Antivirus and version 4.02.1

Questions and discussion about PokerTracker 4 for Windows

Moderators: WhiteRider, kraada, Flag_Hippo, morny

Antivirus and version 4.02.1

Postby rekyl » Sat Jul 28, 2012 4:58 pm

Hi,
There seem to be a problem with my Antivirus program and version 4.02.1. It reports a trojan in TiltCommunicator.pt3 when I install the upgrade. In version 4.02 there is no such problem. Have that paricular file changed beetween the two versions?
rekyl
 
Posts: 43
Joined: Thu Feb 14, 2008 8:45 pm

Re: Antivirus and version 4.02.1

Postby tarix » Sun Jul 29, 2012 2:17 am

That file hasn't changed in over a year.
tarix
Developer
 
Posts: 3760
Joined: Tue May 20, 2008 2:49 pm

Re: Antivirus and version 4.02.1

Postby rekyl » Sun Jul 29, 2012 10:48 am

Thanks for your reply tarix.

Do you have any idea why my AV program reacts on version 4.02.1 then?

I also noticed an event id 103 with the following text:
F-Secure Anti-Virus Crash detected.
\Device\HarddiskVolume1\Programfiler\PokerTracker 4\Data\Bin\graphvizwin\bin\libpango-1.0-0.dll

I think this event was logged just after I had rolled back to 4.02, but it has not appeared since that.

I'm thinking that there may be a connection beetween those two files and that my AV program are misreporting the file name which trigger the trojan alert. Have the libpango file changed?

I know that others have been reporting a false positive regarding that TiltCommunicator.pt3 file, but I must admit that it gets me a little worried when you say that the file in question haven't changed. Hope you can give me an idea what might be wrong.
rekyl
 
Posts: 43
Joined: Thu Feb 14, 2008 8:45 pm

Re: Antivirus and version 4.02.1

Postby kraada » Sun Jul 29, 2012 11:45 am

Our files are definitely clean. If you're worried, you can feel free to reinstall PT4 on top of your current installation and that will make sure you have the latest version of all files.

I don't know what is causing F-Secure to crash in this case or why it is detecting a false positive now when it hasn't for all this time but beyond submitting our files to the anti-virus providers (which we do) there isn't much more we can do.

Honestly I suspect what changed is F-Secure updated their definitions and those definitions suddenly now detect a safe file as a virus.
kraada
Moderator
 
Posts: 54435
Joined: Wed Mar 05, 2008 2:32 am
Location: NY

Re: Antivirus and version 4.02.1

Postby rekyl » Sun Jul 29, 2012 2:49 pm

Hi kraada and thanks to you too for your reply.

Ok, I decided to repeat the process. Started with updating my AV program to the latest definitions. Downloaded a fresh installation file for version 4.02.1. Installed it and got the same alert regarding TiltCommunicator.pt3. Reinstalled version 4.02 after this, but this time I got an alert on this version too. The file in question for version 4.02 was StarsCommunicator.pt4, so I'm pretty sure now that it is the AV program that has the problem.

There is just one more thing I need to check. To be able to install the program, I needed to turn off real-time scanning. I also made an exclusion regarding scanning for the files in question after it was installed. Now I'm able to look at the files and I see that those two files have a changed date 28.07.2012 15:29 and 28.07.2012 15:30 while for example the file BodogCommunicator.pt3 has a changed date 03.12.2011 00:41. Not sure if that mean the files has actually been changed or it is just because BodogCommunicator.pt3 was not included in the new installation package? Also could it be possible that I have some kind of virus on my pc that hooks up to those two files when I install the new package?

PS! When I install a new version, isn't that the same as reinstalling PT4 on top of my current installation?
rekyl
 
Posts: 43
Joined: Thu Feb 14, 2008 8:45 pm

Re: Antivirus and version 4.02.1

Postby kraada » Mon Jul 30, 2012 9:40 am

I really think it's extremely unlikely. By far and away the simplest and easiest explanation is that your anti-virus is acting up.

And when you upgrade to the latest version of PT4 all you do is run the new installer and it takes care of everything.
kraada
Moderator
 
Posts: 54435
Joined: Wed Mar 05, 2008 2:32 am
Location: NY

Re: Antivirus and version 4.02.1

Postby rekyl » Mon Jul 30, 2012 11:57 am

Hello and thanks again kraada for your reply.

While I agree with you that it's most likely that it is my AV program acting up, you didn't answer the most important part of my question. Why is there a difference in the changed date of the files TiltCommunicator.pt3, StarsCommunicator.pt3 compared to the file BodogCommunicator.pt3 if there has not been a change in the files. If it's like that all files installed with the new package have a change date according to the release of the package, I would expect all files installed to have that new change date. I'm probably misunderstanding how this work, but I hope that you can clarify this for me.

By the way I wasn't really asking how to do a reinstall of PT4. I was more pointing out the obvious that I had already done that when I installed the new package.
rekyl
 
Posts: 43
Joined: Thu Feb 14, 2008 8:45 pm

Re: Antivirus and version 4.02.1

Postby kraada » Mon Jul 30, 2012 2:16 pm

I don't know when those files were last changed; I'll look into that for you.
kraada
Moderator
 
Posts: 54435
Joined: Wed Mar 05, 2008 2:32 am
Location: NY

Re: Antivirus and version 4.02.1

Postby rekyl » Mon Jul 30, 2012 2:59 pm

Earlier in this thread tarix said that TiltCommunicator.pt3 haven't changed in over a year.
rekyl
 
Posts: 43
Joined: Thu Feb 14, 2008 8:45 pm

Re: Antivirus and version 4.02.1

Postby kraada » Mon Jul 30, 2012 3:44 pm

I suppose it's possible your scanner alters them? Our files haven't changed, and we aren't distributing any viruses. You should really talk to F-Secure about this issue - I don't have detailed information about how their software works and why these files might have changed; when PT4 runs at most it just reads the files they are only changed with upgrades (and lately those haven't changed).
kraada
Moderator
 
Posts: 54435
Joined: Wed Mar 05, 2008 2:32 am
Location: NY

Next

Return to PokerTracker 4

Who is online

Users browsing this forum: yukihiro_ogawa and 2 guests

cron
highfalutin