It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussion (archive)Castles contains Trojan? Or at least Adobe Reader may...(5 posts)solved(5 posts)solved
(5 posts)solved
Pages:
1
This is my favourite topic
Posted March 01, 2014
I'm not really familiar with antivirus programs (I use Macs), but I decided I should take some more precautions with my computer's health and downloaded ClamXav (opensource). The first file that showed up with an "infection" was Castles 1 and 2.app with the "infection" "Win.Trojan.Chiton-167 .

I don't know if this is a false positive, or how it could occur that Castles has a trojan, so maybe someone could inform me just what may have gone on.

Only experienced users should comment, please, no baseless speculation…

Later…

Okay, so I scanned through the log file (so tedious… -- should've done a string search) and here are the relevant files:

/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins/AcroForm/PMP/AdobePDF417.pmp: Win.Trojan.Chiton-167 FOUND
/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins/Multimedia/MPP/Flash.mpp: Win.Trojan.Chiton-210 FOUND
/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins/Multimedia/MPP/MCIMPP.mpp: Win.Trojan.Chiton-170 FOUND
/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins3d/3difr.x3d: Win.Trojan.Chiton-213 FOUND
/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins3d/drvSOFT.x3d: Win.Trojan.Chiton-218 FOUND

Adobe, hmm… that leads me to believe this was not actually a false positive… so what should be done? Should I simply delete the relevant files? Should I petition gog.com to take care of this? What does this particular trojan do?
Post edited March 03, 2014 by elus89
This question / problem has been solved by triockimage
Posted March 01, 2014
I would say false positive. Just to be sure - upload this file here - https://www.virustotal.com/
Posted March 01, 2014
if you want .rar the file upload it to mediafire or whatever you prefer and I will send the file to kaspersky support (when you are a customer with them you can send files that you are not sure what they are and the team look it up for you)
Posted March 01, 2014
Wait... why does the Macintosh version of any game here come with a PDF reader? OS X already has one built in. Doesn't Wine run the native reader for a file type if there isn't a Windows one installed?
Post edited March 01, 2014 by Maighstir
Posted March 03, 2014
avatar
triock: I would say false positive. Just to be sure - upload this file here - https://www.virustotal.com/
Okay, it does seem to be a false positive after all. ClamAV was the only antivirus database to flag each of the files. Thanks for the website tip!
avatar
Maighstir: Wait... why does the Macintosh version of any game here come with a PDF reader? OS X already has one built in. Doesn't Wine run the native reader for a file type if there isn't a Windows one installed?
Ah, I should have prefaced my question with some background info... which leads me to realize that this wasn't really relevant anymore. This was an install I made back in 2009, when there was only the Windows installer available... I downloaded the most recent Windows installer and no version of Adobe Reader appears to be included anymore. Sorry for the false alarm guys!
Post edited March 03, 2014 by elus89
Pages:
1
This is my favourite topic
Community
General discussion (archive)Castles contains Trojan? Or at least Adobe Reader may...(5 posts)solved(5 posts)solved
(5 posts)solved