Problems with PopCap games Options

[MJMoore]

I have been playing some online games recently, with no problem. Many of the good ones are made by PopCap (Bejeweled, Insaniquarium etc). To play these online I had to download an ActiveX, which was fine.

On Friday, KAV informed me that C:\Windows\DownloadedProgramsFiles\popcaploader.dll was infected with not-a-virus:Porn-Downloader.Win32.PopCap.b, and it was deleted.

When I went back to play the games, I was prompted to install the AxtiveX again, but when I tried, KAV said access was blocked. Even though i chose 'Skip', it still stops me installing.

I find it very hard to believe that PopCap would have any sort of virus or porn downloader in, as they make many of the popular games. I also tried google, and can fine nothing about them containing any sort of 'nasty'.

My google search did however mention some sort of trojan with popcapdownloader in it.. is it possible that KAV is getting confused with this?

As I have paid for a years subscription to KAV, and I find it an otherwise good product, it appears I am now not able to access these games. Is there a solution at all?

Thank you,
Michelle

[Igor Kurzin]

Hi Michelle,

To start troubleshooting the problem we need to gather some more information.
Do you have Kaspersky Anti-Virus Personal or Kaspersky Anti-Virus Personal Pro?

I will try to find out in our VirusLab, whether this could be a false alarm.

Kind regards,
Igor Kurzin

P.S. VirLab asks for the file. Can you send it?

[LostAccount]

Hello... I have the same problem too... I am using KAV 5 MP2 (upgrading to MP3 very soon) and use extended databases...

Should I submit the file to Kaspersky by quarantining it or should I send it to someone here directly?

[LostAccount]

I couldn't get it from my test computer since the popcaploader.dll was in a temp directory and was gone as soon as I tried to copy it.

But here's a direct link... and I quarantined one copy and sent it to Kaspersky Labs.

hxxp://www.popcap.com/games/popcaploader_v6.cab

Deliberately unlinked...

[Don Pelotas]

Hello... I have the same problem too... I am using KAV 5 MP2 (upgrading to MP3 very soon) and use extended databases...

Should I submit the file to Kaspersky by quarantining it or should I send it to someone here directly?

Hi LostAccount & elcome

Yes, submit it to newvirus@kaspersky.com, or through the link in the Supportsection of the main Kav-GUI.

In MP3 you will be asked if you wish to exclude upon detection.

You can update Kav with the update-exe (the one without antivirus databases):http://www.kaspersky.com/productupdates?chapter=146244099, you should probably exit Kav from the tray while doing it and reboot.

[LostAccount]

Quarantined and sent...

[LostAccount]

The reply:

Greetings.
The attached file is already detected by our extended bases as a potentially
risk program.
If you know purpose of this program then there's no need to bother, just add it
to exclusion list,
else there is unknown malicious software on your computer possibly. You can do
this:

Please unpack and run enclosed utility (TrojanFindInfo), press "Save" button to
create the
report and then send that report support at kaspersky dot com. This utility is also
available at
ftp://ftp.kaspersky.com/utils/trojans/TrojanFindInfo.rar. To unpack this utility
you need RAR
archiver which is availabe at http://www.rarsoft.com/download.htm

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Alexey Malanov
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus at kaspersky dot com
http://www.kaspersky.com  http://www.viruslist.com

Have a good day!

Edited to munge email addresses that are harvested by spam bots - LostAccount

This post has been edited by LostAccount: 29.05.2005 18:22

[LostAccount]

I have a feeling it's a false positive so I'll leave it alone...

My computer most likely does not have (active) spyware... I do not notice any sluggishness (though I know how some spyware hides itself)... and I don't see how spyware can load itself since it is not in most of the Windows loading keys... (using Autoruns)...

Your product (KAV) is great!

[Wordmonger]

I have a feeling it's a false positive so I'll leave it alone...

My computer most likely does not have (active) spyware... I do not notice any sluggishness (though I know how some spyware hides itself)... and I don't see how spyware can load itself since it is not in most of the Windows loading keys... (using Autoruns)...

Your product (KAV) is great!

And to make it even more great, could you please send the falsely detected file to newvirus@kaspersky.com once again with a short explanation of why you think the detection is false.

[LostAccount]

I can't... but you might want to see this link:

hxxp://www.popcap.com/games/popcaploader_v6.cab

for more information...

I don't even understand why it was detected as riskware not-a-virus:Porn-Downloader.Win32.PopCap.b... After all, it's just an installed ActiveX control... only Ewido and kaspersky detect it as something wrong... Can you explain why it is malicious?

[Wordmonger]

I can't... but you might want to see this link:

hxxp://www.popcap.com/games/popcaploader_v6.cab

for more information...

I don't even understand why it was detected as riskware not-a-virus:Porn-Downloader.Win32.PopCap.b... After all, it's just an installed ActiveX control... only Ewido and kaspersky detect it as something wrong... Can you explain why it is malicious?

If it were malicious by nature, it wouldn't have been detected as only a riskware.

At the moment it is detected as 'not-a-virus:Downloader.Win32.PopCap'. That normally means that a virus analyst considered its ability to (silently?) download files potentially risky.

[eyoresnorz]

I read over these posts, but I don't really see an answer as to how to fix this, or allow the ActiveX install. I, too, have been playing popcap games for a long time, and have to lose this option. I am only on a trial version, and other than this, I am almost convinced to purchase. Any info is appreciated. Thanks bunches!

[Don Pelotas]

I read over these posts, but I don't really see an answer as to how to fix this, or allow the ActiveX install.  I, too, have been playing popcap games for a long time, and have to lose this option.  I am only on a trial version, and other than this, I am almost convinced to purchase.  Any info is appreciated.  Thanks bunches!

Hi eyoresnorz & welcome

The solution is simple, either add it to the exclusionslist by using the link found in the warning:


or not use the extendedbases, but i wouldn't, i would just add it to the exclusions. Basicly the catagory with an "Not-a-virus" is informational, it's up to you if you want to continue using it.