What is --> backdoor.win32.Ceckno.RAA...

[KyVarment]

Howdy all,

I downloaded installed Planeshift without any problems... Now when I run psclient.exe I get an AntiVirus Alert saying "Virus detected" "backdoor.win32.Ceckno.RAA@18514656"

I was wondering if this s this a false positive or a real threat... 

[ThomPhoenix]

What mirror did you download it from? If it's a trustworthy server there should be no such problems.
Also, what antivirus do you have?

[verden]

Its a worm. It might have modified the download exe after uncompressing but before execution.

[KyVarment]

Thanks for the replys

I use Comodo Antivirus...

I downloaded a copy from Xordan then uninstalled it when I got the virus message... I then downloaded another copy using bittorrent and installed and I still get the same Virus warning

[Sen]

Hello

I personally tend to see it as false positive. To be really sure you can compare md5 checksums or even go to irc to ask other players for the md5 checksum of their clients.


Sen

[ThomPhoenix]

If you downloaded it from both the Xordan server and Bittorrent I think you can be sure that not the downloads themselves are infected but your computer. Verden is probably right that a worm infected the files during/after install.

I recommend using an online virusscanner like http://housecall.trendmicro.com/uk/ so you can scan your pc without having to install another antivirus scanner. If that scanner finds no virusses at all and if Comodo is up-to-date an a full disk scan by it doesn't reveal anything, it's probably a false positive. If it's a false positive you can report it to Comodo or put the PlaneShift folder on an ignore list.

[KyVarment]

I recommend using an online virusscanner like http://housecall.trendmicro.com/uk/ so you can scan your pc without having to install another antivirus scanner. If that scanner finds no virusses at all and if Comodo is up-to-date an a full disk scan by it doesn't reveal anything, it's probably a false positive. If it's a false positive you can report it to Comodo or put the PlaneShift folder on an ignore list.

It only shows up when running the psclient.exe, I've tried to scan the psclient.exe and it finds nothing... so running the online scanner really want help...

I think I'll ignore it for now, it's a new laptop so restoring want be a problem if needed...

Thanks y'all

[ThomPhoenix]

Only when running eh, might be a false positive then, but still, you can never be sure enough with nasty things like virusses

[GiGaBaNE]

confirming this result only when using comodo, guess its just a fakse positive.

[Elvicat]

odd i use comodo too but don't get that thing... but then again i have the scanner on low