Jump to content
Sign in to follow this  
lightwolf34

Assassin's creed black flag trojans false positive?

Recommended Posts

Hi when i scanned with superantispyware yesturday it said i had 4 trojans in asssassins creed black flagg,one the ubisoftuninstall.exe and two was the update.32.exe and the other one was update64.exe.Has anyone else experienced this?I deleted the trojans and rescanned and I found nothing after.It was called Trojan.agent/Gen.Bancos so I hope its a false positive.

Share this post


Link to post
Share on other sites

hi lightwolf34

 

if you downloaded those files where did you download them from?

 

also if it crops up again can you use the built in FP reporter so the team can check it out, thanks.

Share this post


Link to post
Share on other sites

Yup your not the only one looks like mine was detecting the same files and some:

 

Generated 01/08/2014 at 11:20 PM
 
Application Version : 5.7.1016
 
Core Rules Database Version : 10965
Trace Rules Database Version: 8777
 
Scan type       : Complete Scan
Total Scan Time : 00:19:23
 
Operating System Information
 Professional 64-bit (Build 6.02.9200)
UAC On - Limited User
 
Memory items scanned      : 559
Memory threats detected   : 0
Registry items scanned    : 69134
Registry threats detected : 0
File items scanned        : 75216
File threats detected     : 4
 
Trojan.Agent/Gen-Bancos
D:\GAMES\UBISOFT GAME LAUNCHER\GAMES\ASSASSIN'S CREED IV BLACK FLAG\SUPPORT\COMMON\ACBF_CLEANUP.EXE
D:\GAMES\UBISOFT GAME LAUNCHER\GAMES\ASSASSIN'S CREED IV BLACK FLAG\SUPPORT\COMMON\KB971512\VISTA_UPDATE32.EXE
D:\GAMES\UBISOFT GAME LAUNCHER\GAMES\ASSASSIN'S CREED IV BLACK FLAG\SUPPORT\COMMON\KB971512\VISTA_UPDATE64.EXE
D:\GAMES\UBISOFT GAME LAUNCHER\GAMES\ASSASSIN'S CREED IV BLACK FLAG\SUPPORT\COMMON\UPLAY_UNINS.EXE
 
I already sent in a false positive report though the client hope its a fp since the files have been on my comp since 11/24

Share this post


Link to post
Share on other sites

Just scanned the files again now there detected as gen-banker lol. probably just gunna whitelist them 

 

 

Generated 01/09/2014 at 04:24 PM
 
Application Version : 5.7.1016
 
Core Rules Database Version : 10967
Trace Rules Database Version: 8779
 
Scan type       : Complete Scan
Total Scan Time : 00:00:07
 
Operating System Information
 Professional 64-bit (Build 6.02.9200)
UAC On - Limited User
 
Memory items scanned      : 0
Memory threats detected   : 0
Registry items scanned    : 0
Registry threats detected : 0
File items scanned        : 169
File threats detected     : 4
 
Trojan.Agent/Gen-Banker
D:\GAMES\UBISOFT GAME LAUNCHER\GAMES\ASSASSIN'S CREED IV BLACK FLAG\SUPPORT\COMMON\ACBF_CLEANUP.EXE
D:\GAMES\UBISOFT GAME LAUNCHER\GAMES\ASSASSIN'S CREED IV BLACK FLAG\SUPPORT\COMMON\KB971512\VISTA_UPDATE32.EXE
D:\GAMES\UBISOFT GAME LAUNCHER\GAMES\ASSASSIN'S CREED IV BLACK FLAG\SUPPORT\COMMON\KB971512\VISTA_UPDATE64.EXE
D:\GAMES\UBISOFT GAME LAUNCHER\GAMES\ASSASSIN'S CREED IV BLACK FLAG\SUPPORT\COMMON\UPLAY_UNINS.EXE

Share this post


Link to post
Share on other sites

I have corrected the false detection of these Assassin's Creed IV executables. It seems that one of our researchers created two very similar trojan definitions, and though I adjusted the 'Bancos' definition yesterday the 'Banker' definition still caused the false positive. 

 

Database version 10968 should be published within the hour - please let us know if these files are still being detected after updating.

Share this post


Link to post
Share on other sites

yes I'm using the latest file definition version.it says:

Trojan.Agent/Gen-Refroso
    D:\SPILL\ASSASSIN'S CREED IV BLACK FLAG\FIREWALLGE.EXE
    D:\SPILL\ASSASSIN'S CREED IV BLACK FLAG\FIREWALLGE_REM.EXE

Share this post


Link to post
Share on other sites

I'm not a gamer so I have no idea about those files especially seeing as you're the only one who has this issue at present.

 

Are those items still in Quarantine?

Share this post


Link to post
Share on other sites

In order to send a sample I think the only way to do it now is to Restore the items (making a note of their file path) then on the SAS program Home page select "System Tools & Program Settings".

 

Under System Tools select "Submit Malware Sample".

 

Now select Browse and navigate to the files that were listed, as soon as they are placed they will be sent, I just ran a test and it seems that only .exe files are sent.

 

Other than that I can see no way of sending a FP any more.

Share this post


Link to post
Share on other sites

I did as you told and they were sendt,so I hope they find out what it is.I also scaned with malwarebytes without finding it so its kinda strange.Seems like assassin's creed black flag has had more false positives than the game is worth :?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×