It is a false positive, but it still contains parts of the virus, as confirmed by the Avira statement. So it means the files are of questionable origin at the very least, since developers will hardly give you infected and subsequently cleaned files. Unlike you, who acted on faith only based on GOG marketing guy statement, I obtained statement of a credible authority - of someone who actually has the ability to reverse engineer and analyze code. And what did I receive in return? Insults, and childish attacks.

The rabid behavior of some people here is disgusting. l0rdtr3k, you must be 13 year old. I have learned that GOG community contains larger percentage of ignorant people than obvious at first glance. Few communities react with hostility and personal attacks when confronted with legitimate inquiries.

:D

I see a lot of peeps here jumped on the bandwagon of calling names and and ridiculing Kamamura just for the sake of it. If you don't have anything of value to post let the thread die. If you think OP is bullshit, say so and move on.

Having said that I think it's interesting what avira said. Let's not forget that avira is a top antivirus company and some random dude on the internet. So if what they say is true (other top antivirus engines didn't report anything, keep that in mind) there are two things we can take out of it. a) They are correct in not removing the warning even though they know it's false and b) it would be feasible to better clean up those files.

Of course it's not really unreasonable to meet the results with doubt. After all how did GOG come up with those previously infected files in the first place?

I've seen trolls in my life, but never one as stubborn as you. You have multiple verified sources that say the executable is a false positive, and yet you're still going on about it? Must be some shitty anti virus software you're using then. And you're in SysAdmin? I hope they hire better staff, because you're not cutting it.

No, I have not seen "multiple verified sources". What I saw in the beginning was only faith shared by GOG users based on a single GOG marketing guy statement that "the file is okay". Against that were four antivirus software products flagging the file as infected.

The proper procedure for GOG would be to resolve the matter with the antivirus vendors, which GOG failed to do due to negligence. You, the customers, don't care, and put your computers and networks that trust your computers under risk you clearly don't understand and therefore cannot quantify.

I did what GOG should have done, and obtained the statement from the antivirus vendors. They have the competence and expertise to judge the danger the suspicious binaries may present, not you, the ignorant game consumers, and not GOG (unless they employ someone capable of reverse engineering and analyzing binaries, which I doubt).

Your failure to understand this reflects poorly on you, not me.

Geeze Dad, you never let us have any fun. :-(

FTFY.
BTW, would you kindly post the hashes for the 4 flagged files? I want to see if I can track down the original game and see if the files are identical.

Well, this is a weird thread to read through.

That's what most people here are doing. It's the OP that not only hasn't moved on, but now is only coming back to insult people.

Also, reread Phasmid's post, or read about how AV's work before blindly accepting Avira's take that the files were indeed formerly infected just because they're "a top antivirus company" (and. like you said yourself, one of the few who detected anything). But you're more than free to bug GOG staff for information on how they conjure their installers, all the way to its origins, if you *really* want to make sure.

The fact that you called all of us ignorant tells me all I need to know about you. But that's beside the point. Being in your field, you should know when to let up on false positives. The fallacy you're implying here tells me you've not tried the better AV out there. And even then, the best ones do give out FP once in a while.

LOL +1 for you :)

I know most people did post their objections and move on, but the last couple of pages are mostly insults and mockery without anything constructive for an nonparticipating reader. That's one.

As for how AVs work, I know pretty well what heuristics are and that are standard tech on AVs for decades now. In fact when I first saw the thread I dismissed it exactly as a false positive due to sensitive heuristics engine. But then OP came back with more details on the matter and, while I don't know for sure, I'm willing to assume that the reply he got from Avira is not some auto-generated answer, but they actually analysed the files at hand. Their explanation looks pretty convincing. It IS a false positive, but there's a reason.
Also as I said their estimation could be wrong. My whole post actually was an attempt to underline that both arguments have merits.

I can see why people are eager to take one side. OP's attitude is not exactly charming. He's hot tempered and given the reaction to this thread he lost his cool pretty fast. But that doesn't mean everything he says is bullshit.

Also why the quotes on top AV company? Doesn't Avira measure up against the best?

I was quoting you. That probably became a bit redundant when I later added the part between parentheses.

Ah, sorry. I totally misread that. :)

I think most of you really jumped over a cliff on this one,

The guy is doing just a service by warning us of a potential issue, he isnt doing it to attack GOG, he is bringing it to GOG's attention ffs.

and since he does working the computer security field, yeah I would be suspicious too, especially if this reflects how I do the job.

KamamuraL I suggest filing a ticket with GOG support as its more mainline into GOG then the forum tends to be, and they are quite helpful, may take a bit of time to respond though, I would also provide all the documentation and proof you have so far collected as I am sure it will help them track down the issue and resolve it.

Sorry you got shit on by people here.

You did read the entire thread didn't you? :P Yeah there is a little piling on here and that is embarrassing, but the vast majority of the people who initially took to this thread attempted to help the OP and were basically told to stick it up their asses. XD Does that give anyone the right to act the way some of us (myself included) acted? No, and I apologize for that, but it was clear from the tone and the replies from the OP that he came in here asking for help with no actual desire to receive any.