Casinos

Casinos By Status

Popular Filters

By Banking Options

Games

All Games

Bonuses

Popular Bonus Filters

Forums

Popular Forums

Forum User Features

Complaints

Submit A Complaint (PAB)

PAB Rules and Guidelines

Browse PABs

Gambling News

Popular News Sections

About Us

About Us

external image

Infected MGS installer`s?

L

LinkinFart

Banned User : multi-account fraudster
Joined
Oct 1, 2008
Location
Croatia
Since yesterday my KIS is recognizing MGS installers as infected with

"not-a-virus:Garbage.Win32.Casino.heur"

First time it happened last night while I tried to download one, KIS blocked the link immediately, but this morning KIS also recognized all of the already downloaded casino and poker installers infected with the same virus.

Viruslist link contains no info on this threat and google is not finding much.

Did anyone experience the same thing? Can someone max "heuristic analysis" and peform manual scan on one of the installers?

Thanks.
 
Just tried Betway installer. No virus infection warning. They have different installer, I`m guessing that all default ones will show up as infected.
 
i ran into this situation before i believe my Norton picked up on the casino /poker room;s scraping agent in the down load that's were they can catch if your useing a robotic agent

proviso it was a while ago i instructed it to over ride it as i remember it was listed as a [ p u p]

potential unwanted program and it was acknowledged by the casino or poker room cant remember witch

but you should be able to get a exact from the casino to match up with your virus suite 's response
 
I have "PUP" detection disabled, it does catch casino installers as trojans or something malicious. So its not PUP but thanks for trying. Support told me to turn off KIS and to continue with install/download. No way I`m doing that.
 
LinkinFart said:
I have "PUP" detection disabled, it does catch casino installers as trojans or something malicious. So its not PUP but thanks for trying. Support told me to turn off KIS and to continue with install/download. No way I`m doing that.
Click to expand...

Surely the legitimate software industry keeps the vendors of anti-virus products up to date with any upgrades so that they can be added to the database and NOT mistaken for viruses, trojans, etc.

The problem with this attitude of telling the user just to disable his security software to force through the installation is dangerous, as ANYONE can claim they are legit, and if users get into the habit of believing all these warnings are just "false positives", then REAL menace software can sneak by by PRETENDING it has just been victim of a false positive.

What better way than to fake a casino website, and pretend it uses a well respected software.

Player find site, and thinks "great, never seen THIS Microgaming/RTG/whatever casino before, lets give it a try". Up pops the virus warning, and player simply disables it muttering "flipin' eck - these false positives are such a pain". In goes NOT a new casino, but a nasty piece of malware that take over his PC, and then tries to spread it's infection through the internet to anybody else who trusts this player, such as his email contacts.
 
Another thought is that the protection you have on your computer and any added protection is not compatable with each other and is giving this warning.
If you are installing or have installed a casino you had no problems with previously then maybe there is a compatability problem with some new update or protection you have added to your pc while still having another protection in place?
 
I got notice from my anti-virus a couple of weeks ago that I'd had 3 Trojans it disposed of and I suspected a couple of Rivals since the notice came right after downloading them to play a couple of free chips. I got another chip offer from Tropica last week and sure enough as I was downloading it I got the following. I know I'm on their sht list but come on fellas. At least the Trojans don't seem to have messed up my pc as far as I can tell.
 
vinylweatherman said:
Surely the legitimate software industry keeps the vendors of anti-virus products up to date with any upgrades so that they can be added to the database and NOT mistaken for viruses, trojans, etc.
Click to expand...
That's not how it works. AV software searches files for signatures of known malware and possibly for indications of suspicious content in files. There is no database of "safe" files. A database containing just some kind of hash of all current and past versions of the many thousands of windows system files alone would be enormous, not to mention all the other software (like MG casinos and their frequent upgrades).
 
True about "heuristic", most false positives comes from that method but its the only available against new or unknown threats. Thats why I asked if someone could try to download one installer with their heuristics maxed. Also, I`m not turning my security off, just look at that other thread where rogue casino installer probably made a zombie out of someones computer. Wait and see, only thing I can do at the moment. If its false, it should get recognized correctly in short time.
 
My norton , and previously nod have had false positives for microgaming, and rtg casinos. I just tell my norton that it is not a virus and install away. I believe that large softwares like microgaming and rtg don't let their installers become infected with viruses.
If you have windows 7 or vista installed linkin, unless you give the installer administrative rights and turn your antivirus software completely off (and it is indeed a virus/trojan), it can't make your computer a zombie, because it can't write to system level of your operating system, and if it does your virus software will detect something is going on.
If you wan't to wait and see, you should be prepared for a really long wait.

-kavaman
 
GrandMaster said:
That's not how it works. AV software searches files for signatures of known malware and possibly for indications of suspicious content in files. There is no database of "safe" files. A database containing just some kind of hash of all current and past versions of the many thousands of windows system files alone would be enormous, not to mention all the other software (like MG casinos and their frequent upgrades).
Click to expand...

There are lists of known malware files, and it seems that for some reason the casino installers keep looking like malware.

Perhaps the problem is with the casinos being "too clever" with their installers, and this is confusing security programs.

Players used to be able to download a casino to the desktop, scan it, and then execute the install directly from the desktop, What players NOW download is NOT the installer itself, but a "manager", a tiny utility that THEN proceeds to download FURTHER files that make up the casino installer itself. It seems THIS is what gets picked up by security software, since this is EXACTLY how a TROJAN operates, and it is hard to tell the difference.

Rather than trust their security software, players have to trust the casino when they say their installer is just that, and not a piece of malware.

Casinos could solve this by going back to using simple install files, which the user can download completely, and then execute FULLY behind their firewall and security protection, and with NO internal connection requests being necessary from the installer.

The difference here is that the USER downloads the full "exe" using the browser, and since such a download is permission controlled, it does NOT trigger the security software at this stage. When executed from the desktop, a complete installer ALSO does not normally trigger the security software because it does not BEHAVE like a trojan by trying to "call home" during it's execution.

This does not happen when a casino is installed from a CD, yet install the SAME casino from the internet, and it WILL trigger the security software, even though what is being installed is the SAME in both cases.

Poor design is creating unnecessary worry from players, but is also losing casinos potential customers, those who do not feel they "know enough" to make that judgement call to disregard the warning as a "false positive", and so delete the file rather than trying out the casino. This also means they are unlikely to install the casino at a future date.

Quite a few users don't even know HOW to override their security software, even if they wanted to. In a work environment, they would not even be ALLOWED to, and it does seem that casinos promote "playing at work" to their players by suggesting how it can be achieved. Lately, this has been through the development of the "mobile casino" rather than getting players to install the software on work machines. Although this does not compromise the workplace machines, it STILL encourages employees to misuse the working day.
 

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

Accredited Casinos

Read about our rating system and how it's done.
Back
Top