Support NeoGAF

[Puck]

http://www.infinityward.com/forum/viewtopic.php?f=24&t=181646

http://www.infinityward.com/forum/viewtopic.php?f=24&t=181730

No concrete source / evidence as of yet [until some site makes a shitty article to put on n4g], but the threads seem to be serious enough that this issue is extremely damaging to not only the user, but also to Activision / IWnet.

Please keep this thread active as i'm sure it will be a bigger issue tomorrow once there is an official response.

Date/Time: 18-11-2009, 9:37:22
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\...'
Action performed: Delete file
Soooo why i suddenly start getting virusses and stuff from playing the online multiplayer???

Apparently they are able to hack the server and send virus/trojans to people, in the process they run aimbot in the game, and send a non tagged member to the other team to TK.
quite a story those guys are.
This was the trojan they were trying to send;
TR/Crypt.XPACK.Gen
So is this IW idea of a joke when iwnet is suppose to be hack free when yet its probably less secure than a Windows 98 system with no protection?

 

[Weenerz]

Theres like 50 MW2 threads, did we need another?

 

[6.8]

Theres like 50 MW2 threads, did we need another?

You should make a thread about it.

 

[Deleted member 30609]

there's, like, fifty other threads warning people about a possible virus?

 

[maniac-kun]

well thats what you get when you let players host games instead of using dedicated servers

 

[Khrno]

Theres like 50 MW2 threads, did we need another?

 

[Winterblink]

Please keep this thread active as i'm sure it will be a bigger issue tomorrow once there is an official response.

I'd be surprised if the official response isn't something like "Look, you shoulda bought the 360 version instead!".

Shitty issue though.

 

[KHarvey16]

Seems like everyone detecting this is running the same anti-virus. That could suggest a false positive.

 

[The Faceless Master]

why would a game allow player servers to send executable code?

i'd have to see confirmation on this one, it's just too bizarre...

 

[Plasma]

Theres like 50 MW2 threads, did we need another?

This is pretty serious and good information for those who own the PC version but don't check the official thread.

Thanks for the heads up looks like I'll be avoiding MW2 for awhile ):

 

[Danthrax]

Oh this'll make the PC players extra happy. [facepalm]

Theres like 50 MW2 threads, did we need another?

chill, mang, this is the MW2 Thread of the Day.

we're filled the quota early, today.

 

[Cat in the Hat]

I don't remember seeing this problem with CoD 4 PC, hmmm I wonder what the difference is?

 

[Lafiel]

This is what PC users get for not boycotting it.:lol

 

[CTLance]

Number one:

Is it a cracked copy? Because if so...​

Number two:

Just because the heuristics-based scanner claims something is a virus, it needn't actually be a virus. Especially anti-cheating software may look like a Virus for all intents and purposes: Buries itself deep into the system, attempts to attach itself to running program, extensive memory/file scanning that could look like infection routines to a scanner.
​

Number three:

I hate this damn age gate that just kicks me back to the index site instead of letting me continue to the friggen thread in question.
​

Number four:

Framework Error

Please check the Kohana documentation for information about the following error.

>/system/core/Kohana.php [554]:

The log directory is not writable: /var/www/2009/html/registration/application/logs

Loaded in {execution_time} seconds, using {memory_usage} of memory. Generated by Kohana v{kohana_version}.

....Huh. That's a new one. I can't visit the threads in the OP since the servers appear to be in trouble. Odd.​

 

[Danthrax]

[/INDENT]Number four:

Framework Error

Please check the Kohana documentation for information about the following error.

>/system/core/Kohana.php [554]:

The log directory is not writable: /var/www/2009/html/registration/application/logs

Loaded in {execution_time} seconds, using {memory_usage} of memory. Generated by Kohana v{kohana_version}.

....Huh. That's a new one. I can't visit the threads in the OP since the servers appear to be in trouble. Odd.​

Perhaps the virus isn't just targeting MW2 players. Perhaps it's targeting all of Activision

 

[Keyser Soze]

Kotickworm

 

[Leonsito]

All the internets ?

 

[luffeN]

hm, this is not about mw2, but after the unlock for L4D2 antivir told me that the addoninstall.exe in the L4D2 folder is also a trojan

 

[Peronthious]

Not surprising given how relatively broken open IWNet is now on the PC. Dedicated servers, multiplayer crack, it's more than CoD 4 ever had, and all exacerbated since it's a singular centralized system.

 

[Deleted member 30609]

hm, this is not about mw2, but after the unlock for L4D2 antivir told me that the addoninstall.exe in the L4D2 folder is also a trojan

false positive, you'll be fine

 

[CTLance]

Servers seem to have rebounded.

Cripes, some of the replies on that forum make my brain hurt.

What we need is someone to upload that file somewhere so it can be analyzed/disassembled. At the moment it looks more like an over-eager AV to me. Better be safe than sorry though.

 

[TheSeks]

why would a game allow player servers to send executable code?

Didn't Warcraft 3 do it?

Number one:Is it a cracked copy? Because if so...

Why does that fucking matter other than "DURR VIRUSES IN PIRATED COPIES?" Considering this is being "sent over IWnet" this affects legit and non-legit alike.

Not surprising given how relatively broken open IWNet is now on the PC. Dedicated servers, multiplayer crack, it's more than CoD 4 ever had, and all exacerbated since it's a singular centralized system.

Don't forget the three hidden gamemodes if PC users reactivate the console! (Man, I wish someone would hack a PS3 gamesave *unless IW got smart* to do that... /bind button_up team_say "GET ON THE POINT, DUMBASS" )

 

[Doc Evils]

This is what happens when you remove dedicated servers from pc gaming to serve your own greed.

 

[snap0212]

How long does it take until Infinity Ward realizes that all of this was a huge mistake? Can't wait for their excuses. :lol

 

[Enosh]

:lol @ people talking about sueing IW/AV

 

[Chao]

well thats what you get when you let players host games instead of using dedicated servers

 

[Solo]

MW2 is the virus! You've all been had!

 

[timmy]

You PC gamers will bitch about anything!!!

 

[fistfulofmetal]

Sheppard has gone too far.

 

[CTLance]

Why does that fucking matter other than "DURR VIRUSES IN PIRATED COPIES?" Considering this is being "sent over IWnet" this affects legit and non-legit alike.

Eh, have we read the same thread? It's just a bunch of dudes agreeing with each other that apparently AVG and avira throw a shitfit over some file that is apparently accessed/dropped on their PC while playing MW2. No files, no proof, and a scarcity on genuine, verifiable info. So excuuuse me, princess, when I cover all vectors I could think of.

MW2 is an awesome target to slip in some malware undetected one way or another. Gamers are more likely to rip open their firewalls, stay connected, have ample bandwidth, and run many programs that lead to false positives in AV software, meaning the malware has a chance of being ignored by accident.

There are three scenarios (besides the "false positive" angle) in this, if you ask me.

It could be a legit self-updating anti-cheat software doing its job, as intended. It could be a genuine hack using a buffer overflow or the likes, affecting legit and illegitimate users alike. It could be a filedropper hidden away in a crack/loader/whatever, not necessarily for MW2. It's a great idea to poll whether there's a fullscreen app running before doing... stuff.

There's also a possibility that this is all FUD and someone's laughing right now, diabolically at that.

Damn, IW servers gave out on me again. What's up with that.

 

[WrenchNinja]

Kotickworm

The worm is shaped like Kotick's smug face?

 

[wormstrangler]

Good, I hope it deletes every file of anyone that bought MW2.

 

[Deleted member 30609]

Good, I hope it deletes every file of anyone that bought MW2.

fuck you to, buddy

 

[Mister_Mingi]

Don't worry this virus will take over Activision and add dedicated servers.

 

[Rollo Lawson]

why

 

[DietRob]

Hell hath no fury like a PC gamer scorned.

 

[wolfmat]

So they're not maintaining control over packet content? Is that stuff completely unchecked? Is there no rejection strategy? Like, a sequence algorithm or something?

If yes: What the fuck? Fix it.
If no: Either they figured it out or this is fake / some other virus / false positive.

Is that stuff coming over UDP or over TCP? Why is it assembled? If it weren't, it wouldn't match the XPACK pattern.

All in all, sounds extremely unlikely.

 

[rollingstart]

Theres like 50 MW2 threads, did we need another?

yes, actually.

Thanks to the OP.

 

[Archie]

Cheat / Hack Free Games: The biggest benefit of using IWnet by far is the fact that you don’t have to worry about joining a server full of aim-bots, wallhacks, or cheaters. Or relying on the server admin of the server to constantly be monitoring, banning, and policing it. Modern Warfare 2 on PC allows us to control the quality of the game much more than ever before as well as utilizing the VAC (Valve-Anti-Cheat) system to keep games clean of hackers and cheaters.

All in all, IWNET adds a load of new features that the PC version of our games have never had before and allows us an infrastructure to continue to update and improve on the game post-launch.

I guess some of the new features include viruses. :lol

 

[NekoFever]

The PC version is balanced for viruses, though.

 

[Diablohead]

This is what happens when you half-arse a game.

 

[KHarvey16]

It's still important to keep in mind this is likely a false positive given the information we have. I'd save the derision until we know what's up.

 

[DoomGyver]

FREE DLC? HOLY SHIT!

 

[Enosh]

FREE DLC? HOLY SHIT!

there already was free dlc

they added 3 new playlist

 

[wolfmat]

there already was free dlc

they added 3 new playlist

They should have added ∞ playlists.

 

[shuri]

No concrete source / evidence as of yet

Yeah ok, that should be put into the thread title...

edit: Crypt.XPACK.Gen is a virus that is spread by MSN. That moron got infected earlier in the day, and his scanner probabgly picked it up during a routine scan of the file system while he was playing

edit2: Crypt.XPACK.Gen is also a two years old virus.

edit3: lock this thread, its only spreading FUD

edit4: It seems that variants of Crypt.XPACK.Gen were also spread with COD4 aimbots :lol

 

[nightside]

wow, if this will turn out to be true it's gonna be pretty huge.

 

[Rayme]

Lot of premature sneering in this thread already, sheesh. =\

 

[wolfmat]

No concrete source / evidence as of yet

Yeah ok, that should be put into the thread title...

pretty much

 

[minus_273]

man i love the internet. there is nothing saying there is an actual virus or that it came from the game. those forum posts are as conclusive as this:

poster 1: hey guys i just got a ps3 hooked it to my home network and now i have avirus. ps3 spreads viruses.
poster 2: omg i just scanned my computer with the same progam. I have a virus too. nooo.
poster 3: thanks op. we didnt have this problem with xbox live. i wonder what the difference is hmmm
poster 4: psn causes viruses confrimed!

this then proceeds to be spread all over the net.