AVG is reporting virus in lotro64.exe file and stops loading

[Calding]

I have seen an increase in false positives myself in recent times. From the virus research perspective there are often new techniques that are being developed based on AI training that may account for this. It is always good to check something you suspect is a false positive with online scanners from different vendors as they all have slightly different algorithms. I also saw a mention of virustotal, which scans against many different vendors for you.

Honestly I would recommend that you try to figure out how to whitelist the executables or folders rather than pausing your active scanning component of your anti-virus unless you aren't searching the Internet or using other media/ad connected apps while it is paused.
It may be a bit of a hassle as you test it out and it keeps getting quarantined until the settings are correct but would be a much safer options. That being said, if you do add the exception you should likely make a note to take it out when their definition files are updated in case the worst should ever happen and a virus does manage to get into the updater repository some day.

But as I think more about it, I would also be curious if you see any improvements in play when it is whitelisted, it just made me think about testing this on my own system once the false positive is confirmed by those scanners that are currently detecting something. Some programs suffer more than others due to the overhead of a virus scanner because of their behaviour patterns.

[Clepto]

@SSG

~ Digitally sign the "lotroclient.exe" and "lotroclient64.exe", just as the LotroLauncher.exe has.

[Calding]

You folks do realize there's tons of people playing the game right now and there pc's are completely fine, it's clearly a false positive

Please understand I am in no way trying to single out the poster of this comment. I quoted it because it is a very common belief but not always the case.
Truth is, the more malicious of attackers go out of their way to ensure that you do not see any difference in how your computer behaves when infected.

I am also in no way saying that there is something malicious in this LOTRO release, other evidence that has been posted to the forum has been quite supportive that it is a false positive.

Let me share a story...
Years ago I cam across a key logging program on one of our corporate computers. I discovered it while diagnosing another issue, as the computer had been seemingly running fine. When I finally got the situation diagnosed I discovered a virus had been on the system for several months, sending logs of the keystrokes to an external site. Once we knew what we were looking for we found that it had spread to several computers across the organization. All of these computers were running antivirus from a company who, at the time was well established in the market, but that vendor did not detect this variant of the virus. In the end, the virus had been injected into a cute little Santa elf bowling game that people had been downloaded and then shared via USB. Lots of account passwords, both corporate and personal, had to be reset as a result.

The morale of the story: first of all, no one antivirus company is superior to all the others. Some do better in the testing, sometimes tests also favour one over the others, but you will often find they all catch some legitimate viruses that the others miss. So there is little room to judge anyone else's choice in anti-virus. Secondly, many viruses will sit in the background and hide until they get what they want. Usually trying to impact your computer experience as little as possible to remain undetected.

[Aegarond]

Remove the snakeoil like Avast, AVG and so on, use the Microsoft Defender and your problems will be gone.

[Wyndwyrdyr]

Also running AVG, went to menu>Quarantine>remove from quarantine and create exception and game now loading fine. thanks for pointers on here folks.

[Ben1973]

So the advice in this thread appears to be if your antivirus software gets in the way of you playing Lotro, just turn it off, because the fleshy thing sitting behind the keyboard is a better judge than the software that is supposedly fit for purpose?

Alternatively, use an anti-virus program that doesn't flag up an issue and call out the one's that do as "Snakeoil".

When did so many of us get so apathetic to our home computer security?

Whilst I appreciate that many people are probably playing Lotro right now, advising people, especially in this day and age, not to be cautious is at best a little reckless don't you think?

[Once_of_Bree]

Remove the snakeoil like Avast, AVG and so on, use the Microsoft Defender and your problems will be gone.

Couldn't agree more.

Why add junk like AVG and Avast to your systems its 2022 not 2002? Wonder if it's the same people who insist on running XP?

Plus defender is good enough for my fortune 500, billion dollar multinational employer, it's good enough for my home PC.

[homework19]

Avast quarantined this file. I reported it as a false positive and had to create an exemption and retore the file

[Oghran]

What's the status of this update?

Really a false positive or a real worm infected the update process?

Do you really expect someone on a forum to give a valid appraisal of a specific version of a file that lives on your device?

Again: get a second opinion, or a third or a forth. When you are convinced is is ok, add an exception. If not, don't use the game until this is sorted out.
In either case, report it to your AV app of choice as a possible false positive.

[Oghran]

You folks do realize there's tons of people playing the game right now and there pc's are completely fine, it's clearly a false positive

It might be for one case and be for real for the next.
That there are a ton of false positives does not mean your case is one as well.

Flawed logic. Better to check and double-check yourself.

[Lolorndinfey]

[QUOTE=Oghran;8139962]Do you really expect someone on a forum to give a valid appraisal of a specific version of a file that lives on your device?

Talking to the devs. I doubt any users here have the authority of SSG behind them. Sorry if you're not number one for expected reply.

[Lolorndinfey]

That literally means nothing except your anti virus doesn't have lotro on their list of good boys.

AVG reported worm. SSG looking into it.

Suspected file identified for SSG.

Nothing from a non-SSG entity for an official reply is... nothing.

[Laurelinarien]

I have seen an increase in false positives myself in recent times. From the virus research perspective there are often new techniques that are being developed based on AI training that may account for this. It is always good to check something you suspect is a false positive with online scanners from different vendors as they all have slightly different algorithms. I also saw a mention of virustotal, which scans against many different vendors for you.

Honestly I would recommend that you try to figure out how to whitelist the executables or folders rather than pausing your active scanning component of your anti-virus unless you aren't searching the Internet or using other media/ad connected apps while it is paused.
It may be a bit of a hassle as you test it out and it keeps getting quarantined until the settings are correct but would be a much safer options. That being said, if you do add the exception you should likely make a note to take it out when their definition files are updated in case the worst should ever happen and a virus does manage to get into the updater repository some day.

But as I think more about it, I would also be curious if you see any improvements in play when it is whitelisted, it just made me think about testing this on my own system once the false positive is confirmed by those scanners that are currently detecting something. Some programs suffer more than others due to the overhead of a virus scanner because of their behaviour patterns.

Agreed.. I only did the pause to test out what happened & indeed when I activated the behavior shield again, the game automatically shutdown.
Adding the exception is the only thing that lets you play.
Heck, my Quarantine even had a record of the very same IDP.Generic flagged from years 2021 and 2017 - both events occurring in May.

[Asileth]

I'm using AVG too. So if I move the file out of quarantine (restore? create exception? extract?) will the game launch just fine?

It worked for me! In order to get the option to create the exception, I did have to do a few more things (it wasn't popping up with the quarantine info and option to create exception at first.) See my post above. Good luck!

[Blato]

AVG reported worm. SSG looking into it.

Suspected file identified for SSG.

Nothing from a non-SSG entity for an official reply is... nothing.

What AVG reported is a file they don't trust and their improper label apparently really confuses you.
Cordovans reply suggests the label is improper and misplaced.

What i gave is my third-party/outside impression as a software engineer, you can deny me, the SSG reply or even a basic google research, but that doesn't make it false.