Downloadable Game - False Positive??

Discussion in 'ESET Smart Security' started by Ryan Hayward, Feb 8, 2012.

Thread Status:
Not open for further replies.
  1. Ryan Hayward

    Ryan Hayward Registered Member

    Jul 29, 2005
    Some time ago I bought & downloaded a remake of a classic Commodore 64 game called Armalyte. Recently, I installed Eset Smart Security and it is telling me this is a potentially bad application.

    G:\ » ZIP » Armalyte_Setup.exe » INNO » file0000.bin - a variant of Win32/Packed.MoleboxUltra potentially unwanted application

    My previous two security suites ( Norton & Kaspersky ) have both given this game the all clear but do you think I should delete it anyway just to be safe?
  2. dwomack

    dwomack Eset Staff Account

    Mar 2, 2011
    What Windows O/S and what version of Smart Security are you currently running on that computer?

    Just based on experience, I am always very wary of emulators and games downloaded for them. That said, if you know it's a trusted file and clean, you can disable/enable detection of PUA with the following KB Article:

    If you're using Smart Security 4.x, the link to the article for that version is at the bottom of the page.
  3. agoretsky

    agoretsky Eset Staff Account

    Apr 4, 2006

    Just as a follow-up to DWomack's excellent response, this is probably not a false positive alarm. The game developer probably used the MoleBox Virtualization Solution software as way to encrypt/obfuscate their code. Some game manufacturers do this in order to make it more difficult to pirate, reverse engineer or write cheats for their games, as noted in this message thread from a couple of weeks ago.

    I did a quick look to see if I find the developer of the game and download an evaluation copy to see if I could reproduce the issue, but could not identify the developer amongst all the messages talking about the original version of the game. If you can point me in the direction of the author's web site, we may be able to investigate this further.

    If you think this is, in fact, a false positive alarm on ESET's part, please submit a copy of the file(s) in question generating the report to ESET's virus lab, per the instructions in ESET Knowledgebase Article #141, "How do I submit a virus, website or potential false positive sample to ESET's lab?."


    Aryeh Goretsky
Thread Status:
Not open for further replies.