r1ch.net forums
* Home Help Search Login Register
r1ch.net  |  r1ch.net stuff  |  Anticheat  |  Topic: Win32/Heur
Pages: [1]
Print
Author Topic: Win32/Heur  (Read 46349 times)
The_Gun_Man
Member

Posts: 32


« on: June 21, 2007, 04:16:27 pm »

While running the updater this popped up.

AVG

Threat detected
C:\Quake2\anticheat.dll
infected with Win32/Heur

I had to download a new one sinse it was moved to the vault, so I ran a scan on the new one and this is what came up.

« Last Edit: June 21, 2007, 04:28:28 pm by The_Gun_Man » Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #1 on: June 21, 2007, 04:17:01 pm »

This is a heuristic detection and can be ignored.
Logged
The_Gun_Man
Member

Posts: 32


« Reply #2 on: June 21, 2007, 04:32:01 pm »

I can't seem to find any info on this particular virus, I realize it could very well be a false positive just wanted to make sure.
Logged
James Knauff
Guest
« Reply #3 on: July 28, 2008, 07:10:18 pm »

I got it too
Logged
noglorp
Guest
« Reply #4 on: August 02, 2008, 02:42:42 am »

It is a false positive. Heur means heuristic detection: not matching a particular virus, but it looks kind of like a virus. This is because anticheat.dll uses a funky packer to prevent hackers from reverse engineering it. Lots of viruses try to avoid analysis with weird packing techniques too.
Logged
Kairat
Guest
« Reply #5 on: September 29, 2008, 04:41:57 am »

It strikes .exe files
Logged
gatorgirl
Guest
« Reply #6 on: October 20, 2008, 10:30:09 pm »

So.....Does anyone know how to get rid of it?
Logged
wision
Member

Posts: 237



« Reply #7 on: October 21, 2008, 06:40:42 am »

you can get better antivirus software (which has less false positives).. or just add the exception for r1q2
Logged
QwazyWabbit
Member

Posts: 402


« Reply #8 on: October 21, 2008, 06:59:26 am »

Heur stands for Heuristic. Heuristic scanning uses probablilities and rules to determine the likelyhood that a file contains a virus. In this case the AVG program is trying to analyze a file based on rules about or characteristics of known viruses. One of the characteristics is packing or encrypting the code inside. This makes the file "suspicious" to the AVG program. A more advanced program might use the unpacker code to decrypt the code and analyze the instructions to see if it was really malicious. AVG doesn't.

Wision's suggestion is an excellent one. Add the anticheat.dll file to the list of files that the AVG program should not scan.
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #9 on: October 21, 2008, 03:15:49 pm »

The latest AVG8 does not cause problems, make sure you have updated.
Logged
gav
Guest
« Reply #10 on: November 01, 2008, 04:58:58 pm »

I have the latest Avg 8.0 and it gives me the same thing. Win32/heur2
Logged
pallokallo
Member

Posts: 17



« Reply #11 on: November 01, 2008, 07:24:11 pm »

Yes antivir updated their definition file too and the problem was solved but almost next week detected it again.. Just add anticheat.dll to your antivirus exception list.
« Last Edit: November 01, 2008, 07:26:36 pm by pallokallo » Logged
nameless
Guest
« Reply #12 on: December 18, 2008, 01:14:49 am »

but how to add where??? what part
Logged
In pain
Guest
« Reply #13 on: December 25, 2008, 08:21:28 pm »

I Am getting the same pop-ups as  well. Win32/Heur.    AVG-8 does not seem to fix or clean as well.  What is it any way?
==>Click on REMOVE threats does not seem to clean it. It comes back again.
==>Remove threat as Power User does not seem to clean it as well.
Has any one succeeded cleaning it? And what kind of S.ware? thnx.
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #14 on: December 25, 2008, 10:03:57 pm »

I'm going to close this thread as it is attracting too many Google hits from non-anticheat users. The solution has been stated, add your Q2 folder to AVG exceptions list or get a better AV Smiley.
Logged
Pages: [1]
Print
r1ch.net  |  r1ch.net stuff  |  Anticheat  |  Topic: Win32/Heur
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines