hi...

just add Settlers® 3: Ultimate Collection uninstaller to the possible list aswell
i was checking my games, installing them and when i uninstalled the game above KAV popped up a message


15.06.2015 15.59.42;Detected object (Process memory) is not active;j:\gog games\win7-gog\the settlers 3 - ultimate collection\unins000.exe;j:\gog games\win7-gog\the settlers 3 - ultimate collection\unins000.exe;PDM:Trojan.Win32.Generic;Other malware;06/15/2015 15:59:42


so that be number 3, kkn extreme, duke nuke em and now this one...
funny thing is that i have kav since 3 or 4 versions , i had lots of games with setup and never had this detection
most uninstalls were like the default microsoft uninstall thing you get, these been around since win95 or sooner.
Never had any detection, so maybe kav is overprotective or maybe some uninstallers use 'exotic' code or something, i dont know, i do know that i never had any uninstall trigger any AV since win95, these are the first.

The demo of serpents in the staglands 32 bits seemed to trigger the same, and 64 bit as well
so i downloaded it later and still same issues.

I decide to try it again today and the 32 bits still triggers KAV so there must be funny code used

my download folder:

15.06.2015 16.51.42;Detected object (Process memory) was deleted;o:\windows7-downloadsmap\windows\x32\serpent in the staglands demo.exe;o:\windows7-downloadsmap\windows\x32\serpent in the staglands demo.exe;PDM:Trojan.Win32.Generic;Other malware;06/15/2015 16:51:42


64 bits demo behaves okay:
The 64 bits demo behaved it was not deleted nor detected , so i dont know if the dev 'woke up' and changed the 64 bits demo but it works so i could play the demo.

The screen is in full screen now, but tiny graphics, tiny letters, its just not made i guess for old 17 inch screens
i have to use a magnifier glass to be able to see whats going on, to small can make your eyes tired i need to concentrate hard to see what the tiny stuff read :D

Finally the game demo is quite heavy on cpu 40- 50% of all 4 cpu is too much for comfort, my fans have to work overtime :D

Maybe someday i might get the game cause it looks okay, but its way too tiny (text is very hard to read) on my screen (nothing helps to increase the tiny game) to pay full price.


anyways, x32 , x64 demos should never trigger anything, having in total over 1000 games and only had 3 uninstallers and 1 demo triggering my AV so far, so its not the AV, cause then i should have had loads of 'false positives'.


steamcommunity also had KAV users with same problem (i just googled for it)
but all the devs and users 'blame' the AV , and i wont agree with them, why? like i said earlier is kav is so bad and has so many falsepositives, then how come i only had 3 and now recently the 32bits demo from staglands?

Anyways i will just delete all files instead then i clear up possible leftovers using regtool

How would you know if it really was a false positive with so many games having suspicious DRM or spyware under the guise of anti cheat?

In GOG (& DRM-free) we trust. :)

I just installed Webroot on my MAC. I have ALOT of GOG games. Webfoot has flagged files inside the packages for Avernum 1-2-3, Leisure Suit Larry "love for sail", Lords of the Realm 2-3, files as suspicious threats for Ic.exe, and sn.exe. It has flagged wordpad.exe and explore.exe as W32.malware.Gen.
Please tell me I don't have to delete or uninstalled these games. Why are these files flagged? Any help would be appreciated. I have attached a screen shot of the file location.

Virus scanners and such like are not 100%, and they tend to be very over cautious flagging perfectly fine files. If its flagging wordpad and explorer - which are windows exes it shouts to me one of two things, either you have a virus from somewhere thats affecting installed programs, or this webroot is rubbish.
Try running some of the files through:
https://www.virustotal.com/

Or other virus programs/malware programs. Of course you on a mac, so why do you have windows files - explorer.exe and wordpad are windows?

In this case, though, those two files aren't Windows files, they're Wine files, which have been built from scratch by Wine developers because windows applications are fairly likely to ask for them.

As to why they're flagged, since they don't match any of the known signatures of the Microsoft applications with the same filenames, the antivirus marked them as a generic Windows malware.

Looking at "W32.malware.Gen" we can see how the antivirus identifies the file and can thus read that it doesn't know what malware it is (should be the actual name of the malware, but it's just "Gen"), or even what type (could be worm, trojan, or any of about a handful other types, but in this case simply "malware"), but it does at least see that it's Windows code (W32).

Wine, on Mac? So running windows, on a linux (not an) emulator on a mac?
As for the above, yes, seen that a fair bit with Avira, its generally just being over cautious, hence why I check files on other software.

Wine on OS X, yes, I can't see what's so strange about that. Wine was never built to be Linux-exclusive, and has been on other platforms since a long while ago.

The chances of a gOg having a virus is so tiny, that it's not worth to get worried and paranoid about the possibility.
Can you imagine the bad image gOg would make, if they allowed this to happen to their games?
Many people would consider them amateurs, and not trustworthy, if they found viruses in the games.
It would be VERY bad for business.

Thanks all for the replies.
@nightcraw1er, Do you have a MAC? Do you play GOG on your MAC? Do you know what a .dmg file is? If you answered no to these questions, it could be that you weren't qualified to respond to mine. I do appreciate the reply and the virustotal link. I don't mean that in a critical way, its just you seemed to formulate an opinion not know what your'e talking about. No, i did not get a virus from some where else. the flagged files are in the dmg package. Its not likely something just jumped in there and infected it. Those flagged files were wrapped in the package from GOG.
I suspect Maighstir is on the right track. GOG game files for the MAC are wrapped in little package called .dmg. Inside the package are actual readable files (not encrypted or binary) that run the game. Yes those are Windows files, Worded.exe and iExplorer.exe and yes, GOG uses Wine and DOSBOX to compile Windows games to run on a MAC.
Years ago i remember that Windows files, like the aforementioned, were exploited with root-kits. It could be the developers used them as suggested by Maighstir and that they are flagged as generic malware. I am a registered user of Webroot (which happens to be one be the absolute best Antivirus's on the market) and have them identify it, if it is in fact a false positive.
@ almabrds, i have been buying GOG games for years, I trust them, and to start wrapping worms in dmg files is highly unlikely and yes, bad for business. I am sure they disinfect all the code from the developers. BUT..one can never tell...

Thanks again for the replies!