Kaspersky False Positive Virus Scan

[Fry]

We've been getting reports of Kaspersky reporting MMOLoader.exe as "Trojan.MSIL.Crypt.dcqo" virus.

Here is the full list from all major virus scanners on MMOLoader.exe:

Virus Total Scan

To all Kaspersky users, could you please submit a false positive request on MMOLoader.exe if it comes up flagged please.

Thanks.
Fry.

 

[Tewgn]

What was shown to me from Kaspersky

Where do i need to submit it?

This is what response i got when it first detected it. Picture included

 

[Fry]

The only thing I can find is this Kaspersky Virus Desk which is URL only.

I have submitted http://www.mmobugs.com/files/MQ2-MMOBugs-2017-03-06.zip via that page for checking.

I hoped we could submit somewhere within the program, but I am not having luck finding it.

 

[ticker000]

Sent in a false positive result. You can go to the link at the end of this post and upload the MMOBugs exe file and have it scan and when it comes back as infected, choose the option that you disagree with the result and it will submit it for review.

https://scan.kaspersky.com/?utm_source=newvirus.kaspersky.com&utm_medium=referral&utm_campaign=newvirus_en

 

[PeteSampras]

This will only increase in the future. I've sat through enough Kaspersky briefings at this point to say that they primarily detect via signature based hashes however they have started into the predictive analysis like most other antivirus companies. This means it looks at what the application is doing vs comparing against known viruses. MMOBugs is of course a hack because you are hacking EverQuest. This will be more prevalent with companies like Kaspersky and Cylance because this is how they find virii with artificial intelligence/machine learning/elastic cloud computing. The bottom line is that more and more antivirus will detect mmobugs as a virus because it IS malware by design to bypass daybreak game code.

 

[eqmule]

My understanding is that the mmo loader is a dll injector.
If every program that injects dlls is to be classified as malware, most of the third party tools for Everquest would have to be included in that category as well, isboxer injects, eqplaynice injects, wineq2 injects, the magelo updater injects, the eqresource item collector injects.

I could go on but I believe I have made my point.

A tool should not be classified as malware just because it injects (into eq or otherwise), now if we where to go down that road, the loader itself is benign, it's WHAT it injects that could be "malware". Like if I create mq2virus.dll and it steals your password, now that's malware, injecting mq2timestamp which just adds a timestamp in front of your chat, is not, no matter how you would spin it. (just an example, neither of those plugins exist, and I think timestamp is appropriate since that very feature just went live in the client itself on the test server)

Easy fix though, get a code sign cert and sign the exe, it will prevent some of not all of the false positives.

Besides, every time I have had this problem with the core injector, anti virus vendors has been real quick to whitelist, cause after all, they understand what an injector is, their own software uses injection to monitor the computers it's installed on...

 

[gretzky]

Kaspersky

Got this back from Kaspersky after submitting the MMO Loader.exe file via the online form.

Hello,

Sorry, it was a false detection. It will be fixed.
Thank you for your help.

Best Regards, NewVirus​