Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Virus Detection TR/Dropper.MSIL.avjdt in Hearthranger_init_Helper.exe
logan235
#1 Posted : Monday, November 20, 2017 6:40:51 AM(UTC)
Rank: Member

Groups: Registered
Posts: 10

Was thanked: 1 time(s) in 1 post(s)
I've been running HR for a couple of years now without any virus/malware problems. However, just this morning my anti-virus software detected and quarantined a TR/Dropper.MSIL.avjdt from the Hearthranger_init_Helper.exe program. TR/Dropper.MSI's are defined as a family of trojan horses that seek to spy out data, violate privacy, or perform unwanted modifications to the system. My anti-virus software was automatically updated about 1/2 hour before the above notification, so maybe it's a new false positive. Regardless, I want to bring this up just in case.

1 user thanked logan235 for this useful post.
MELO on 11/28/2017(UTC)
Bazocatanga
#2 Posted : Monday, November 20, 2017 8:30:09 AM(UTC)
Rank: Member

Groups: Registered
Posts: 16

Thanks: 11 times
me too.

My anti-virus software is Avira
Nufi
#3 Posted : Monday, November 20, 2017 2:38:04 PM(UTC)
Rank: Newbie

Groups: Registered
Posts: 1

i have the same problem and cos' of it HR doesn't work so fix it pls; turning off antivirus and re-downloading HR doesn't work; there is a problem with the current version of HR; u can't open hr helper exe or sg

Yesterday it was working fine

HR is buggy
VeilAers
#4 Posted : Monday, November 20, 2017 2:57:09 PM(UTC)
VeilAers


Rank: Advanced Member

Groups: Registered
Posts: 57
Woman
Location: Puget Sound

Thanks: 7 times
Was thanked: 16 time(s) in 12 post(s)
logan235;52661 wrote:
I've been running HR for a couple of years now without any virus/malware problems. However, just this morning my anti-virus software detected and quarantined a TR/Dropper.MSIL.avjdt from the Hearthranger_init_Helper.exe program. TR/Dropper.MSI's are defined as a family of trojan horses that seek to spy out data, violate privacy, or perform unwanted modifications to the system. My anti-virus software was automatically updated about 1/2 hour before the above notification, so maybe it's a new false positive. Regardless, I want to bring this up just in case.


I bet the part I highlighted is the reason it got flagged. One of Helper's functions is to remove the "downloaded from the internet" security warning from all Hearthranger files. That is not normal behavior for most apps and likely triggered this. You'd want to as Hearthranger to your exception list anyway, so I'd suggest doing that.

Nufi;52666 wrote:
i have the same problem and cos' of it HR doesn't work so fix it pls; turning off antivirus and re-downloading HR doesn't work; there is a problem with the current version of HR; u can't open hr helper exe or sg

Yesterday it was working fine

HR is buggy


See above. Not sure why your first instinct is to blame a program that didn't update.
2 users thanked VeilAers for this useful post.
botpowers on 11/21/2017(UTC), MyrieleNighteye on 11/29/2017(UTC)
botpowers
#8 Posted : Tuesday, November 21, 2017 6:03:15 AM(UTC)
Rank: Newbie

Groups: Registered
Posts: 4
Man

Thanks: 7 times
Was thanked: 3 time(s) in 1 post(s)
Same here, Avira detected an HR file as a virus and quarantined it. I have restored it and added it to the list of exceptions, but the updater still does not work.
MyrieleNighteye
#5 Posted : Tuesday, November 28, 2017 1:51:09 PM(UTC)
Rank: Newbie

Groups: Registered
Posts: 3

Thanks: 1 times
Was thanked: 1 time(s) in 1 post(s)
VeilAers;52667 wrote:
I bet the part I highlighted is the reason it got flagged. One of Helper's functions is to remove the "downloaded from the internet" security warning from all Hearthranger files. That is not normal behavior for most apps and likely triggered this. You'd want to as Hearthranger to your exception list anyway, so I'd suggest doing that.


This points me to what I searched for. Sounds familar. My Hearthranger works after an update, Hearthranger_init_helper.exe where instantly removed by Avira, but Bot is running fine (Only get one message about missing admin rights).

So my question: Is the init helper used for something else than that remove security warning thing?
1 user thanked MyrieleNighteye for this useful post.
MELO on 11/28/2017(UTC)
Saegle
#9 Posted : Wednesday, November 29, 2017 11:53:33 PM(UTC)

Rank: Advanced Member

Groups: Registered
Posts: 36

Thanks: 6 times
Was thanked: 7 time(s) in 7 post(s)
I wanna report an ABNORMAL bandwidth usage. While monitoring, I noticed the process can go higher than 1mbps, which saturates my connection. There is definitively something weird.

EDIT : time to sleep now, but I'll upload some picture displaying usage. Even stopped, this is frightening.
JoyAdmin
#10 Posted : Thursday, November 30, 2017 6:24:28 AM(UTC)
Rank: Administration

Groups: Administrators
Posts: 4,910

Thanks: 809 times
Was thanked: 4563 time(s) in 1656 post(s)
Saegle;52799 wrote:
I wanna report an ABNORMAL bandwidth usage. While monitoring, I noticed the process can go higher than 1mbps, which saturates my connection. There is definitively something weird.

EDIT : time to sleep now, but I'll upload some picture displaying usage. Even stopped, this is frightening.


It's normal if your HR client is newly installed.

HR will download all card images after first run, the total image cache size is about 400 Mb.

You can check [card_image] directory to know the progress.

MyrieleNighteye
#6 Posted : Thursday, November 30, 2017 1:22:59 PM(UTC)
Rank: Newbie

Groups: Registered
Posts: 3

Thanks: 1 times
Was thanked: 1 time(s) in 1 post(s)
MyrieleNighteye;52772 wrote:
So my question: Is the init helper used for something else than that remove security warning thing?

@JoyAdmin: Did you see my question too?
Saegle
#11 Posted : Thursday, November 30, 2017 1:43:41 PM(UTC)

Rank: Advanced Member

Groups: Registered
Posts: 36

Thanks: 6 times
Was thanked: 7 time(s) in 7 post(s)
JoyAdmin;52801 wrote:
It's normal if your HR client is newly installed.

HR will download all card images after first run, the total image cache size is about 400 Mb.

You can check [card_image] directory to know the progress.



Newly installed, no. Freshly updated, yes / maybe. I'll check again tonight and usage was different when bot was stopped. Could be it, tho even if it lasted for a pretty long time. Anyway thanks for answering !
Saegle
#12 Posted : Thursday, November 30, 2017 9:52:37 PM(UTC)

Rank: Advanced Member

Groups: Registered
Posts: 36

Thanks: 6 times
Was thanked: 7 time(s) in 7 post(s)
Might not be the appropriate thread, but since I first told about it here I keep going... (please move to a separate thread if needed)

http://i64.tinypic.com/i69so7.png

Columns after process names are DL and UL rates.
HR's download rate is high and so is HS upload.

If I pause the bot but keep HR running, I got like 300 kbps usage for both : http://i65.tinypic.com/294j7s6.png
If I play HS in a regular way, a few bytes : http://i66.tinypic.com/2h4xhzt.png (doesn't display it, but it sends some stuff)

Point of these screenshots is that I'm using ~700 kbps to watch some stream. If I keep running HR, it can use more and prevent me from using my inet. Any idea ?
Saegle
#7 Posted : Thursday, November 30, 2017 10:10:06 PM(UTC)

Rank: Advanced Member

Groups: Registered
Posts: 36

Thanks: 6 times
Was thanked: 7 time(s) in 7 post(s)
MyrieleNighteye;52806 wrote:
@JoyAdmin: Did you see my question too?


Don't if JoyAdmin is gonna admit, but this is pretty much a bootstrap to set up HR and if some DLL's assemblies aren't fully trusted by your OS, it could block them.
botwhat
#13 Posted : Friday, December 1, 2017 12:58:15 PM(UTC)
botwhat


Rank: Advanced Member

Groups: Registered
Posts: 162

Thanks: 15 times
Was thanked: 225 time(s) in 58 post(s)
Hey all I'm a network security engineer. I play with viruses for a living and have a $50k firewall installed here at my house because I work for a manufacturer. We have very high efficacy rating and my firewalls and 10x more efficient than endpoint security software. I have not had any gateway antivirus hits on this software. I'm doing SSL inspection and I did have to create an exclusion for a url of notepc that is being used for SSL connection. So there is a pinned cert in the connection state being used. I imagine it has something to do with the licensing backend and what not. I'm also able to get my hands on almost every type of end point antivirus software and I check these types of programs fairly religiously since my business is malware protection and I have a lot of live malware in my lab. I imagine you are getting some type of false positive based on the update that you have had. I've seen false positives pop up for all kinds of files from java to packed exe files in linux iso etc. Considering the amount of security gear sitting here at my house and no hits on this product. Either this is one of the most advanced malware programs ever or you have a false positive.
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF | YAF © 2003-2011, Yet Another Forum.NET
This page was generated in 0.148 seconds.