Anti-virus won't let me play - MALWARE?

  • 12 Replies
  • 12664 Views
Anti-virus won't let me play - MALWARE?
« on: May 05, 2012, 16:52:33 »
My anti-virus software (Bit Defender 2012) keeps blocking me from running Knytt Stories. I clicked to allow it but it still blocks so I tried adding the .exe to the exclusions but it still won't let me play. Obviously the only way I can see of playing the game is to disconnect from the internet and disable my AV. Unless of course the games does indeed have "malicious code"...? I downloaded it from Nifflas' site.

EDIT

And now I apparently have a virus. AppData\Local\Temp\mrt92E1.tmp\stdrt.exe. Name: Trojan.Generic.6945595.
This is from Knytt Stories, so WTF is going on?

EDIT

Updated title of this thread. Knytt Stories MAY have put malware on my PC, though my AV blocked it and removed it.

EDIT

Changed thread title again and changed some of my posts
« Last Edit: May 05, 2012, 22:58:46 by soopytwist »

*

Offline sergiocornaga

  • 1286
  • 131
    • View Profile
    • Sergio's Games
If thine eye offend thee, pluck it out
« Reply #1 on: May 05, 2012, 17:06:34 »
False positive. Add stdrt.exe to the exclusions too, if possible.

Re: My Anti-virus won't let me play
« Reply #2 on: May 05, 2012, 17:53:14 »
False positive. Add stdrt.exe to the exclusions too, if possible.
No. I won't.

According to Google, stdrt.exe is malware and I got it from Knytt, luckily my AV spotted it, denied it access and removed it. I just did a full scan to be on the safe side.

I've since deleted Knytt and the zip. I won't be downloading it again and my advice to anyone else is don't download anything from Nifflas's download page until the matter is looked into.

EDIT

Changed wording
« Last Edit: May 05, 2012, 23:01:02 by soopytwist »

Re: Anti-virus won't let me play - game has MALWARE!
« Reply #3 on: May 05, 2012, 18:08:21 »
From several reputable sources there is a SPYWARE actually called "Knytt Stories". My guess is this has replaced the .exe of the game. What I had downloaded wasn't the game, it was the virus and it tried to infect my PC...possibly?

I would strongly suggest Nifflas take a look at his downloads page to be sure.

EDIT

Made some changes to this post
« Last Edit: May 05, 2012, 22:59:56 by soopytwist »

*

Offline Raicuparta

  • 519
  • 41
  • Rai
    • View Profile
Re: Anti-virus won't let me play - game has MALWARE!
« Reply #4 on: May 05, 2012, 18:48:45 »
Link the website you downloaded it from, and the direct link of the file. There's a chance it is a fake website.

*

Offline LPChip

  • You can only truly help other people by allowing them to fail.
  • 3510
  • 138
  • Excel at the thing you're the best at!
    • View Profile
    • LPChip Interactive
Re: Anti-virus won't let me play - game has MALWARE!
« Reply #5 on: May 05, 2012, 19:31:37 »
stdrt.exe is the compiler of Multi Media Fusion 2.0.

Knytt Stories is made using MMF2, and thus stdrt.exe is the internal name of the file. If someone made a virus in MMF2, and virus scanners pick this up, they'll basically say that everything made with MMF2 is a virus, which isn't the case obviously.

Then, sometimes the compression algoritm that is used to create the stdrt.exe is identified as a possible malware which is a false positive.

In these cases, always scan with a 2nd scanner just to be sure, because chances are 99% that you have a false positive, rather than a real virus.
on the left, above my avatar.

MODPlug Central Forum
"If I tried to kill you, I'd end up with a big fat hole through my laptop." - Chironex

*

Offline sergiocornaga

  • 1286
  • 131
    • View Profile
    • Sergio's Games
Re: Anti-virus won't let me play - game has MALWARE!
« Reply #6 on: May 05, 2012, 19:35:36 »
Sorry for being terse, it's just that the stdrt.exe issue has come up on these and other forums before. There is of course a slim, slim chance yours is infected, but the file is falsely identified as a virus a lot.

*

Offline Raicuparta

  • 519
  • 41
  • Rai
    • View Profile
Re: Anti-virus won't let me play - game has MALWARE!
« Reply #7 on: May 05, 2012, 20:08:06 »
If anything, I think the OP is the one who needs to apologize for making such and accusation and saying that no one should download anything from Nifflas. Not sure if he realizes that Nifflas is a person or if he was just referring to the website, and he was probably trying to help, but its a quite harsh conclusion to jump to so quickly.

Re: Anti-virus won't let me play - game has MALWARE!
« Reply #8 on: May 05, 2012, 22:56:56 »
If anything, I think the OP is the one who needs to apologize for making such and accusation and saying that no one should download anything from Nifflas. Not sure if he realizes that Nifflas is a person or if he was just referring to the website, and he was probably trying to help, but its a quite harsh conclusion to jump to so quickly.
Of course, I didn't mean it to sound so harsh and I was referring to the website rather than Nifflas himself. I've actually already communicated with Nicklas Nygren on a separate issue concerning possible iPad port of Nighsky (no it's not planned - sadly).

Thank you for the heads-up with regards to stdrt.exe being flagged a false positive a lot. That is interesting. I sent a quick email to Clickteam asking them what's with that.

I downloaded Knytt Stories from here: http://nifflas.ni2.se/?page=Knytt+Stories
Direct link: http://nifflas.ni2.se/content/Knytt%20Stories/Knytt%20Stories%20121.zip

There's not really much point in me downloading it again anyway, even if there's no virus, as my AV won't let me.

In light of my earlier, possibly unnecessary, panic - I've re-worded my posts.
« Last Edit: May 05, 2012, 23:02:14 by soopytwist »

*

Offline AA

  • 510
  • 23
  • Was ITA84
    • View Profile
    • Insight on Videogames
Re: Anti-virus won't let me play - MALWARE?
« Reply #9 on: May 06, 2012, 11:23:46 »
The link you downloaded the game from is the official one. While there's still a chance of it being a spoof site, it's highly unlikely that that's what happened. I think you should try other malware scanners like LPChip suggested and decide for yourself what to do.

Aside from whitelisting stdrt.exe (at least temporarily), the only options for you to play Knytt Stories safely would probably be running the game through some sandbox program (don't know if it'd work with MMF2 games) or inside a Virtual Machine; either way, it's a bit too drastic a measure to take, isn't it?
Videogames are for everyone, by everyone

*

Offline LPChip

  • You can only truly help other people by allowing them to fail.
  • 3510
  • 138
  • Excel at the thing you're the best at!
    • View Profile
    • LPChip Interactive
Re: Anti-virus won't let me play - MALWARE?
« Reply #10 on: May 06, 2012, 12:52:57 »
Or switch to a different scanner.

I honestly think that when a scanner is able to generate false positives, and due to that restricts your ability to use it, I think its a bad program. I know programs that will still allow you to run a program after it detects it as a possible virus.
on the left, above my avatar.

MODPlug Central Forum
"If I tried to kill you, I'd end up with a big fat hole through my laptop." - Chironex

Re: Anti-virus won't let me play - MALWARE?
« Reply #11 on: May 06, 2012, 21:36:59 »
Okay, the website checks out okay in my AV's sand box. Can't download Knytt Stories while in sandbox mode, it just pretends to download, but I have no problems downloading it for real anyway. I then opened Virtual XP and ran the game fine with no issues, though Virtual XP doesn't have any anti virus, but then it doesn't really need - one being a virtual OS. So I guess the game is clean and it works on V-XP but I'd rather play it properly.

I suppose I'll just have to disable my AV and stay offline while playing it.

*

Offline Nifflas

  • 1532
  • 61
    • View Profile
Re: Anti-virus won't let me play - MALWARE?
« Reply #12 on: May 07, 2012, 01:56:46 »
Quote
Thank you for the heads-up with regards to stdrt.exe being flagged a false positive a lot. That is interesting. I sent a quick email to Clickteam asking them what's with that.
Actually, it's the responsibility of the antivirus company to not flag things as viruses if they aren't. Clickteam has nothing to do with it. Uhm... Okay, that's not strictly true. It's a mistake from their side to extract the runtime into a separate executable and running it because the behaviour is easily associated with malware. They are aware though, and will fix this in version 3. Also, I guess I could have disabled the "compress runtime" option in MMF2 which would trigger a few less false positives. But ultimately, it's the antivirus company that made a mistake that doesn't affect only me, but pretty much every MMF2-made application, and in the end it's people like me they hurt by making these mistakes.

The best thing to do is normally to contact the antivirus company itself about false positives.
« Last Edit: May 07, 2012, 01:58:27 by Nifflas »