Virus Warnings during installs Thread

This problem started some time ago when I tried to start Zomboid on my Desura account. It stated I did not have enough room on my C: drive and had to change location on the cache. Clicking the window that appeared on the top right corner to change location just sends me to a blank site on Desura client.(This might or might not be part of the same problem)
After couple of days my F-Secure started warning me about a virus removal during Game installs.
First it was 2012-04-26 Gen:Variant.Kazy.65525
and couple of days later it was Gen.Variant.Graftor.5798
Desura also crashes, and I get option to Force Update and nothing happens, looking in Task Manager I see desura.exe and desura_service.exe are till
Games I have tried to install include: Project Zomboid, I Shall Remain, Savage: The Battle for Newerth and UFO: Alien Invasion.
I can't install, nor run any of theese games (Project Zomboid only one I own and is not free).
My only option atm is uninstalling Desura and never to return, or get help on a fix to resolve this issue.
I have tried to reinstall it and I got Project Zomboid to work, but none of the other titles. And I get spammed with virus removals on F-Secure every time I try to install any game.

if u ar getting viruses from desura, try and get rid of games on it that u dont need, e.g. i had a virus when i tried to buy cry of fear and when i got rid of games i didnt really play, it stopped giving viruses. if this is not the case for u and u want to keep all of ur games, then i would not take my advice. sorry to hear anyway

woodchuck wrote: if u ar getting viruses from desura, try and get rid of games on it that u dont need, e.g. i had a virus when i tried to buy cry of fear and when i got rid of games i didnt really play, it stopped giving viruses. if this is not the case for u and u want to keep all of ur games, then i would not take my advice. sorry to hear anyway

Incredibly wrong. We would not allow infected content on the service or any of our sites. Chances are you have an existing virus that is attempting to use the program in a way that your virus scanners are reacting too. If you want to change the location of the Desura cache and you are having issues first make sure Desura is not being used in anyway and try again. You could also just move the entire folder to another location and run the exe again.

that is more complicated but that is probably a better method well done henley

I have Desura installed on my D: partition but all the cache folder is still in Documents on my C: partition. I have moved the cache folder(how would Desura know that I did, and start use it from that location instead?) from C: to D: but with no result it keeps using the default directory.
How do I make sure Desura is not being used in anyway? Elaborate.

Grymling wrote: I have Desura installed on my D: partition but all the cache folder is still in Documents on my C: partition. I have moved the cache folder(how would Desura know that I did, and start use it from that location instead?) from C: to D: but with no result it keeps using the default directory.
How do I make sure Desura is not being used in anyway? Elaborate.

The cache is used during the download and install of mods and games, more importantly it saves the MCF's for complex installs of modifications to replace the original files back once you are done with the modification if ever. You can simply clean the cache of the files if you want, it will not effect your installs. Once that has been completed you will be able to change the location. I am not sure why you cannot do this as it is now. What I suggest you do is press ctrl + shift + esc on your keyboard then head on over to processors and close down the Desura tree via right-clicking on the process. This SHOULD remove all current instances of the program working on your PC. At that point you just run the program again and change the cache location.

Desura is STUPID! It added 3 Gen:Variant.Kazy.65525! T.T

Where was Gen:Variant.Kazy.65525 added? Viruses on your computer could contaminate it.

@Georgegreece Oops ,i meant that it gave me 3 kazys.

@feillyne Well,it added the viruses to C:\ProgramData\Desura\DesuraApp\ folder...

Oh also,the strange thing is that the viruses got detected AFTER uninstalling Desura!

You could download a virus through a web browser or P2P client, then it could contaminate Desura folder, folders of games, etc. Desura software and all legal games *are* properly scanned and tested by developers. Most legitimate software (programs, tools, etc.) are also properly tested by their developers.

Edited by: feillyne

Well, I've just installed Desura today, directly from the official site, and upon startup also got an antivirus warning that the Gen:variant.kazy.65525 was being accessed by desura.exe and desura_service.exe. Running BitDefender

The offical response that "hey, perhaps you computer was already infected" seems pretty far-fetched when at least 3 different users have their AV programs reporting that Desura is accessing exactly the same virus. I've been keeping my PC safe since OS install, never had any viruses reports in it, and just had this one on first run of the Desura executable...

Man-Hays wrote: Well, I've just installed Desura today, directly from the official site, and upon startup also got an antivirus warning that the Gen:variant.kazy.65525 was being accessed by desura.exe and desura_service.exe. Running BitDefender

The offical response that "hey, perhaps you computer was already infected" seems pretty far-fetched when at least 3 different users have their AV programs reporting that Desura is accessing exactly the same virus. I've been keeping my PC safe since OS install, never had any viruses reports in it, and just had this one on first run of the Desura executable...

Well if your AV software uses Heuristic Scanning chances are Desura will show up as a false positive. Meaning that the software while it detects software it deems to be malicious only detects it because it is doing something unusual on the system hence a false positive. Desura does in fact need to have access to overwrite files.

We thoroughly check all content that is sold within our store. If you are still worried about it try it with a higher quality AV like nod32 or kaspersky. Alternatively you could just use the site to access the files you purchase without needing the app.

Hello,
I'm having the same problem. It detects

TR/Kazy.65525.19
in \ProgramData\Desura\DesuraApp\GDF\61418032332832.dll

every time i start up Desura (i'm using Avira Free), also after re-installing the app, and there is no detection when I start up TripleA, which is the only game I have downloaded so far.

My primary question is: Would it be safe to just delete the detected .dll file, to avoid any risk of it not being a false positive?

I'm having the same issues too with a 60606283513888.dll file in \ProgramData\Desura\DesuraApp\GDF\. Avast Antivirus classified it as "Win32:Malware-gen". Have there been any updates on this issue?

Its a false positive guys. Those dll's contain no code but resources for the windows games list. The number is the 64 bit id of the game as outlined here: Github.com

Edited by: lodle

--

What about .tmp files in that same folder? Just today I got a malware warning from Avast about a 'RCX4BD4.tmp' file in the ...ProgramData\Desura\DesuraApp\GDF\ folder. Is there a reason why these keep popping up? Do the Developers at Desura know about these issues?

Read above.

Panda flags texture files in the directory 'kamikaze3' for dday-normandy as kamikaze virus