Big problem - Trojan horse found in wrapper.dll - Printable Version
+- All-Aircraft-Simulations (https://allaircraftsimulations.com)
+-- Forum: Help Desk (https://allaircraftsimulations.com/forumdisplay.php?fid=270)
+--- Forum: IL2 Technical Help (https://allaircraftsimulations.com/forumdisplay.php?fid=304)
+--- Thread: Big problem - Trojan horse found in wrapper.dll (/showthread.php?tid=66871)
+- All-Aircraft-Simulations (https://allaircraftsimulations.com)
+-- Forum: Help Desk (https://allaircraftsimulations.com/forumdisplay.php?fid=270)
+--- Forum: IL2 Technical Help (https://allaircraftsimulations.com/forumdisplay.php?fid=304)
+--- Thread: Big problem - Trojan horse found in wrapper.dll (/showthread.php?tid=66871)
Pages:
1
2
Big problem - Trojan horse found in wrapper.dll - Plantoid 1 - 02.12.2009
Hi all:
Big problems here. I went and started the game just now and a sign popped up from Avast! that said a Trojan Horse was found in file wrapper.dll. It recommended removing the file which I didn't do. I chose the "No action" option. The game then proceeded to load but the original 4.08b1m screen, in Russian, appeared and the entire game was then in Russian.
Ok, I says to myself, I have a backup here. Let's first just remove the wrapper.dll file and replace it with the one from the backup version. I immediately get the "Trojan Horse found" sign again. This time I choose to delete the file which did, of course, delete the wrapper.dll file.
I then decided to run this other copy and the damn "Trojan Horse found" sign comes up!
I then start to copy a version I have on another drive to my desktop and the damn Trojan Horse sign pops up during the trnasfer.
Wait - another sign has just come during the transfer. It says
"A Trojan Horse Was Found" - the sign that's been coming up all along.
File name: "E:\IL2\IL2 Stuff\Versions\IL-2 Sturmovik 1946 - Copy\UNINSTALL\replace.exe"
Malware name: "Win32:Delf-MZG [Trj"
Oh, damn.... There's been a bunch messages coming up about files that have been infected. I've got this awful sinking feeling I've just lost over two years of IL2!
Can anybody out there shed some light?
Not such Great days...
- =RAF=darky1 - 02.12.2009
Me too Plantoid i have just fired up both my game with all MODS and my back up and my system warns of a TROJAN.
And both my untouched games come up in Russian
File name: C:\IL2\wrapper.dll
Malware name: Win32
elf-MZG [Trj]Malware type: Trojan Horse
VPS version 091203-0, 03/12/2009
THE THING IS I HAVNT ADDED ANYTHING FOR A WHILE NOW AND THE LAST TIME I PLAYED WAS ALL OK
- Cage - 02.12.2009
I would contact Avast to verify the detections are not just false detections. I had the same problem with avast with some of the aircraft I downloaded. I rechecked the files with Avir which said they were ok. I believe they have a place on their web site where you can send copys to be inspected. Check it out.
- =RAF=darky1 - 02.12.2009
Dont hold your breaths brothers i think something has been lurking because of this aswell
And both my untouched games come up in Russian
- Guest - 02.12.2009
=RAF=darky1 Wrote:Dont hold your breaths brothers i think something has been lurking because of this aswell
And both my untouched games come up in Russian
I'm scared!
hock: 
I downlaoded a wrapper like a couple of months ago and tossed it, will this do anything?
hock:
- Salmo - 02.12.2009
The first thing to do, is NOT panic
A simple google search suggests that Avast is prone to reporting false trojan positives http://www.google.com.au/search?sourcei ... Delf%2DMZG Check with Avast themselves or run a different virus scanner over your system.You should also note that the game GUI appearing in Russian is a commonly reported issue when mods are installed and may not be related to a virus. Check if your game folder has a sub-folder called "users", a missing users folder can cause the Russian text.
- =RAF=darky1 - 02.12.2009
Thanks Salmo for the calming down but Plantoid and myself both stated we had backup games a nice clean install that i presume Plantoid uses to reinstall his modded version like myself and they are also infected without adding anything to it.
Is that correct Plantoid ?
- Strafe - 02.12.2009
Darn it. Same here, and with Freetrack.exe too.
I can't fly IL2 with mods and freetrack too.
EDITED:
So Teamspeak too now
- Plantoid 1 - 02.12.2009
Hi all:
Have any of you dl'd the Stinson L-5 Sentinel and/or the GilB47 4seasons-for-CanonUK-cHANNEL-map?
I dl'd these but haven't installed them yet. In fact, I haven't installed anything since the day before yesterday.
Not so Great days...
- =RAF=darky1 - 02.12.2009
Sorry to hear that Strafe i think this will be a big bad one !.
- =RAF=darky1 - 02.12.2009
Nope i have not installed Stinson L-5 Sentinel and/or the GilB47 4seasons-for-CanonUK-cHANNEL-map .
But i cant work out why my master copy the one i use as a back up that i have had for at least a year and will never put any mod on it.
Its my insurance, well was, has suffered ?????
- Strafe - 02.12.2009
Guess the problem is with Avast. I didn't download anything. I was flying on Spits vs 109 Mod, stop to get some snack and when I start my pc again I got that scared message. IL2 runs but no mods. Doesn't matter if wrapper.dll is an old or from last UP 1.2 or even HSFX 4.0.
I hope we can find some fix for it.
- Bimmer - 02.12.2009
It's Avast. They released an update that started detecting the Delf-mzg trojan in just about everything. Plenty of forums are showing a lot of traffic about it. Just shut down the on-access protection for the moment and do not delete anything and you'll be fine. I suspect an update to correct the problem will be along shortly.
- =RAF=darky1 - 02.12.2009
Thanks for looking but why do both my untouched games come up in Russian ????
Is it a time lapse i live in England ????
I should be in bed its 03.10 here
- Strafe - 02.12.2009
I just disable "Resident Protection" and all back working fine. But I don't like to stay without protection.