8 replies to this topic

[mooglepants]

Today I clicked my desktop ragnarok shortcut and instantly my webroot anti-virus picked up a threat called W32.Email.Worm.Silly. I removed the trojan and obviously the game wont play anymore. I uninstalled the game then went to the warp portal website and clicked ragnarok... then clicked download to get the client(being very careful to get it from the official site). The installer works until it gets to the .exe file, it stops and tells me to make sure I have access to the file. So I turned off my anti-virus and the game installed and patched just fine. I rebooted my computer and ran my webroot anti-virus system scan. It identified 3 threats in the setup_classic.exe, sakray.exe, and ragnarok.exe files called W32.Email.Worm.Silly. I googled the alleged trojan and there is a lot of information about it ( seems to be a real trojan ). I find this confusing because the laptop is used ONLY for ragnarok and nothing else. It is off a fresh install of windows 10 that is up to date. I also PAY for real anti-virus protection, none of that free garbage. Any ideas to help would be appreciated.

[TooKawaiitoDie]

Almost the same thing happened to me.  Webroot informed me of the same "trojan," so I removed it.  The Ragnarok shortcuts disappeared from my desktop, so I uninstalled the game.  I re-downloaded it from the official website, and attempted to re-install it.  The installer did the same thing to me, so I just deleted the entire gravity folder.  I did not update this computer to Windows 10; this computer has windows 8.1.  I never download anything weird or go to questionable websites; I haven't played Ragnarok for awhile, so I'm not even sure why this happened.  Right now I only have a steam version of Ragnarok, but I would prefer the regular version. 

[VModCinnamon]

Were you able to play the game fine before or is this a fresh installation?

Can you link from where iRO setup file was downloaded please?

[Axylus]

For unknown reasons, some components of the IRO client are erroneously identified as harmful by various security software on a regular basis. In other words, you probably don't have any malicious software on your computer.

I recommend that you do the following:

• Restore the files that were quarantined or deleted by your security software.
• Temporarily disable your security software.
• Download, extract, and then open HashMyFiles.
• Press F2.
• Navigate to the client installation folder.
• Select all of the files with the extension "exe" (hold control to select multiple files).
• Press enter.
• Compare the SHA-1 hash of each file to its corresponding hash below. If a file's hash matches, then it's a legitimate file.

e21f35fd1b88f1eb080f66a984e12754c037dc17 ClassicRO.exe
fbfa0c0da0d0902bc5370d895fbc5ec9e9235d88 clragexe.exe
caba4dcd713a3cbdc503502a6d70f259ca0f7cc5 Ragexe.exe
044d6d26b4834b999ed818e4ac8165d357e138a1 Ragnarok.exe
8f89709bbe729708d10f9329377acaf15cf926f3 Sakexe.exe
0931e68eea9cefbbdecfdd15afd757ed4639a546 Sakray.exe
db049ef7134eff99fd76ce7606916f774eda861c Setup.exe
3083f0df87f5a3e5526266cdfa8421b8c9337eec Setup_Classic.exe

(The above hashes were generated from my own copy of the IRO client.)

Edited by Axylus, 04 February 2016 - 08:37 AM.

[Baphy93]

same thing happened to my friend a few days ago.

[TooKawaiitoDie]

Were you able to play the game fine before or is this a fresh installation?

Can you link from where iRO setup file was downloaded please?

 

 

I was able to play the game before, without any problems, and I downloaded it from the official download link (http://www.playragna...ntdownload.aspx).  I thought it might be a false positive, but, just to be safe, I haven't re-installed it.

[Axylus]

I was able to play the game before, without any problems, and I downloaded it from the official download link (http://www.playragna...ntdownload.aspx). I thought it might be a false positive, but, just to be safe, I haven't re-installed it.

The installer is digitally signed by Gravity. If your copy had been tampered with, Windows would warn you that you were attempting to open a file created by an unknown developer.

[TooKawaiitoDie]

I re-downloaded the client again and tried to re-install it again.

 

With Webroot On:

 

 

I have had Webroot for years, and I have played Ragnarok successfully with this program on.

 

With Webroot Off:

 

 

I get the second message (and it will not open) when I try to open Ragnarok with Webroot on or off, so there must be a problem.

[Axylus]

I've reported this issue to Webroot; however, if SecureAnywhere is silently quarantining or deleting files it has incorrectly determined to be harmful even while disabled, I'd advise you to abandon using it.

Edit: Webroot have just sent the following reply:

Hello,

Thank you for submitting your report. We have examined the logs from your system and found that the detected items were the result of a false positive, and are not a threat. We have updated our security definitions to address this.

You may un-quarantine and restore the file that was quarantined by the Webroot SecureAnywhere software if you have not already done so. To restore the file:

1. Open on the cog icon next to PC Security.
2. Click the Quarantine tab.
3. Click the check box next to the filename, then click Restore.

Now that this change is in effect, we request that you run another scan of your computer (click "Scan My Computer" on the main overview window). If the same detection occurs, please let us know immediately.

Thank you,

Webroot Advanced Malware Removal Team

Edited by Axylus, 10 February 2016 - 05:38 AM.