Since the most recent update, Symantec antivirus has started reporting FFXi.dll, in my 'C:\Program Files (x86)\PlayOnline\SquareEnix\FINAL FANTASY XI' folder, as a Trojan.Gen.SMH.2 virus. I deleted the file, and began to fix my installation. While getting a new FFXi.dll, Symantec reported that FFXi.dll.tmp2 was also a virus. I undid the action, but why would my antivirus be reporting that it contains properties that of a trojan virus? I have tried another computer, to make sure this one was not infected but I got the same result. Thanks!

It's a false positive. You have to write Symantec for them to exclude the .dll.

My Symantec was doing this too.

Mine did it a long time ago. Yo have to turn off symantec if you want to play.
And no I wasn't hacking you, Dray. Or maybe I was... lol

Somewhat depressing, but this typically happens when a very low number of Symantec users have the same form of the dll installed.

Can you whitelist it? Most Antivirus allow you to add programs as exceptions while they fix the issue.

Symantec has no whitelist. x.x

Nope you can't add anything to a whitelist for it... So I just had to disable it, don't hack me Malthar.

Apparently my game runs fine despite SAV keep popping about the trojan.

If your anti-virus is like mine, the game will run until you shutdown. That's when it takes effect when it deletes the file.

Yeah;
disable av
start ffxi
enable av

And you should be fine.

No it will delete while you are in-game, the only thing is if you crash or try to relog into the game you won't be able to until you restore ffxi.dll.

In my case when I clicked 'Play' in POL I'd get a pop-up saying:

"Windows is configuring FF11"

I checked my virusscanner activity log and it put FF11.dll in quarantine; suspected it of a Trojan horse virus.

To fix the issue I did the following:

1) Restore the file, through the activity log (the virusscanner will warn you it's unwise. Ignore it in this case)
2) While restoring, tick the box that will exclude this file from future scans.
3) FF11 should run smoothly again.

Now, I'm pretty curious why this file is considered dangerous all of a sudden. Either SE or a large portion of virusscanners have changed their policies regarding .dll files, maybe?

Thanks for all the replies! I did add it to my ignore list yesterday. SEP deleted the file after using /shutdown. I am just wondering if there is information being sent back to SE that might be in excess to the normal amount (i.e. SE is tracking use of third-party tools such as windower). I highly doubt they ever care about such programs anymore since, despite RMT being reported, you see them in-game for months after farming your favorite spots until you are left with only dynamis currency to make gil. :( I guess I will netstat my ports and see if SE opened another.

Nope you can't add anything to a whitelist for it... So I just had to disable it, don't hack me Malthar.

First off Hello, Daylo!!

If you mean for norton to ignore a file you have to search for it and set norton to exclude it in its searches and basically it's the only type of whitelist i know of that notion can possibly have to not remove or quarantine those files.

Nah I use Symantec not Norton.

haha you right. Now my game gives error, saying configuring FFXI which never ends. ^^;

Had to restore & exclude game folder from scanning.

I hope SE fix this. It's really a major flaw. I see reports that other AV software also caught FFXI.dll as trojan/malware too.

have the same issue, it won't let you copy the file anywhere on your computer/network so add it to a WinRAR archive and readd it if you have to restart your computer

No it will delete while you are in-game, the only thing is if you crash or try to relog into the game you won't be able to until you restore ffxi.dll.

Wut? That's strange... Once a DLL is loaded it's cached. The game shouldn't have need of it again until you restart. I remember when that used to happen to me. I would turn off Symantec, load the game, then turn Symantec back on. SE might be doing something wonky.

Incidentally, I also use Symantec and my DLL isn't being deleted. Have you updated your virus checker and installed your anti-Malthar hacking device?

That's the thing, the game doesn't need it so for some reason the anti-virus deletes it while the game is running and nothing happens because the game doesn't need it. Then when you restart thats when the problem surfaces.

I was typing my findings into this thread: :Playonline\SquareEnix\FINAL FANTASY XI\ffxi.dll --- "Possible" Trojan.Gen.SMH.2 (http://forum.square-enix.com/ffxi/threads/45119-Playonline%5CSquareEnix%5CFINAL-FANTASY-XI%5Cffxi.dll-Possible-Trojan.Gen.SMH.2?p=532440#post532440) but this seems to be the more logic thread with its route address to include the technical support in-route to this thread.

I'm wondering if i should have unquarantined the ffxi.dII file again and make sure its excluded before attempting the check file method from the very first/the login to pol viewer screen page but i read somewhere under one of these two threads that you can run the file check with the current one quarantined and it will just replace the file but.. I tried it and the very same configuring windows pops up instead and wind up back in the same spot and if exclude it then after its back, I still will get the message you have an unregistered ffxi.dii file whatever that means and can only assume its something to do being registered accounts to se or something like that..?

I sure hope they'll extend all current events and celebrations going on in game on account of this incident going on for many players as well.

Like I said, just exclude the game folder instead. That should free you the hassle of restoring the file every time.

But remember though, once SE has make official statement with this being fixed, remove the game folder from scan exclusion list so that AV keep checking that folder again.

You do not have to exclude the whole folder; you can choose to only exclude the file. I used "Undo Action" to remove the file from my quarantine, to restore it, and then excluded it. Also, if this happens to you, you can save a bit of time by not reinstalling. I just copied the old version off an install disk, and used the check files feature at the start of POL. It did flag the temp file as a virus, but I was able to ignore that too. As for netstat, it is not showing any ports out of the norm. Still makes me curious, and I hate questions I cannot answer. :p

I hope someone can help me out, I had this problem too. I didn't know about excluding files, so turned Norton off, uninstalled and reinstalled. Turned Norton back on again and it ate the file again. By then these posts had started appearing so I was able to stand Norton in a corner with the dunces cap on and have my .dll sit safely where it should be.
However, my problem now is that during my uninstalling I also lost all the expansions. I have been reinstalling one a night using the CDs, but we didn't get one for Seekers. How do I get that back? I had the email with the original purchase saved with registration codes and things, but the link to my order expired 30 minutes after the email was sent. Do I have to rebuy or is there a different place to go for reinstallation links?

I sent the file in to Symantec but am awaiting a response. Webroot doesn't find problems with the .dll but Norton will ping it every time. Interesting. You'd think SE would update with a patch with the .dll because something has changed. I've been playing this game for a decade and it's never done this before, with all the updates and expansions over the years.

Very interesting indeed.

I hope someone can help me out, I had this problem too. I didn't know about excluding files, so turned Norton off, uninstalled and reinstalled. Turned Norton back on again and it ate the file again. By then these posts had started appearing so I was able to stand Norton in a corner with the dunces cap on and have my .dll sit safely where it should be.
However, my problem now is that during my uninstalling I also lost all the expansions. I have been reinstalling one a night using the CDs, but we didn't get one for Seekers. How do I get that back? I had the email with the original purchase saved with registration codes and things, but the link to my order expired 30 minutes after the email was sent. Do I have to rebuy or is there a different place to go for reinstallation links?

You may be in luck, if you act fast, for the files are available for download from an official source due to the Return Home to Vana'diel Campaign (which has concluded, but the files seem to still be around):

EU: http://www.playonline.com/ff11eu/download/media/install_win.html

US: http://www.playonline.com/ff11us/download/media/install_win.html
This really is a rare treat! Normally one would indeed need to re-purchase the media should they need new copies, and the whatever method was used has expired.


Good luck with yer nortons people! I'm glad I decided to leave that camp years ago. ^^;

Thank you for the help, Dragoy. Are you still playing? I haven't seen you for years!

I'm not sure about the download. I've just had to reset all my passwords because SE think there was suspicious activity going on. Well of course there was you planks, I had to reinstal everything and was running round checking stuff worked after. I'm sort of worried that if I do the download now, they'll outright close the account down.

Thanks again for the help. Good luck to anyone else who is still trying to get the sorted out.

Thank you for the help, Dragoy. Are you still playing? I haven't seen you for years!
Yes!

'Tis good to see you around too, still! I've not been up during my late night/early morning times too much lately, so that's probably why you wouldn't see me much (silly time-zone differences!).


I'm not sure about the download. I've just had to reset all my passwords because SE think there was suspicious activity going on. Well of course there was you planks, I had to reinstal everything and was running round checking stuff worked after. I'm sort of worried that if I do the download now, they'll outright close the account down.

There should be no reason for them to link your download(s) to your account. It's especially okay since the sites the links are to are very official, not some third-party site giving out “illegal copies”.

I'm thinking the links wont be up for long, as they normally do not provide the data for download, but have done so with the welcome back campaigns of late (which is cool, but I wish they would provide the files always, as it would give a safe location for users to download them from; it's not like people can play with the files only!).


See you arooond!

Thanks for the info. It may be the same with mine since i have it quarentined a few days ago by norton antivirus. S.e says contact them but they said the same thing,. make the file an exception to teh antivirus scans. Still though i can't seem to play the game,. but one step closer i think.:p

You may be in luck, if you act fast, for the files are available for download from an official source due to the Return Home to Vana'diel Campaign (which has concluded, but the files seem to still be around):

EU: http://www.playonline.com/ff11eu/download/media/install_win.html

US: http://www.playonline.com/ff11us/download/media/install_win.html
This really is a rare treat! Normally one would indeed need to re-purchase the media should they need new copies, and the whatever method was used has expired.


Good luck with yer nortons people! I'm glad I decided to leave that camp years ago. ^^;

Just some inquisitive or curios thoughts I had come across that could also possibly work at SE's Advantage.

So I was thinking dragoy, what if SE could just make the particular .dII files you needed back downloaded as a fix in this method of returning home campaign as well? What would be the logical outcome if they did? What if they took it to delivery of the dII fixed file through the POL Viewers delivery se mail system as a another method of a fix who are still having the problems to the game after they've tried out all fixes mentioned here to get everyone back up and running again.

Yay!!! Success, Whatever I just did....I'm back in the game! Still wishing SE comes up with batter plans to save your map markers and macro's not just for one character but for all of your characters!!

I hand an idea of where they could just be auto saved as you make them in game like some games do now days or putting the map maker npc's to even more of use just to do the same upon visiting them. I'm hopeful SE will become smart with that type of feature as to have less of a headache specially for reloading them up, coming around upon re-installs and returning to the games in the very near future here!! i'm sure you guys could have better ideas on this as well, i bet?

Norton 360 allows you to exclude the file from scans. Just restore the file and put it on the no scan list.

Norton 360 allows you to exclude the file from scans. Just restore the file and put it on the no scan list.

:confused:?? It would seem some folks keep misunderstanding me and also keep misunderstanding that I had done this already many times-> restored it from quarantine, excluded the files but it was windows or SE/Pol viewer that was having a problem with it put back as it would say you have an un-registered ffxi.dII file but SE also came out with a repairing account server problems Maintenance a few days later after some of my previous posts thus I wonder if that had something to do with it too as now i'm back playing ffxi, Either way i'm glad to be back in the game.

The other thing I "was" mentioning is just that windows 8.1 pro "was" doing is it kept on configuring or reconfiguring the game files while I don't know what SE's future plans are for having it run smother for future windows operating system's, I'd still like to see it happen and same for changes with updates to the POL Viewer which seems to be untouched, quite for some time now along with changes for certain future installation game pack files being not included such as the long time ended game of tetris master, granted Yes there may be an option to exclude it from being installed but to me that just seems to be a waste of flies to be included when they release newer ffxi expansion collection packs for new players or for those reinstalling the game just on newer system they've bought that hasn't had the game on it yet and even the system it was previously installed on already. I also think those files or that space could instead be used to help update or add more features to the FFXI game instead some-how.

I just dont know why I didn't see any updates happen upon successfully getting back into the game that took place on the 19th or 20th in which happened while I was stuck {read that as was and not as is} was stuck from not being able to play, I was expecting a very mini-update upon the game being successful. I know I shouldn't be but I am also "kind of" worried that I might not get the future updates which is probably a ridiculous thing to worry about possibly.