11 replies to this topic

[hornynick]

I just run SuperAntiSpyware and it told me I have "trojan.agent/gen-frauder" in 2 files, ambercleanup.exe and autoupdate.exe.

I assume this a mistake on the part of SAS as this was the last program I ran after Avira and AntiMalwareBytes and they had no problem.

I was just wondering has anyone else found this and did quarantine/removal affect Amber in any way?

[pilky]

i think its what known as a false positive and ive scanned the files with eset and every other utility i have and nothing found

[todd1970]

Yeah , scanned with Avast also and nothing found , i have used Super-Antispyware before and it is quite good , but throws up a load of false positives so i binned it.

[hornynick]

yea i thought so cheers. I removed them and Amber still works fiine though. Todd, apart from tracking cookies this is the first time SAS turned anything up.
After I posted here I did a Google and on the SAS forum someone returned 2 results yesterday with the same trojan so it maybe something to do with the latest update.

[pilky]

i think the problem was to do with tracking cookies ..not anything to do with amber .. to stop tracking cookies in firefox or internet explorer use google .. to sort... otherwise try this programme http://www.ghostery.com/

[Guitar]

Don't forget there is a logging in part to amber which sends info from the server to the game and vice versa about the games in the online arcade. False positive and nothing to worry about.

This shouldn't happen in offline mode. In offline mode the game will still try and create a connection, but nothing should be logged, because you won't be logged into the server, not to mention the server isnt running atm and hasnt been for several weeks.

AutoUpdate is a small program which is used to automatically uodate amber from the server, but it should only be triggered if you update the emulator .exe as I couldnt replace the exe from itself whilst its running.

If you are worried about it, delete it as until the server is sorted and you have a username and password, you wont be able to use it.

Amber Clean Up will fix the emu if you end up with an error which causes the emulator to think there are more instances of it oipen than there really are (in most cases 1).

Feel free to delete it if you want to, you will only need it under certain circumstances where the emu has crashed a lot in a short period of time, and was more to help me in development, I just left it in the pack as there are [rare] circumstances where users may need it.

But there is nothing nasty in them I can assure you.

[piesthecat]

just upload it to virustotal and it will be scanned with every anti-virus but its just a false positive

[policematrix]

i recommend http://www.malwareby...alwarebytes_pro the free trial is good , i had 10 infections and this was the only thing that found them , i tried norton 360 it came up clean also AVG both failed to find the infections that were seriously slowing down my cpu

[stanmarsh14]

Yep, confirm it's a false-positive result from your A/V.

Had Norton do the same to me too, but just excluded it from future scans (Amber's installer).

Think reason why some A/V's bitch about it, is the way the installer drops .dll files in to the Windows DIR folders.

If you are concerned at all (This applies not only to Amber but to ANY file you have), upload the suspect file to the Virus Total website, and see what results you get from that.

Anything with less than 33% hits, I would not worry about at all..... anything above warrants closer inspection, but even then (Like you get with some patching tools and keygens for progs), note what the results says, and quite a lot of the time you just see generic heuristics warnings which normally don't mean much and is simply an over reaction from the A/V scanner.

https://www.virustotal.com/

[stanmarsh14]

Results from the current scan of Amber, and only 3 / 41 warnings of poss suspect files, so basically nothing really.

https://www.virustot...sis/1338953268/