Jump to content
OpenRCT2

Recommended Posts

I have been away since November (double lung replacement) and haven't played the game since then. When I started the game after it added the newest version my virus software gave me a prompt that it was looking at a file. The game eventually did load (it took several minutes). It took several more minutes for the virus message tell me it had removed the virus. Clicking on it to view the results I was presented with the message below. Basically what it says it found virus Heur.AdvMLB in OpenORT2 at c:\users\user\documents\openrct2\bin\openrct2.com. It then removed that file. When I go to that location all of the files have today's date and time when I started the game. The game runs fine with no apparent glitches. I did a full scan with my virus software and found nothing. My pc hasn't even been turned on since November so I am kind of at a loss. Has anyone else experienced this issue.

My launcher is version: 0.0.6 x86     OpenRCT2 build: 2175     OpenRCT2 GitHash: b703520

Update: Each time I start the game I get the same result with new dates and times. Each time the game runs just fine. What I don't understand is if virus software is deleting that file - where is the new one coming from.

 

 

590e07e884c01_Screenshot(1082).thumb.png.dfc8a0c795e79ab7d71ef023c4e287e7.png

Share this post


Link to post

I googled HEUR.AdvMLB and it had this to say:

 

Quote

Heur.AdvML.B is a heuristic detection designed to generically detect malicious files using advanced machine learning technology

So it thinks OpenRCT2 is suspicious for some reason but it's not matching against known malicious code. I think it's more than likely a false positive, but I'm not sure how you could conclusively check.

 

3 hours ago, CharlieP said:

Each time the game runs just fine. What I don't understand is if virus software is deleting that file - where is the new one coming from.

If you're using the launcher it's probably downloading a new copy of the game every time it finds the old one missing. Another possibility is that the problem file is one that OpenRCT2 will recreate on startup, but I'd find it very odd if anything other than the executable would trigger a warning like this.

  • Like 4

Share this post


Link to post

The file openrct2.com is an executable too, just one that opens a console with the game. I think the launcher uses openrct2.exe instead, hence why it's not an issue for you. If you hardly ever get real viruses, you may want to consider to uninstall Norton and switch over to Windows Defender.

  • Like 3

Share this post


Link to post
2 hours ago, X7123M3-256 said:

I googled HEUR.AdvMLB and it had this to say:

 

So it thinks OpenRCT2 is suspicious for some reason but it's not matching against known malicious code. I think it's more than likely a false positive, but I'm not sure how you could conclusively check.

 

If you're using the launcher it's probably downloading a new copy of the game every time it finds the old one missing. Another possibility is that the problem file is one that OpenRCT2 will recreate on startup, but I'd find it very odd if anything other than the executable would trigger a warning like this.

 

2 hours ago, Broxzier said:

The file openrct2.com is an executable too, just one that opens a console with the game. I think the launcher uses openrct2.exe instead, hence why it's not an issue for you. If you hardly ever get real viruses, you may want to consider to uninstall Norton and switch over to Windows Defender.

Its no secret I had issues last week also with Avast... Avast is now gone from my systems and eset is the new protector working with Windows Defender. I learned a couple things in my frustration of the Launcher halting and my network processes being restricting. I learned that there's a ratio of complaints vs. authorizations being reported to ie: Norton, Avast, eset, McAfee etc.. If the ratio of complaints exceed the ratio of authorizations by a margin set by the company then the protection company will not typically allow a global exclusion. The easiest work around for this is to have a working relationship with these web protection services who accept and analyse ORCT2 files daily.

The anomaly I had last week was the fact that ORCT2 tried to write to a secured folder and typically when a file tries to write to a restricted location, its considered malicious. 

To make a long story short, Avast said they updated, but do to the ratio, they temporally retracted... eset on the other hand dealt with it like pros.   

I am by no means an authority of this topic, simply not my thing. But I have written enough code, embedded exe's etc.. even object components, ie: custom content can cause 'pita' issues, and I would think something is goofy if it wasn't happening.

  • Like 2

Share this post


Link to post

I did some more digging and managed to get on a site where Norton people were answering questions about this very thing, It seems they (Norton) created this and added in extras to "correct possible future problems". By the number of complaints on this it is a real issue. Companies which write their own code (and there were a bunch) and use Norton are having their files either deleted or quarantined. Several have threatened that if this doesn't get fixed they will go elsewhere for their protection. One Norton rep wanted this one company to submit copies of all its file to a given web address so they could "white book" them and then they (Norton) would update the code. The company wrote back saying they were in the business of writing programs for highly sensitive items and Norton fix it or else!

 

@SpiffyJack you are most likely correct. I submitted my problem to Norton, we will see how long it takes them to reply.

  • Like 2

Share this post


Link to post

There are most likely -1 rides in the park. Anyways, bug reports should go in their own topic, and this one even deserves an issue on github. Can you provide a save file?

  • Like 1

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...