my virus detection software keeps detecting a virus when i try to use the launcher it keeps saying that this Trojan:Win32/Bearfoos.A!ml is in the launcher/game and wont launch the game
Trojan ???
Started 22 Mar 2019
by
Ranndd
Fri 22 Mar 2019 5:07 PM
by
Luriella
Same on me, after last reboot i got the message bearfoss trajan has been detected in Phoenix.exe.
After reinstall from backup same story, patch is running and the virus detection stops programm.
After reinstall from backup same story, patch is running and the virus detection stops programm.
Fri 22 Mar 2019 6:21 PM
by
barabba
Idem here. Cant play 
Fri 22 Mar 2019 7:11 PM
by
Cirinna
same issue now
Fri 22 Mar 2019 7:37 PM
by
Zendros
I have Phoenix installed on two computers (my main one won't run raids!) and both initially had the Trojan problem. After several attempts with fresh Phoenix downloads, my main computer started working (fingers crossed). My old computer, Windows 10 OS, still has the problem. I got around the problem on my old computer with a potentially bad solution. I excluded the DAOC folder from Windows Defender. I am not recommending this as a solution!!! Just sayin'. Google 'excluding files from Windows Defender' for how to.
Windows Defender deletes Phoenix.exe so you need to re-download, extract Phoenix files to DAOC folder, and over-write existing files. Again, I am not a tech geek and have no idea about the consequences of doing any of this.
Windows Defender deletes Phoenix.exe so you need to re-download, extract Phoenix files to DAOC folder, and over-write existing files. Again, I am not a tech geek and have no idea about the consequences of doing any of this.
Fri 22 Mar 2019 9:11 PM
by
Gothos
Same issue here.. I'm not sure why the Phoenix server admins would have rolled a trojan into their main launcher .exe file, but it's troubling to say the least. I'm reluctant to disable antivirus or exclude Phoenix.exe when its a known Trojan that MS' definition file recognizes as malicious..
An explanation from the Phoenix staff would be nice..
Waiting to hear back.
An explanation from the Phoenix staff would be nice..
Waiting to hear back.
Fri 22 Mar 2019 9:15 PM
by
chryso
I think the most likely answer is:
https://www.dictionary.com/browse/false-positive
https://www.dictionary.com/browse/false-positive
Fri 22 Mar 2019 9:27 PM
by
Gothos
Rather than just assume it's a false positive, it would be nice if someone from the Phoenix staff could address the issue rather than just hope that it's a false positive. The Phoenix launcher obviously does a hardware check every time you log in, which is how they're able to identify if you're logging in from a different computer than your last session, which triggers the required email verification.
From what I've read about Bearfoos.a!ml, it's a pretty capable Trojan that can be instructed to do all sorts of nefarious things.. So again, would be nice to have some direct feedback from Phoenix so to allay any concerns.
From what I've read about Bearfoos.a!ml, it's a pretty capable Trojan that can be instructed to do all sorts of nefarious things.. So again, would be nice to have some direct feedback from Phoenix so to allay any concerns.
Fri 22 Mar 2019 10:18 PM
by
gruenesschaf
gruenesschaf
While it is a false positive, not really sure how the source of some file saying it's a false positive would be reassuring? The main reason for those is the trust penalty on unsigned binaries and we will not support the pay for play binary certification process or make something insane like ask people to install a root certificate to have a self signed one.
This here is what virustotal reports:
https://www.virustotal.com/gui/file/ca99ec6452f205fad5439e722fbe63de8094b0bd4e14249e7ad9e27978d7b6a1/detection
This here is what virustotal reports:
https://www.virustotal.com/gui/file/ca99ec6452f205fad5439e722fbe63de8094b0bd4e14249e7ad9e27978d7b6a1/detection
Fri 22 Mar 2019 10:39 PM
by
Gothos
It'd be reassuring because it would be a statement from the devs of this game, whose unsigned executable we're all running, that they have no malicious intent. Then people could reasonably be expected to either trust that statement or not.
An outstanding response would include an explanation as to why the code in question is triggering that false positive, or your best guess as to why it's happening.
For the record, I plan to continue playing, but I could see a lot of users not being comfortable excluding the launcher from Windows Defender or not knowing how and it affecting the active population.
An outstanding response would include an explanation as to why the code in question is triggering that false positive, or your best guess as to why it's happening.
For the record, I plan to continue playing, but I could see a lot of users not being comfortable excluding the launcher from Windows Defender or not knowing how and it affecting the active population.
Sat 23 Mar 2019 3:53 AM
by
gruenesschaf
gruenesschaf
https://www.microsoft.com/en-us/wdsi/submission/fcc43176-21f1-4574-a4e6-4582e9dac18e
Mon 25 Mar 2019 4:08 PM
by
chryso
The thing I find unusual about this is that we are all intentionally installing executable files from the dev team. Honestly, they could put anything they want in the executables. The idea that they would put a virus inside of something that we willingly install seems kind of silly.
This topic is locked and you can't reply.
Return to Support Center or the latest topics