I have been playing some online games recently, with no problem. Many of the good ones are made by PopCap (Bejeweled, Insaniquarium etc). To play these online I had to download an ActiveX, which was fine.
On Friday, KAV informed me that C:\Windows\DownloadedProgramsFiles\popcaploader.dll was infected with not-a-virus:Porn-Downloader.Win32.PopCap.b, and it was deleted.
When I went back to play the games, I was prompted to install the AxtiveX again, but when I tried, KAV said access was blocked. Even though i chose 'Skip', it still stops me installing.
I find it very hard to believe that PopCap would have any sort of virus or porn downloader in, as they make many of the popular games. I also tried google, and can fine nothing about them containing any sort of 'nasty'.
My google search did however mention some sort of trojan with popcapdownloader in it.. is it possible that KAV is getting confused with this?
As I have paid for a years subscription to KAV, and I find it an otherwise good product, it appears I am now not able to access these games. Is there a solution at all?
Thank you,
Michelle
Full Version: Problems with PopCap games
Hi Michelle,
To start troubleshooting the problem we need to gather some more information.
Do you have Kaspersky Anti-Virus Personal or Kaspersky Anti-Virus Personal Pro?
I will try to find out in our VirusLab, whether this could be a false alarm.
Kind regards,
Igor Kurzin
P.S. VirLab asks for the file. Can you send it?
To start troubleshooting the problem we need to gather some more information.
Do you have Kaspersky Anti-Virus Personal or Kaspersky Anti-Virus Personal Pro?
I will try to find out in our VirusLab, whether this could be a false alarm.
Kind regards,
Igor Kurzin
P.S. VirLab asks for the file. Can you send it?
Hello... I have the same problem too... I am using KAV 5 MP2 (upgrading to MP3 very soon) and use extended databases...
Should I submit the file to Kaspersky by quarantining it or should I send it to someone here directly?
Should I submit the file to Kaspersky by quarantining it or should I send it to someone here directly?
I couldn't get it from my test computer since the popcaploader.dll was in a temp directory and was gone as soon as I tried to copy it.
But here's a direct link... and I quarantined one copy and sent it to Kaspersky Labs.
hxxp://www.popcap.com/games/popcaploader_v6.cab
Deliberately unlinked...
But here's a direct link... and I quarantined one copy and sent it to Kaspersky Labs.
hxxp://www.popcap.com/games/popcaploader_v6.cab
Deliberately unlinked...
QUOTE(LostAccount @ May 28 2005, 11:01 AM)
Hello... I have the same problem too... I am using KAV 5 MP2 (upgrading to MP3 very soon) and use extended databases...
Should I submit the file to Kaspersky by quarantining it or should I send it to someone here directly?
Should I submit the file to Kaspersky by quarantining it or should I send it to someone here directly?
Hi LostAccount & elcome
Yes, submit it to newvirus@kaspersky.com, or through the link in the Supportsection of the main Kav-GUI.
In MP3 you will be asked if you wish to exclude upon detection.
You can update Kav with the update-exe (the one without antivirus databases):http://www.kaspersky.com/productupdates?chapter=146244099, you should probably exit Kav from the tray while doing it and reboot.
Quarantined and sent...
The reply:
Have a good day!
Edited to munge email addresses that are harvested by spam bots - LostAccount
QUOTE
Greetings.
The attached file is already detected by our extended bases as a potentially
risk program.
If you know purpose of this program then there's no need to bother, just add it
to exclusion list,
else there is unknown malicious software on your computer possibly. You can do
this:
Please unpack and run enclosed utility (TrojanFindInfo), press "Save" button to
create the
report and then send that report support at kaspersky dot com. This utility is also
available at
ftp://ftp.kaspersky.com/utils/trojans/TrojanFindInfo.rar. To unpack this utility
you need RAR
archiver which is availabe at http://www.rarsoft.com/download.htm
Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Alexey Malanov
Virus Analyst, Kaspersky Lab.
Ph.: +7(095) 797-8700
E-mail: newvirus at kaspersky dot com
http://www.kaspersky.com http://www.viruslist.com
The attached file is already detected by our extended bases as a potentially
risk program.
If you know purpose of this program then there's no need to bother, just add it
to exclusion list,
else there is unknown malicious software on your computer possibly. You can do
this:
Please unpack and run enclosed utility (TrojanFindInfo), press "Save" button to
create the
report and then send that report support at kaspersky dot com. This utility is also
available at
ftp://ftp.kaspersky.com/utils/trojans/TrojanFindInfo.rar. To unpack this utility
you need RAR
archiver which is availabe at http://www.rarsoft.com/download.htm
Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Alexey Malanov
Virus Analyst, Kaspersky Lab.
Ph.: +7(095) 797-8700
E-mail: newvirus at kaspersky dot com
http://www.kaspersky.com http://www.viruslist.com
Have a good day!
Edited to munge email addresses that are harvested by spam bots - LostAccount
I have a feeling it's a false positive so I'll leave it alone...
My computer most likely does not have (active) spyware... I do not notice any sluggishness (though I know how some spyware hides itself)... and I don't see how spyware can load itself since it is not in most of the Windows loading keys... (using Autoruns)...
Your product (KAV) is great!
so I'll leave it alone...My computer most likely does not have (active) spyware... I do not notice any sluggishness (though I know how some spyware hides itself)... and I don't see how spyware can load itself since it is not in most of the Windows loading keys... (using Autoruns)...
Your product (KAV) is great!
QUOTE(LostAccount @ May 28 2005, 02:58 PM)
I have a feeling it's a false positive so I'll leave it alone...
My computer most likely does not have (active) spyware... I do not notice any sluggishness (though I know how some spyware hides itself)... and I don't see how spyware can load itself since it is not in most of the Windows loading keys... (using Autoruns)...
Your product (KAV) is great!
so I'll leave it alone...My computer most likely does not have (active) spyware... I do not notice any sluggishness (though I know how some spyware hides itself)... and I don't see how spyware can load itself since it is not in most of the Windows loading keys... (using Autoruns)...
Your product (KAV) is great!
And to make it even more great, could you please send the falsely detected file to newvirus@kaspersky.com once again with a short explanation of why you think the detection is false.
I can't... but you might want to see this link:
hxxp://www.popcap.com/games/popcaploader_v6.cab
for more information...
I don't even understand why it was detected as riskware not-a-virus:Porn-Downloader.Win32.PopCap.b... After all, it's just an installed ActiveX control... only Ewido and kaspersky detect it as something wrong... Can you explain why it is malicious?
hxxp://www.popcap.com/games/popcaploader_v6.cab
for more information...
I don't even understand why it was detected as riskware not-a-virus:Porn-Downloader.Win32.PopCap.b... After all, it's just an installed ActiveX control... only Ewido and kaspersky detect it as something wrong... Can you explain why it is malicious?
QUOTE(LostAccount @ May 29 2005, 11:05 AM)
I can't... but you might want to see this link:
hxxp://www.popcap.com/games/popcaploader_v6.cab
for more information...
I don't even understand why it was detected as riskware not-a-virus:Porn-Downloader.Win32.PopCap.b... After all, it's just an installed ActiveX control... only Ewido and kaspersky detect it as something wrong... Can you explain why it is malicious?
hxxp://www.popcap.com/games/popcaploader_v6.cab
for more information...
I don't even understand why it was detected as riskware not-a-virus:Porn-Downloader.Win32.PopCap.b... After all, it's just an installed ActiveX control... only Ewido and kaspersky detect it as something wrong... Can you explain why it is malicious?
If it were malicious by nature, it wouldn't have been detected as only a riskware.
At the moment it is detected as 'not-a-virus:Downloader.Win32.PopCap'. That normally means that a virus analyst considered its ability to (silently?) download files potentially risky.
I read over these posts, but I don't really see an answer as to how to fix this, or allow the ActiveX install. I, too, have been playing popcap games for a long time, and have to lose this option. I am only on a trial version, and other than this, I am almost convinced to purchase. Any info is appreciated. Thanks bunches!
QUOTE(eyoresnorz @ Sep 21 2005, 12:49 AM)
I read over these posts, but I don't really see an answer as to how to fix this, or allow the ActiveX install. I, too, have been playing popcap games for a long time, and have to lose this option. I am only on a trial version, and other than this, I am almost convinced to purchase. Any info is appreciated. Thanks bunches!
Hi eyoresnorz & welcome
The solution is simple, either add it to the exclusionslist by using the link found in the warning:
or not use the extendedbases, but i wouldn't, i would just add it to the exclusions. Basicly the catagory with an "Not-a-virus" is informational, it's up to you if you want to continue using it.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.