Players Online
234
Please be invited to the special battle royale event that is organised
by player Lamusini and will take place in the arena prepared specifically
for this event! More information available in the event's forum topic.
Changelog
26 Oct 2024 - Thanks to a few tweaks to the back-end infrastructure, the server save will now last 10 minutes at most, rather than way over 20 as it did before. Check full changelog...

#1

03.07.2023 18:45:06

Lu Khan
Player

Level: 17
Profession: Knight
Residence: Venore
Posts: 2

Re: Potential trojan file


Hi,

By launching today game i found out few problems with Client, just in short it tried to connect to few process inside my pc.

With that in mind i toss ziped file into VirusTotal scan, below I will add link screen from scaning.

https://freeimage.host/i/tibiantis.Hiv9cSS

The main reason lies within tibiantis.dll file (which if you don't want to zip all files, just throw this file in any online or installed antivirus)

*So with that in mind potential 12 files are found to be dengerous, I would like to see what administration have to say about this?

#2

03.07.2023 19:00:52

Kay
God

Level: 25
Profession: Elder Druid
Residence: Ab'Dendriel
Posts: 238

Re: Potential trojan file


The client does not connect to any outside processes nor does it scan your computer anyhow, please don't spread lies.

Those flags are merely false positive. It is nothing uncommon for applications without a signature of a large corporation. Especially given the fact that you are scanning it with 70 various AVs.

The thing that triggers most of those AVs is probably the auto-updater.

We generally notify those AVs about false positive, whenever players report it to us. But it usually takes time before they remove the flag, and it may still reappear after the update. Some of them also have poor support and do not reply at all.

Tibiantis has been online for over 3 years already. It is a legally registered company in Poland. Thousands of players have used this client before you. If you still assume that we may be running it to spread some alleged trojan, we cannot do anything about that. You have the right not to play.

#3

03.07.2023 19:24:59

Lu Khan
Player

Level: 17
Profession: Knight
Residence: Venore
Posts: 2

Re: Potential trojan file


First of all thanks for answering my post.

I dont want to spread any lies, was just war curious about status from AV, Client was not launching today proper to day before and that just caught my attention.

It might be the reason as you said auto-update could interfere with me trying to launch client.
However, there are tons of games (including OT servers) with autoupdate and non of which I know is alerted with flag in any of the existing AVs. But even that there was no information about update which happen recently.

Might be also your own private system that fights with bots/cheaters, but that not the case here.

Anyway thanks for replying to this post it cleared my thoughts.

Take care!

#4

03.07.2023 19:45:07

Kay
God

Level: 25
Profession: Elder Druid
Residence: Ab'Dendriel
Posts: 238

Re: Potential trojan file


Ok, I'm sorry for misjudging if it wasn't your intention to cause some fuss. But like I said, the client does not connect to anything on your computer, so it is false information.

There hasn't been any update recently. I was only guessing that it can be the code responsible for downloading new updates that triggers some of those AVs. That's by looking at your screenshot, where they describe the alleged threat as "trojan downloader". Trojan is generally a program that executes some code without the user's knowledge. So, they apparently assume that it downloads something without your knowledge and hence flag it as dangerous. In reality, you are aware that the client is updating, it never happens without notice.

But it is just my guessing, it could be the camplayer, or something else.

I really don't know why your AV didn't mind our client before, and suddenly it does, because nothing has changed. The files are still the same, you can check their hashes to confirm. Apparently, your AV changes its mind quickly.

If you tell us what that AV is, we can notify them about false positive and we will send them all the files for wider analysis. If they have a reliable support, they should remove that flag in some time. But it may reappear after the next update, because those hashes will change.

For now I can only recommend adding Tibiantis folder to exceptions.

© Copyright by Tibiantis Online 2020-2024. All rights reserved.


All times are CET (GMT+01:00). This page was generated at 22:00.