton is unable to repair it in Safe mode as well and their fix doesn't match anything that is in My Reg. NA refers to it as a Trojan Horse...


I need some insight here guys, I have my other two machines already up but fear rebooting them for fear of getting this. I tried totally deleting XU and redownloading and trying it fresh.. No GO....


Loraik
Posted: March 10th, 2006
benrangel
Dude, thats a fricken keylogger. I really wouldnt use that computer with the network cable plugged in... 8(

Register to unlock hidden link

Take out your harddrive and mount it in one of the other computers, run the virus-scan, it will be able to remove the virus then. Hopefully no programs will break when removing it.

//benrangel
Posted: March 10th, 2006
loraik
Why is it attached to XU? Aslo won't taking it out and puting it in another machine risk that machine? And why the hell didn't NA stop this from being downloaded!

Loraik
Posted: March 10th, 2006
benrangel
You are safe if you just connect it to the other computer. Do not touch any files on the infected harddrive when its hooked up to the other computer. Just let norton scan it and remove the dirt. You can only infect your clean computer if you click on files and stuff on the infected harddrive.

I doubt XU sent the virus. It was probably just a memory resident virus that attached itself to the XU file when you started it. *shrugs*

Good luck

//benrangel
Posted: March 10th, 2006
loraik
This is what Norton just sent me from what I sent them (sample):
Dear Mr Loraik,

We have analyzed your submission. The following is a report of our
findings for each file you have submitted:

filename: C:\RECYCLER\NPROTECT\00263769.SYS
machine: Loraik
result: NAV is falsely identifying this file as a virus

The sample(s) that you provided are not infected with a virus, worm, or Trojan, and do not contain malicious code. It appears to be a false identification. To solve the false identification problem, please follow the instruction at the end of this email message to download and install the latest RapidRelease definitions.
Symantec is now building a new set of definitions to include the threat you have submitted. The approximate time to complete this process is one hour. We recommend checking the ftp site periodically over the next 60 to 90 minutes to download these definitions as soon as they are available.

There was abit more to this msg. but this is what the jist of it was. I wonder why after using NA and XU flawless for over 2 years now it decided to do this now..... After checking all ref. loc. to your link and the one I found in my Reg. there was none of the ref. it said to look for. Still going through and changing all personal data, PW, ect from a third party machine today just to be safe.



Loraik
Posted: March 10th, 2006
User avatar
administrator
Total Posts:29919 Joined:2002
XU doesnt have a virus plain and simple hah.
Posted: March 10th, 2006
loraik
Yeah Admin if you read the quote in my above post you would see it was NA "thinking" a file linked with XU was a trojan. First I thought maybe it had to do with the new program 4.0 but then I remembered you haven't released it yet! hah!

My problem now is I did the NA fix (unquarantine the file download there special def. files & rescan) and NA no longer pops up with a trojan warning which is cool BUT XU will no longer work on that machine with or without NA on. It stops at the same point I posted above (in first post) no bar at the bottom or anything. I tried deleting the XU dir., re downloading it and rerunning but still not working.

Anyone have any thoughts on how to get XU back up and running?

Loraik
Posted: March 11th, 2006
User avatar
administrator
Total Posts:29919 Joined:2002
Odd well i would just then go and get the newest xunleashed 4.0 that might work :)
Ready to join the community? Click here and see all of the benefits!
blue large dotWho is online
Users browsing this forum: No registered users and 35 guests
Post Reply