Trojan.VKHost Reported in Demo?

[pad152]

Malwarebytes Anti-Malware is reporting Trojan.VKHost

Database version: 3873

Windows 5.1.2600 Service Pack 3

Files Infected:

F:\Program Files\Battlefront\Strategic Command WWII Global Conflict Demo\Misc\regsvr32_dx7vbdll.exe (Trojan.VkHost) -> No action taken.

[Hubert Cater]

Hi Pad152,

I've scanned this file on my end with AVG and even Max Secure Spyware Detector and I'm not getting this type of hit. I'm tempted to chalk this one up to a 'false' positive by your Anti-Malware program as this is the first report of this kind after thousands of downloads for the Demo.

Some background info on the file, it is just a simple EXE to register the required DLL and is then removed from your system once the Demo is fully installed so I'm a little surprised by the report considering the context as well.

Anyone else?

Hubert

[Emperor Elliott]

Ya i used to have that problem for i while

[pad152]

Odd, I have other software from Battlefront and just purchased the Brit & Marine add-on for Shock Force a few weeks ago, yet MalwareBytes only seems to flag this one with a issue.

My Anti-virus software MS-security Essentials didn't flag it either. I've seen MalwareBytes find things (real stuff) other security software doesn't. This is the first time I've seen a false/positive with it, maybe someone from Battlefront should contact them to see if there is an issue and/or see this doesn't get flagged in the future, most likely it's just the license system.

[Hubert Cater]

The file in question is specific to this release only but I will look into it a bit further. I'm scanning with MalwareBytes free edition to see what I can find on my end.

[Hubert Cater]

Just an update that the file did show up as you mentioned in the MalwareBytes scan and I've contacted them to see if they can remove it from their database.

Note, I misspoke when I mentioned that the file is removed upon installation, it is not but you can feel free to remove it as it is no longer needed once the game is installed.

[Hubert Cater]

Just a quick update that I heard back from MalwareBytes and after running a few tests on my end and submitting log files they have reported the trojan report will be fixed.

[heatrr]

Just an update....being the last to post here was made by Hubert on 3/19 and it is now 4/3...

Just ran my Malwarebytes and guess what?

http://i44.tinypic.com/2hdpuf5.jpg

http://i43.tinypic.com/7108kz.jpg

Btw,

1) I bought the game; not the demo.

2) I deleted it [the trojan] and SC:GC still works fine.

[Moon]

heatrr, it's not a trojan. It's a false positive.

[Hubert Cater]

I'm surprised since after I contacted them and re-ran my malware bytes scan it no longer showed up. Are you running the most up to date version of Malware bytes with the most up to date definition files?

[heatrr]

Yes, Hubert, I am running the most updated version.

It is a no biggie to me anyhow.

Just posted what I did for an fyi.

[lordxorn]

I know this is a bit of a necro'd post, but it is still relevant because I am getting false positive with the latest version.

I started a thread on Malwarebytes forums.

http://forums.malwarebytes.org/index.php?showtopic=59248&st=0&gopid=297006entry297006

[Hubert Cater]

Thanks for the report lorxorn, I'm surprised to hear that it popped back up in their definitions and hopefully they'll fix that again.

The good news is that in the future the code has changed on our end so that it should no longer pop up as a potential threat under Malwarebytes, i.e. we identified the code it didn't like and made the necessary adjustments.