Win32/Mkar virus

Discussion in 'malware problems & news' started by Stephan123, Feb 19, 2005.

Thread Status:
Not open for further replies.
  1. Stephan123

    Stephan123 Registered Member

    Joined:
    May 15, 2004
    Posts:
    135
    Location:
    The netherlands
    Hello

    I was scanning with my backup av (avg) and he found 2 files with the Win32/Mkaar virus

    AVG has found it in

    C:\Program Files\EA games\Catwoman\Support\Catwoman_EZ.exe
    C:\Program Files\EA games\Harry Potter en de gevangene van Azkaban\Support\Harry Potter and the prisoner of Azkaban_EZ.exe

    Is this i false postive

    He deleted the 2 files :'(
     
  2. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    This is not a false positive, the virus exists. Couldn't find any description though. Its a low risk virus which means its nothing much to worry about.
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  4. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Why should EA Games be infected with Mkar? There should have been many more such infected files too right?
     
  5. Stephan123

    Stephan123 Registered Member

    Joined:
    May 15, 2004
    Posts:
    135
    Location:
    The netherlands
    no

    I got it today that virus with the new virus signature.
     
  6. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Do you mean that the virus was detected only today, after you downloaded today's update?
     
  7. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    He was only using AVG as a backup, so perhaps the resident AV dealt with the rest??
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Possibly. Maybe he can shed some light.
     
  9. Stephan123

    Stephan123 Registered Member

    Joined:
    May 15, 2004
    Posts:
    135
    Location:
    The netherlands
    yes i have that stupid virus after the virus update of yesterday
     
  10. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    So did you check the Sophos description? What'd you get?

    P.S. :- Whats your resident AV?
     
  11. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Unfortunately there are several variants of this thing and each AV company has its own nomenclature; it could be that this is the latest variant that AVG is finding as W32/Mkar.K. Perhaps Stephan could provide a little more info?
     
  12. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
  13. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    TopperID and Stephan123,

    I have confirmed that the name of this virus is Mkar.K and mikel108 is experiencing the same except that he has it in Need for Speed_EZ.exe

    All the EA games system information tool files are being detected with Mkar.K by AVG, it seems obvious its a false positive, because mike checked with Jotti's and said that only AVG is detecting that exe file.
     
  14. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    Stephen123

    Scan the file at Jottis and you will see that only AVG will pick it up. I have AVG Pro and have contacted support. I would suggest to just leave the file in the Virus Vault for now. Otherwise it will just keep picking it up. Your game will still play well.
     
  15. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Wow! Thanks for that thread Firecat and Mike; I had missed it, but it completely answers the question!
     
  16. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    You're welcome! :)
     
  17. wombat

    wombat Registered Member

    Joined:
    Feb 23, 2005
    Posts:
    4
    Hi all, I was so relieved to find this site last night. I got the same thing in my daughter's Harry Potter, Prisoner of Azkaban game, using AVG.

    Only I'm not very knowledgable with computers, but I'm learning. Anyway, I was desperate to get rid of said virus, so I decided in the end to uninstall the game. I now cannot install it again. It gets to the _EZ.exe file and says unable to copy file, thats with AVG turned off while installing. (I've unintalled AVG too now after reading mike108's thread about it.).

    I guess I might be too hasty deleting things from my system before thinking?

    Can anyone help?? Hope I havn't ruined the game now.

    Ta in advance
     
  18. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    You've got yourself into a pickle here! The best solution would probably be to use system restore to go back to a point when all was OK.

    If you delete a file with your AV it will usually keep a copy in Backup/Quarantine, with most AVs you can access this through the GUI and restore the file easily; with others you need to go into program files and hunt out the backup folder. But if you have uninstalled the AV you probably would have lost the backups then anyway! (I'm assuming you used AVG to delete the file).

    If it is possible to download a fresh copy of the game, then that would be another solution.
     
  19. wombat

    wombat Registered Member

    Joined:
    Feb 23, 2005
    Posts:
    4
    Thanks for your reply topper.

    Oh dear. Yes I did use AVG to delete the file, so can that acctually delete the file from the CD-ROM, making it then unusable?

    Sorry to sound thick!

    Maybe I should try EA Games support for help replacing it, don't want to fork out another 20 quid unless I have to.
     
  20. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I meant deleting from the hard drive rather than the CD-ROM! If you've got the CD you should be able to reinstall from that. Probably you have a conflict with bits of the program still on your HD. Have you tried fully unintalling the game (using Start/Control Panel/Add-Remove Progs) then doing a reboot, before attempting to reinstall from the CD?
     
  21. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Maybe wormbat should try removing the reg entries?
     
  22. wombat

    wombat Registered Member

    Joined:
    Feb 23, 2005
    Posts:
    4
    Yay! :D :D

    Thanks so much.

    I found some files that hadn't been deleted, got rid of them and now the game has installed ok.

    Thanks very much for your help
     
Loading...
Thread Status:
Not open for further replies.