It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
Castles seriesCastles contains trojan?(4 posts)(4 posts)
(4 posts)
Pages:
1
This is my favourite topic
Posted February 28, 2014
I'm not really familiar with antivirus programs (I use Macs), but I decided I should take some more precautions with my computer's health and downloaded ClamXav (opensource). The first file that showed up with an "infection" was Castles 1 and 2.app with the "infection" "Win.Trojan.Chiton-167 .

I don't know if this is a false positive, or how it could occur that Castles has a trojan, so maybe someone could inform me just what may have gone on.

Only experienced users should comment, please, no baseless speculation.
No posts in this topic were marked as the solution yet. If you can help, add your reply
Posted March 01, 2014
Okay, so I scanned through the log file (so tedious… -- should've done a string search) and here are the relevant files:

/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins/AcroForm/PMP/AdobePDF417.pmp: Win.Trojan.Chiton-167 FOUND
/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins/Multimedia/MPP/Flash.mpp: Win.Trojan.Chiton-210 FOUND
/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins/Multimedia/MPP/MCIMPP.mpp: Win.Trojan.Chiton-170 FOUND
/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins3d/3difr.x3d: Win.Trojan.Chiton-213 FOUND
/Users/username/Applications/Wineskin/Castles 1 and 2.app/Contents/Resources/drive_c/Program Files/Adobe/Reader 9.0/Reader/plug_ins3d/drvSOFT.x3d: Win.Trojan.Chiton-218 FOUND

Adobe, hmm… that leads me to believe this was not actually a false positive… so what should be done? Should I simply delete the relevant files? Should I petition gog.com to take care of this? What does this particular trojan do?

I'm going to add this thread to the main forum to give it a bit more traffic for responses… I'll post back here once some relevancy has been determined ;) .
Post edited March 03, 2014 by elus89
Posted March 03, 2014
Checking out the files with other antivirus databases with virustotal.com shows that ClamAV was the only one to pick it up... so it's probably a false positive.

Besides that, this was an install from 2009 and gog.com's latest doesn't include Adobe Reader at all any more. Sorry, false alarm.

By the way, I should mention these were the only few files that ClamAV flagged, so false positives don't seem to be common and hopefully that's a sign that ClamAv is still relatively reliable.
Posted April 05, 2018
Seriously? This game has been on GOG for 10 years and they still haven't fixed it? Wow! How many games on this site have viruses? Buyer beware!
Pages:
1
This is my favourite topic
Community
Castles seriesCastles contains trojan?(4 posts)(4 posts)
(4 posts)