Was looking for new game, decided to give Chronicles of Spellborn a try.. BUT

Most current version of AVG 8.5 (19 May 2009) Brand new install from 3.0GB install downloaded from official site.

"C:\Spellborn\bin\client\SBGame.dll" ;"Virus found Win32/Devir"; "Infected"

http://www.viruslist.com/en/viruses/encyclopedia?virusid=20467

Virus.Win32.Devir (Kaspersky Lab) is also known as: Win32.Devir (Kaspersky Lab), W32/Insane.dr (McAfee), Trojan Horse (Symantec), Win32.Deviator.12288 (Doctor Web), W32/Devir-A (Sophos), Win32/Devir.A (RAV), TROJ_DEVIR.A (Trend Micro), W32/Devir.15128 (FRISK), Win32:Deviator (ALWIL), Win32/Devir.15128 (Grisoft), Win32.Insane.7096.dr (SOFTWIN), Univ.B (Panda), WIN32 (Eset)
Description added May 31 2001
Behavior Virus
Technical details

This is a per-process memory resident parasitic poly-morphic Win32-virus. The virus infects PE EXE files that have .EXE filename extensions. When run, the virus infects files in current directory only.

The virus also stays in the system memory as a component of the infected host program, gains access to KERNEL functions and intercepts 10 of them: file opening, copying, moving functions, etc. When a PE EXE file is accessed by these functions, the virus infects it. As a result, the virus will infect all PE EXE programs that are accessed by infected the host program, and the virus will be active until the moment the host program exits. The virus also hooks, selecting a new directory function, and infects PE EXE files in there.

--

The PE EXE infection method is a complex and is similar to the Win32.Driller virus. The block of host file code that is overwritten by the virus poly-morphic routine in some cases may be also compressed during infection.

The virus also contains a backdoor routine that opens an Internet connection, waits for its author's instructions and then follows them: sends/receives files, executes programs, reports system information, etc.

The virus contains the following "copyright" text:

Intruder v.0.1 by Deviator//HAZARD

False positive. It doesn't do anything to your computer except run the game.

 There was a thread about this in the TCoS board on this forum sometime ago,here is the link for you and it also tells you how to correct the problem,hope it helps and puts your mind at ease....

http://www.mmorpg.com/discussion2.cfm/thread/231130/Win32-virus-detected.html

AVG gave me this alert too a week or so ago and I took the steps to add the exclusion to my Spellborn folder. All was well after that, but yesterday AVG gave me another alert for the Win32/Devir virus in some other folder for a .dll file. It's a little suspicious to me that the same virus would show up somewhere else.

Originally posted by Redline65

AVG gave me this alert too a week or so ago and I took the steps to add the exclusion to my Spellborn folder. All was well after that, but yesterday AVG gave me another alert for the Win32/Devir virus in some other folder for a .dll file. It's a little suspicious to me that the same virus would show up somewhere else.

Let me guess, in your System Volume Information folder? That is where your computer keeps its restore points. Its probably a copy of the same files.

Its very annoying. I'll tolerate this kind of crap because I enjoy the game and don't want it to fail, but my patience with it is wearing thin. Acclaim and SiL are shooting themselves in the foot every chance they get. No cancel on the CC subscription, false positive virus warnings, a patch that was not very well received.... How many more of these do they think it takes to completely ruin the game's potential subscriber base?

Originally posted by Grenadier

Originally posted by Redline65

AVG gave me this alert too a week or so ago and I took the steps to add the exclusion to my Spellborn folder. All was well after that, but yesterday AVG gave me another alert for the Win32/Devir virus in some other folder for a .dll file. It's a little suspicious to me that the same virus would show up somewhere else.

 

Let me guess, in your System Volume Information folder? That is where your computer keeps its restore points. Its probably a copy of the same files.

Its very annoying. I'll tolerate this kind of crap because I enjoy the game and don't want it to fail, but my patience with it is wearing thin. Acclaim and SiL are shooting themselves in the foot every chance they get. No cancel on the CC subscription, false positive virus warnings, a patch that was not very well received.... How many more of these do they think it takes to completely ruin the game's potential subscriber base?

Exactly, it looked like it was a .dll file in the system restore folder. I agree with you though, stuff like this can only be bad for their business.