I just happened to decide to turn on ezAntivirus, which I've had turned off for a month or so and this is what it came up with just after rebooting the computer:

eTrust ezAntivirus

Filename: lb2cfg.exe
Location: C:\Program Files\Janes\LBA\Longbow2\
Date and Time: 3/27/2006 15:50.50Pm
Infection: Win32/CIH/remnants*2
Type: File
Status: Cleaned
Engine Version: 12.4.1
Signature: 2136
Scanner Type: Real-time

It didn't ask me if I wanted to clean it, but rather simply did it. Is it a virus, or what? Wonder if it has something to do with the multiple keypress and control lockup thing.

I did a full scan, and the LB2crack209.zip, the resulting no-CD executable, as well as the copy of the original 209 executable it replaced are showing up as infected with CIHremnants (Chernobyl). I wonder if it's the 2.09 patch that everyone's been using, including whoever made the no-CD.exe, or maybe it's in LB2 even unpatched. It's definitely not just Anthology, though.

Could it have anything to do with the fact that LB2 is a Win32 program?

Isn't there also a possibility that the files were just infected by some other program?

Like what? I read that CIH can't move around in XP, like it could in 95/98. So it would make more sense that it's already there to begin with. I just reinstalled my entire system like a month ago and no other program is infected. And didn't the 2.09 patch come about at around that time of 1999 when CIH was doing its thing all over the world? The no-CD exe.zip itself is infected, not to mention the original patched exe that it replaced in the LB2 folder. So it's either the 2.09 patch that we've all been using or LB2 even pre-patch. Right? If I download the no-CD exe.zip and scan it I bet the same thing would show up. The ezAntivirus obviously couldn't clean it since it was still zipped on my desktop, but it cleaned everything in the LB2 folder...including the cfg and original 2.09 exe.

Yep...

The no-cd zip itself even shows infection.

Interesting. I never got a sniff from AVG or F-Prot antivirus on this. Maybe somehow the source you downloaded them from infected them?

I guess we could send you our 'good' copies and see if ezAntivirus still flags it. I suspect false positive, but you can't be too careful.

Recluse

http://www.speichts.com/games/lb2/Lb2crack209.zip

Try scanning this one and see what it says. Could be a false positive if there's some Win32 code in the LB2.exe and cfg.exe that resembles Chernobyl.

I just ran Norton AV on this download and it came out clean. Thats with brand new Norton and updated files.

Nothing personal Reticuli.

It's a false positive from an inferior AV product. PERIOD.

My files are Virus free. Email your AV company and tell them to fix their buggy software.

Honestly, this question gets Emailed to me about once a year, the last time it was a weird German AV product that reported it.

Again, these files are Virus FREE!


McAfee reports it's clean.
AVG reports it clean.
AVast reports it clean.
Norton reports it clean.
yadda yadda yadda.

I've never used the antivirus program that you're mentioning Reticuli but Norton and AVG are both showing all files as clean. Have you scanned the files with any other antivirus scanners? I'm using the files from +G's site and I haven't had any alerts pop up in the last 5 or 6 scans I've performed.

Well the weird german AV Soft... that must have been me Its AntiVir ... i just disabled checking my Longbowfolder, so everything is easypeasy now.

I have Avast Anti-Virus but it never seemed to mind Longbow Anthology.

Hi,

To read...



OFF

Guys, I use Avast - changed a while ago to it. Running LB2 recently isolated the same virus in the exe. Had to reinstall with AV turned off. Confirmed by doing it twice. Same report as Reticuli's original.

Avast is detecting it as infected. They've been told, but appear to not care. You can add it to your exceptions list in Avast.

Thanks, +G - will do.

Not that it's incredibly critical, but I wonder why various AV programs are picking up this same signature?