Larian Banner: Baldur's Gate Patch 9

Register Log In

Larian Studios Forums Divinity - Original Sin Divinity Original Sin - Beta anim_studio.exe - TR/Crypt.zpack.gen7 ?

Print Thread

anim_studio.exe - TR/Crypt.zpack.gen7 ? #477741 03/01/14 01:31 PM
Joined: Dec 2013 Location: Bavaria - Germany KillerQuake OP stranger
OP KillerQuake stranger Joined: Dec 2013 Location: Bavaria - Germany	Hi, today Avira Free Antivirus detected a trojan in the file "anim_studio.exe". After putting the file in the quarantine, I forced steam to verify Steam Cache of DOS and it redownlead this file. The antivirus directly detected the trojan again. This file is not necessary to start the game. So whom should I trust. Regards, Alex

Re: anim_studio.exe - TR/Crypt.zpack.gen7 ? KillerQuake #477742 03/01/14 01:50 PM
Joined: Jul 2013 Location: Stuttgart Raptor 2101 journeyman
Raptor 2101 journeyman Joined: Jul 2013 Location: Stuttgart	never trust in snake oil

Re: anim_studio.exe - TR/Crypt.zpack.gen7 ? Raptor 2101 #477743 03/01/14 01:53 PM
Joined: Aug 2013 WintermuteX apprentice
WintermuteX apprentice Joined: Aug 2013	Originally Posted by Raptor 2101 never trust in snake oil Fefe. :P And right you are. ^^

Re: anim_studio.exe - TR/Crypt.zpack.gen7 ? WintermuteX #477744 03/01/14 02:31 PM
Joined: Apr 2013 N Norbyte addict
Norbyte addict N Joined: Apr 2013	I think its a false positive (or your exe got infected by something after being downloaded). Virustotal results for anim_studio.exe: https://www.virustotal.com/en/file/...bb6d99727915205e685127b71c23f0/analysis/

Re: anim_studio.exe - TR/Crypt.zpack.gen7 ? Norbyte #477772 03/01/14 11:13 PM
Joined: Jan 2014 L Lamoix stranger
Lamoix stranger L Joined: Jan 2014	I a duplicate issue on my machine. Quote C:\Program Files (x86)\Steam\steamapps\common\Divinity - Original Sin\Shipping\anim_studio.exe From Avira Free Antivirus: Quote Virus: TR/Crypt.ZPACK.Gen7 Date discovered: 13/02/2009 Type: Trojan In the wild: Yes Reported Infections: Low Distribution Potential: Low Damage Potential: Low Static file: No Engine version: 7.09.00.79 Last edited by Lamoix; 03/01/14 11:13 PM.

Re: anim_studio.exe - TR/Crypt.zpack.gen7 ? Lamoix #477774 03/01/14 11:40 PM
Joined: Apr 2013 N Norbyte addict
Norbyte addict N Joined: Apr 2013	OK, I resubmitted the file to VirusTotal because the previous scan was a month old: https://www.virustotal.com/en/file/...5e916d808cef8408a71/analysis/1388791577/ Only one antivirus (AntiVir, which is made by Avira) shows a match. However, lets see what their site says about "TR/Crypt.ZPACK.Gen7": http://www.avira.com/en/support-threats-description/tid/7414/tlang/en Quote A generic detection routine designed to detect common family characteristics shared in several variants. This special detection routine was developed in order to detect unknown variants and will be enhanced continuously. ... meaning that this is NOT a known virus, it merely has the POSSIBILITY of being a virus based on some heuristics. Since this is the only positive match, and there are reports of Avira marking other apps as viruses: SWTOR TR/Crypt.ZPACK.GEN Team Fortress 2 ... or Bioshock ... or Crysis 2 ... or just about anything, do a google search for "tr crypt xpack gen steam" and you'll get hundreds of threads about false positives, this is apparently a known issue.

Re: anim_studio.exe - TR/Crypt.zpack.gen7 ? Lamoix #477775 03/01/14 11:41 PM
Joined: Mar 2003 Location: Canada Raze Support
Raze Support Joined: Mar 2003 Location: Canada	If you are still concerned that Avira may be more accurate or faster updating than the 47 anti-virus programs at VirusTotal that say the file is fine, contact Avira about it. There may be something in the program itself, or on their website, where you can send in suspect files or check for false positives.

Re: anim_studio.exe - TR/Crypt.zpack.gen7 ? Raze #477875 06/01/14 01:01 PM
Joined: Dec 2013 S scanti stranger
scanti stranger S Joined: Dec 2013	I sent the file to Avira and it's definitely a false positive. Hopefully it should get white-listed in a future definition update.

Moderated by ForkTong, Issh, Larian_QA, LarSeb, Lar_q, Lynn, Monodon, Raze, Stephen_Larian

Hop To

Link Copied to Clipboard

Powered by UBB.threads™ PHP Forum Software 7.7.5