URGENT: Something is HORRIBLY WRONG !!! PT4 infection

[kingrax]

Hello. I am a regular (DAILY 2000-3000h) PT4 user....before that I used PT3 and I have an OFFICIAL BOUGHT LICENCE w everything

I suspected some computer viral activity since one of my flash disks popped up an infection when borrowed to a friend.
ASAP I got an anti-malware TOP CLASS software (wont name it here unless you want for further investigations !!!!)

This software detected a couple of threat in my PC but what scared me the most is an infection in:

C:\Program Files\PokerTracke 4\Data\Bin\StarsCommunicator.pt4


THE INFECTION IF CAUSED BY : Trojan.Win32.Spy!E2

THIS IS EXTREMELY SERIOUS !!!! SINCE I DO NOT KNOW IF THIS COMPROMISES MY ACCOUNT SECURITY/HH/PC whatever you get my point here ...having a trojan in a poker analysis software is JUST OUT OF BOUNDS....



1.) I am NOT !!!! blaming PT4 for this ...but I think you should really check this out ...
to find out wtf is this infection
wtf damage it does
and howtf did it get in my PT4 PS file
(i have to specify i play 99% of my poker on PS)

2.) I need a solution/reassurance of PERFECT SECURITY regarding this AND I NEED TO KNOW ASAP what damage it might have done ...leaked HH's or WTF ?

3.) This is the first and only place i posted this so far ...If I dont get as much info as possible in 24h I am making this public ON ALL POKER FORUMS (bad for marketing) SINCE THIS MOMENT 8:40 GMT +1 5.5.2012 .... at the same time on 6.5.2012 this goes public if not explained

I am sorry if this sounds so harsh ..I love PT4 and it helps me a lot ..but Im scared shitless because this is the FIRST and only POKER RELATED SOFTWARE INFECTION I EVER SEE IN MY or ANOTHER PC

And we are talking about poker accounts here ...which have money on them ...lots of money !!!!

Thank you a lot.

With respect. V.

[kingrax]

FINAL STATUS 5 INFECTIONS !!!

[WhiteRider]

That is the file which is used to communicate with the PokerStars application to retrieve information about Zoom tables. It behaves in a similar way to some viruses, as it needs to interact closely with the PokerStars application, which means that it can be detected as a threat by some AV software.

We submit PokerTracker to antivirus companies, but it can sometimes take a while for their definitions to be updated.
Please feel free to submit the file to your AV company for testing.

As long as you downloaded PT4 from this website then this is a false-positive which can safely be ignored.

[kingrax]

are you sure sure ? because if this is the case i have no problem at all whatsoever to just ignore the error ...but I would like to know that I am not the only one having this problem. If more people reported this error its fine with me.

Currently i am working on installing the exact same versions of PT4 and antimalware on different pc's ...including a pretty clean one ...
I will update with the post with the result

but you say its used for zoom ...well how about Tiltcommunicator.pt3 <--- PT 3 ??? which is also contained in PT-install-v4.01.11.exe

The thing is that this program (i dont want to name it publicly unless you accept this) HAS NOT DISCOVERED A SINGLE FALSE POSITIVE SO FAR in 4 PC's i scanned
and ALL its detections so far seem to be threats ...
What im trying to say this was the only "threat" specifically related to a piece of software that is legit/untempered/uncracked and that i actually installed and use.

All the other threats were real bad ones like w9c.exe and HKEY's and restore files with long creepy number sequences and so ...and things that are almost impossible to find by target manually in my PC
And among those...this and a couple of keygens (for other soft) were the only threats connected to REAL software/files in my PC ...

I am only creeped out because I guess you can imagine what would happen if someone got access to my personal DB with 1 mil played hands...I could delete all my poker accounts because the person/group would have DEAD ON accurate stats on my gameplay with all past known hands played including mucked ones !


PLEASE FEEL FREE TO DELETE MY OTHER IDENTICAL THREAD IN THE REQUEST FORUM (no need for others to get creeped out by this which is maybe as you say harmless ...I just wanted to get your attention quickly because I am afraid to play on my pc/accounts until I am 100 % sure whats happening ...and thats unhappy ((

[kingrax]

FINAL UPDATE:

I installed PT4 on two different computers. I downloaded the latest version from your website.
On those two computers I also installed my anti-malware software
I ran the software and guess what...no false positive on any of those PC's ...no positive or any alert of any kind.

However on my main PC ...StarsCommunicator.pt4 IS STILL FLAGGED WITH @ Trojan.Win32.Spy!E2 and with a HIGH RISK alert !

So ..this DEFINITELY CONFIRMS (imo) that THIS FILE HAS BEEN COMPROMISED and we are not talking about a false positive but about a security breach. (false positives don't show up only in 1 out of 3 cases) ...especially since this PC showed 5 different positives while the two other computers showed NONE AT ALL

I did my job ...as a beta tester and alerted you about this issue ..It is up to you to do or not do something with this issue
(however this is a HUGE issue imo ....poker players must have 100% certainty regarding sw security ....even if the sw is perfect, if there is at least a 1% risk of security failure ...well you can imagine ...)

Right now I only want 1 thing .... Is it possible to just manually copy/paste StarsCommunicator.pt4 from another pc where I have a nonbreached version of PT 4 ? or will this mess up all my settings/access and communication to PS ???
Will I have to make some settings again after such an operation ?

[kingrax]

NEW UPDATE ....

I decided not to trust only one antimalware prog and decided to go for a second opinion ...
This time I will name it because this one is freaking famous and reliable.

BitD 2012 NON CRACKED OFFICIAL TRIAL ALSO DETECTED THE THREATS ...and guess what...ONLY ON THIS PC
again ...i installed BitD on ALL the 3 computers (the main PC + the 2 test ones)
and again only on the main PC it showed the following info :



(I only scanned the installed folder of PT4 + the system root and not the whole HDD ...hence why I got only 2 threats related to the communication files (if I scan the whole HDD on this PC i will get 5 issues including those seen in the instalation kits of older versions.)

So I think its time we both agree that this is definitely not a false positive ((
I am willing to cooperate at FULL EXTENT and am willing to grant remote access if needed to my pc via Teamviewer etc

I also wanted to upload the infected files ..but guess what ...bitdef DELETED them without even asking OR GIVING A CHANCE TO REFUSE THIS ...it only does this with the worst threats ..while on most positives it asks for permission ...right now I dl recuva to recover the deleted files ...if i manage to do so I will upload them online ASAP for detailed inspection and analysis.

ANYONE ELSE GOT A TROJAN POSITIVE ON StarsCommunicator.pt4 and TiltCommunicator.pt3 ?????

[kingrax]

http://i48.tinypic.com/10xy342.jpg

http://tinypic.com/r/10xy342/6

http://i48.tinypic.com/10xy342.jpg

(same one on all 3links)
HIGH RES BITD SCAN

[rodozmianep]

This is probably just a case of false positive, happens a lot with antiviruses, they detect a file as a trojan/keylogger, just because of the way it is written.
The file may be completely harmless, but the antivirus will detect it as infected. Same thing happened to me with some other online casinos that i used to play

[kingrax]

still no trace of the deleted files so I found the INFECTED KIT of PT4 that bitD didnt touch yet since i manually overwrote an exception

I am uploading it here for you to download and investigate.

http://uploading.com/files/a6f8481c/PT- ... 01.11.exe/

PT-Install-v4.01.11.exe - 39.9 MB

BTW I guess PT4 wont work now that StarsCommunicator.pt4 has been deleted

[kingrax]

FFS A FALSE POSITIVE GIVES THE USER A CHANCE TO REFUSE FILE DELETION !!!! NO AV SOFTWARE WHICH IS AT LEAST A LITTLE RESPECTABLE WILL EVER AUTODELETE FALSE POSITIVES WITHOUT GIVING ME A CHANCE TO DECIDE THIS ...

and I just posted a sh!!!tload of proof this aint a false positive