eruditas

Trojan:Win32/Pocyx.F!plock

Recommended Posts

Hello, guys and gals,

After update today, Windows 10 default antivirus/antimalware/w\e application "Windows defender" reported that your updater is infected with trojan. Image attached.

Even if we do not believe you're trying to put harmful software on our computers (which i have doubts about), your client should not be treated as trojan by default security software, am I right? Putting reported trojan into "allowed items" section is not a solution also.

This has happened on windows 10, which, I assume, majority of your players are using.

2245

Share this post


Link to post

Hello. We know about it. This is because Updater have self update option. We are now working on another updater. It mustn't have this problem.

Share this post


Link to post

Hello. We know about it. This is because Updater have self update option. We are now working on another updater. It mustn't have this problem.

​Lots of software have self-update function (example - league of legends). Don't bullsh*t the bullsh*tter (its just an expression, not an insult). Just make it work, so people who are less tech-savvy will not have any problems with this :)

Eru btw windows 10 himself is the biggest trojaner u could get...

Windows 10 is like cancer and no one should use it.

​I'm using gentoo as my main OS. Windows is just for gaming. And it's only an operating system, you could modify win to act as any other windows version (remove their stupid one drive, disable telemetry, etc.

For example, to remove one drive make a .bat file:

 

@echo off
cls

set x86="%SYSTEMROOT%\System32\OneDriveSetup.exe"
set x64="%SYSTEMROOT%\SysWOW64\OneDriveSetup.exe"

echo Closing OneDrive process.
echo.
taskkill /f /im OneDrive.exe > NUL 2>&1
ping 127.0.0.1 -n 5 > NUL 2>&1

echo Uninstalling OneDrive.
echo.
if exist %x64% (
%x64% /uninstall
) else (
%x86% /uninstall
)
ping 127.0.0.1 -n 5 > NUL 2>&1

echo Removing OneDrive leftovers.
echo.
rd "%USERPROFILE%\OneDrive" /Q /S > NUL 2>&1
rd "C:\OneDriveTemp" /Q /S > NUL 2>&1
rd "%LOCALAPPDATA%\Microsoft\OneDrive" /Q /S > NUL 2>&1
rd "%PROGRAMDATA%\Microsoft OneDrive" /Q /S > NUL 2>&1 

echo Removing OneDrive from the Explorer Side Panel.
echo.
REG DELETE "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f > NUL 2>&1
REG DELETE "HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f > NUL 2>&1

pause

Sorry for offtopic.

Share this post


Link to post

You can make updater with more then 1 programming language. Microsoft Defender think that auto update code on this language is trojan.

Share this post


Link to post

You can make updater with more then 1 programming language. Microsoft Defender think that auto update code on this language is trojan.

​It's packed with UPX and written in Delphi
Code cannot be treated as a trojan, compiled program can. It doesn't matter which programming language you use (c, c#, c++) as long as your binary code does not violate anything.

Share this post


Link to post

And what our code is violate. And why only windows defender see it like virus?

​Give me source code, i will tell for certain price. Are you sure only windows defender? If you are not certain about some facts, do not tell them.

JiangminTrojanDownloader.Genome.aczl20151211
MalwarebytesSpyware.OnlineGames20151212
McAfee-GW-EditionBehavesLike.Win32.SMSFraud.tc20151212
Qihoo-360HEUR/QVM05.1.Malware.Gen20151212
SUPERAntiSpywareTrojan.Agent/Gen-OnlineGames20151212
nProtectTrojan/W32.Agent.1821696.H20151211

Share this post


Link to post

And what our code is violate. And why only windows defender see it like virus?

​Give me source code, i will tell for certain price. Are you sure only windows defender? If you are not certain about some facts, do not tell them.

JiangminTrojanDownloader.Genome.aczl20151211
MalwarebytesSpyware.OnlineGames20151212
McAfee-GW-EditionBehavesLike.Win32.SMSFraud.tc20151212
Qihoo-360HEUR/QVM05.1.Malware.Gen20151212
SUPERAntiSpywareTrojan.Agent/Gen-OnlineGames20151212
nProtectTrojan/W32.Agent.1821696.H20151211

​We don't need this info especially for money. As I tell you we are working on another updater that will not have this problem.

Share this post


Link to post

And what our code is violate. And why only windows defender see it like virus?

 

this program want two much access witch don't need to... probably WD defend  the default's ... this shi** try to insert

with Comodo defens+ see every file communication //RECOMEND//

Share this post


Link to post

This is known problem with lineage since day 1. Most anty virus soft recognize l2 updaters, game guards as trojans simply because they act in a very similar way. If you downloaded your client from website link you shouldn't have any problems. Instead of trying to prove a point, just sandbox l2 if it's such a big problem for you and enjoy the game, otherwise I'm asking all other people to stop feeding the troll. TY

Share this post


Link to post

Hello. We know about it. This is because Updater have self update option. We are now working on another updater. It mustn't have this problem.

​Do you have any further information about when the next updater will be implemented?

I agree, along with many users, that this server must not have this problem with the updater being detected as "Trojan:Win32/Pocyx.F!plock"

Share this post


Link to post

Trojan:Win32/Pocyx.F!plock is such a nasty Trojan virus. it can do major harm to your computer. it is brutal threat that can delete important system and block useful system programs. it can also steal your personal information and send to hacker. Remove this threat immediately from your computer. 

http://www.uninstallbrowserinfection.com/how-can-i-get-rid-of-trojanwin32pocyx-fplock-trojanwin32pocyx-fplock-removal-help

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...