"ffxi.dll" is showing up as a Trojan.Gen.SMH.2 Could we please have this verified and fix if Possible.

99.9999999% sure you have a false positive or an infection from something else on your PC. I have multiple threat scanners none of which are picking up anything from any dll or exe in the playonline folder. SE can't fix problems with your computer and they don't put viruses in their software.

Hmm Interesting, Thanks for the heads up.

Flag the file as ignore and clean up any other threats that may be existing on your PC. If you're feeling paranoid though, you can quarantine/delete the file, and just reaquire it from playonline with the file check function. Easy Peasy.

I had this happen on three separate machines.

On one of them, the Anti-Virus software wanted me to restart windows probably because I was actually running the game on that machine. The file was Quarantined on the other two. When the machine where I had been playing was restarted, the quarantine happened there too.

It's the main start up of the game itself. When you press "play" on the POL Viewer, windows will try to install it again... but of course, it can't find it since I don't keep an install disc in the machine. (Plus, the version of that program on the install disc is probably very out of date.)

On one of the machines, I ran a "Check Files". It noticed the missing file and downloaded it again... but the Anti Virus software blocked it again and quarantined the tmp downloaded file even before the install process could move it into place.

I have told the anti-virus software (Norton) to put it back, and exclude it from scans. It is working again now.

But I would still like to see a more official response.

It would definitely appear that a virus definition that came out today for the Anti-Virus software has triggered this problem. I don't know if other Anti-Virus software (other than Norton) is flagging this or not.

@Dsherman I did the exact same thing; and also would like an official response.

You're probably not going to get an official response. if you do, they'll tell you to do the exact same things that have already been said here by us "unofficial" people. Just follow proper proceedure as you would with any false positive. There is no virus in the game. The detection rules on any AV software are meticulous enough that many kinds of perfectly normal behaviors can occasionally trigger false positives. I'm not sure why you're demanding an official response from something that wasn't caused by SE.

The 0.00000001% chance that it's not a false positive, its a 100% guarantee some other threat already on your system infected the file.

Spybot, MSE, and AVG are all finding nothing here.

My anti virus thinks the ffxi.dll is a trojan as well.

Someone made a post about it in the tech support forum already
http://forum.square-enix.com/ffxi/threads/45115-FFXi.dll-reporting-as-virus

You're probably not going to get an official response. if you do, they'll tell you to do the exact same things that have already been said here by us "unofficial" people. Just follow proper proceedure as you would with any false positive. There is no virus in the game. The detection rules on any AV software are meticulous enough that many kinds of perfectly normal behaviors can occasionally trigger false positives. I'm not sure why you're demanding an official response from something that wasn't caused by SE.

The 0.00000001% chance that it's not a false positive, its a 100% guarantee some other threat already on your system infected the file.

Spybot, MSE, and AVG are all finding nothing here.

Wrong, they just made an official response and they are looking into it.

Well, color me suprised! and they even did so in a relatively timely manner!

(Still, you can be basically 100% sure that a change in detection rules for some AV software caused the problem. I cant imagine SE being able to do much more than say to them "hey guys, this is a false positive. Fix your crap yo!")

Caught this also on my SAV. Weird that my game ran normally though...

Bit of an inconvenience but it was easy enough to remove the file from quarantine and run the game.

{My Detailed Report on it thus far in not being able to play the game!!}
To the Dev/forums team I hope this helps into some of the investigation on the situation at hand. [Sorry, longer post then I had planned]

Yeah this is happening to me too with my Norton 360 2014 security over my ffxi game after a norton update/security at risk update which needed a computer restart to fix what it deemed to be a problem risk/continue with the update but also it happened after the full system scan happened.

I cant even make it to the title screen/character select screen after you get past hitting play at a word to our players screen on the pol viewer window then the quickly displayed ratings screen where jumps back to the previous screen afterwards and tries to move forward onto the ffxi cs game story screen and then thats where it all happens before it can even get to the cut scene screen XI storyline but the pol viewer has remained unaffected by it

Anywho... after it jumps back to A Word To our players screen it started to do this->What it did is it popped up "please wait while windows configures FFXI and then next was this->The feature you are trying to use is on a network resource that is unavailable and next part of it says: Click OK to try again, or enter an alternate path to a folder containing the installation package 'FINAL FANTASY XI.msi' in the box below which I already of course had the ffxi game previously installed but it didn't show up as being there and i hit retry to see what the outcome would be it basically repeated while leaving some of the path blank between users\ and \desktop is The path 'C\Users\...\Desktop\Downloads\Final Fantasy XI\extracted\NST1\FINAL FANTASY XI.msi' cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'FINAL FANTASY XI.msi' in a folder from which you can install the product FINAL FANTASY XI.

However after I did more digging to discover into my Security Software Protection virus scanner activities or history and came across that it Quarantined an ffxi.dII file listed as ffxi.dII (WS.Malware.2) and so reading through about some false positives with the scanner happening, I hit the restore file and exclude from future scans feature but i unchecked the box that would excluded it from another scan and hit cancel on the verify location box rebooted, logged out of the pol viewer but it had finally all ready Disconnected after hours of researching or figuring stuff out and fully closed the pol viewer then proceeded to restart my Alienware 18 BTX based mod. with Windows 8.1 Pro 64 bit laptop to see if it would resolve matter as a solution.

After my computer had fully reloaded I clicked on the playonline desktop shortcut to bring up the log in to the pol viewer screen after clicking on the always popping up windows warning cation yellow security box with the text unknown program, do you to allow this program to make changes, the Pol viewer loaded just fine as before and proceed to go the next screen to play ffxi. and got back to the very same screens where first is displayed about security breaches or server updates about to happen and I hit play and next the A word to our players hit play, rating screen comes up , drops back to the previous screen and this time the loading ffxi game/checking files before the CS XI story screen appears and it hits that ffxi.dii restored file and says you have an unregistered ffxi.dII file and then norton comes in and re-Quarantines that file but listing it this time as Trojan.Gen.SMH.2 and thus i regrettably have to log out of the pol viewer winder not making it to the next separated ffxi windows window to the game under setting of windows mode instead of the full screens mode where it would in full screen mode have to many other notifications from other stuff such as FB or 8.1 windows app pop ups creating a game terminated error thus failure in full screen modes.

This part not necessarily for the Forum community/dev teams but can read it if you like to know some of the trouble and inconvenience some of us like me will be facing since the anti-virus removing effect happened to us pc/windows players. I will write it as or with my problems that others can relate this to as being there causes from this happening too.

The demise this will cause if I have to actually re-install the game yet again over the years for me is: I haven't had anyway to backup my files on my laptop being short on cash this whole year to purchase a external Hard Drive to backup files to restore in case of something like this happening.
The loss of all my new or redone map markers and macro's for either both or one of my characters for must be the 7th time :( -.-:; and don't like the current set up at the character select screen with characters on the same acc. that you can only save one of char.'s profile of macro's & Map-Markers for future loading when playing on only one system such as a pc and on top of that its hard to recall that you did of them all over the game too to cause a big loss.

I'm not to positive on how I would go about reinstalling the game since I directly downloaded it from SE's Store without putting it on to a backup files disc.

I fear I'll be missing out on all the XI celebrated events going on by the time this matter is resolved that includes mog pell's, special gobbie treasure keys, Sunshine Seekers or all the other events, Login campaign to get the gobbo trust cypher, etc. {yikes!!} hoe this matter is resolved without any reinstalls or losses and missed events -.-: thanks SE if this can be done in this way.

Just had this happen right after logging in to update, Norton 360 is flagging ffxi.dll as malware. This causes the file to be quarantined, at which time Windows (8.1) to try to automatically run the FFXI installation repair.

Go back in and remove the file from quarantine again and this time make sure to properly exclude it from future scans then restart FFXI.

snip, tldr

Just exclude the file, or even the game folder in your antivirus settings, and you should be fine for the time being. Don't have to reinstall the game.

SE do need to fix this ASAP. :p

Just exclude the file, or even the game folder in your antivirus settings, and you should be fine for the time being. Don't have to reinstall the game.

SE do need to fix this ASAP. :p
normally, it's the AV software's responsibility to fix false positives, as the problem is not a defect in FFXI.

The problem still remains is that even when I do restore the file from Quarantine, the ffxi game itself from the pol viewer window after hitting play from A word to our players {same i said in previous post} keeps saying you have an unRegistered ffxi.dII file and stops from loading any further on the game. My guess is there going to have to completely rewrite that file or at least file name/programming it with something like ffxi11.dII, ff11.dII or something unlikely to be read as as virus programming and include it in an update from the pol viewer itself and speaking of which, I miss the days when pol viewer and FFXIi both where updated hand-in-hand sometimes as one packaged update even and while i'm on the subject why they still include the obsolete game tetra master when releasing a full collection with newest expansion to download and install the game on a system is beyond me when it shouldn't be there any more as to no game exists of it anymore besides an news page article about it in which you can find that type of info about the past game online anyways.

Oh, almost forgot to say this: I haven't tried the check file method from the login pol viewer screen to which might give you a new registered ffxi.dII file replacement and oh yeah I surely wish there was an volume adjustment on that first pol login screen page as well as the cs story vid too.

Your post.

Others have mentioned that running the POL check files, which you also mentioned, might help with replacing the .dll file. Also, you mentioned map markers and such a few posts back. You should be able to just copy your character data (macros, etc.) to another folder and re-install the game (if you absolutely need to) then drop your character data back into the new FFXI folder. I only recently started messing with things like that on my PC but I was able to keep my newer macros that I haven't saved to the server because of it. Only one I haven't got down yet is the patch notes so I can avoid the many hour update.

Honestly, installing the game is nothing as long as you have the client/discs/downloads to do it. The updating afterwards is horrible though.

Last, as others have said (unless it's too late for you), you can probably find the original ffxi.dll file from your anti-virus and do a restore then ignore/exclude the false positive on it. For me, at the least, that fixed the problem that you had with FFXI stuck on checking files on the game and it ran properly after.

Others have mentioned that running the POL check files, which you also mentioned, might help with replacing the .dll file. Also, you mentioned map markers and such a few posts back. You should be able to just copy your character data (macros, etc.) to another folder and re-install the game (if you absolutely need to) then drop your character data back into the new FFXI folder. I only recently started messing with things like that on my PC but I was able to keep my newer macros that I haven't saved to the server because of it. Only one I haven't got down yet is the patch notes so I can avoid the many hour update.

Honestly, installing the game is nothing as long as you have the client/discs/downloads to do it. The updating afterwards is horrible though.

Last, as others have said (unless it's too late for you), you can probably find the original ffxi.dll file from your anti-virus and do a restore then ignore/exclude the false positive on it. For me, at the least, that fixed the problem that you had with FFXI stuck on checking files on the game and it ran properly after.

Hmm where would this file or folder for macro's, map markers be and would it go against SE's Policy agreement or copy rights even?

Backing up, copying, deleting etc. your files doesn't break any rules.

normally, it's the AV software's responsibility to fix false positives, as the problem is not a defect in FFXI.

Maybe. But... if more that one AV reporting this, sometimes it's not always the issue with AV. SE himself might need to recheck their files. I mean, come on... Why AV never caught it before?

This once happened on my end before, re-compiling one of my office application DLL with new features that resulted office AV picking up trojan in it. Once I figure the cause and fix it (which was one of the unregistered library files), AV no longer reporting trojan from it.

Hmm where would this file or folder for macro's, map markers be and would it go against SE's Policy agreement or copy rights even?

As long as you don't modify the files, it shouldn't really be against the ToS to copy, delete, move them.

Anyway, typically the character data is in the USER folder. Generally it follows the path of (The harddrive letter where you saved the game...default is normally C):/Program Files or Program Files X86/Playonline/FFXI/USER. While in the USER folder there should be X amount of additional folders. Each one of those represents each character you have created last I checked. I just went ahead and copied(DO NOT CUT, DELETE, OR OTHERWISE REMOVE THE FOLDER FROM FFXI) the entire USER folder then pasted it over to another location that I could find easily again. I re-installed the game, and then just dropped the USER folder back into the FFXI folder. So far I have not had any issues but I will admit that I didn't think to check map markers as while I do have them, I don't look at them often.

I'll end this post on this, if doing this and you have limited PC knowledge, 1) I suggest not to do it and suck it up losing the macros and such but mostly 2) Do not open or look at any of the files as if you do something in the files themselves, you could potentially make things worse. And again, I'm limited on working with moving around/reinstalling FFXI, so while there probably is a better way to do it. This way worked for me.

Maybe. But... if more that one AV reporting this, sometimes it's not always the issue with AV. SE himself might need to recheck their files. I mean, come on... Why AV never caught it before?

This once happened on my end before, re-compiling one of my office application DLL with new features that resulted office AV picking up trojan in it. Once I figure the cause and fix it (which was one of the unregistered library files), AV no longer reporting trojan from it.
Right, but this isnt something that happened because of a change to ffxi.dll, as this just started happening out of the blue. If this started happening immediately after the dll was modified, a programmer creating a behavior that could be considered virus like by an AV software could be the cause. But that doesn't seem like it is the case this time.

I keep wondering if the dev's, community team, and those who work on this game have even looked at either of the two threads that we all have been posting in or not but I kind of hope they just come up with a fix that doesn't require the annoying time and time again the full resinstall with this game,

I haven't seen any more follow ups on where there currently at and how they're coming along with this situation towards a resolve or if they just stopped and given up on it leaving it up to us..>.<;eek! :confused: :(

I'm really worried...yippie!...

I keep wondering if the dev's, community team, and those who work on this game have even looked at either of the two threads that we all have been posting in or not but I kind of hope they just come up with a fix that doesn't require the annoying time and time again the full resinstall with this game,

I haven't seen any more follow ups on where there currently at and how they're coming along with this situation towards a resolve or if they just stopped and given up on it leaving it up to us..>.<;eek! :confused: :(

I'm really worried...yippie!...

http://www.playonline.com/ff11us/polnews/news23832.shtml

They already know and "supposedly" working on it. They mention the exclusion of the .dll file as a workaround.

Norton / Symantec make horrible AV software. At my old job, symantec end point protection randomly decided that a windows update file was a virus and bricked like 20 computers and servers by deleting parts of the operating system that were updated. According to their support forum, Trojan.Gen.Smh.2 is just a generic code for "We don't know what this is, but it looks dangerous". They have a method of flagging files where they flag something if it has the same file name as a file that has been installed safely on a large number of systems, but is in fact a different file. So bascially, your AV software went "woah, that doesn't look like the POL.exe that everyone else is running. That might have been tampered with."

TLDR; Symantec / Norton is horrible. It''s almost as bad as actually having a virus. Just mark the files / folders as safe and restore them from quarantine.

http://www.playonline.com/ff11us/polnews/news23832.shtml

They already know and "supposedly" working on it. They mention the exclusion of the .dll file as a workaround.

Yes, I've seen those reports and even this be kind of pointless to say it now but.. I was hoping for even more updated news on it since then after there follow up message on the pol website which is what I was referring to in the first place. Anywho, I'm still having problems with windows 8.1 pro. restoring the file from Symantec/Norton's quarantined area well more like after the fact when I have done it, I understand its not just the symantec/norton company doing this to the ffxi gamer filers as well. Anyways, I will continue to watch the posts here in case anyone has any other ideas on the situation too.

Forgot to say thanks for trying to help out Fahzewn whatever I did, i'm succesfully back in the game now!

Norton / Symantec make horrible AV software. At my old job, symantec end point protection randomly decided that a windows update file was a virus and bricked like 20 computers and servers by deleting parts of the operating system that were updated. According to their support forum, Trojan.Gen.Smh.2 is just a generic code for "We don't know what this is, but it looks dangerous". They have a method of flagging files where they flag something if it has the same file name as a file that has been installed safely on a large number of systems, but is in fact a different file. So bascially, your AV software went "woah, that doesn't look like the POL.exe that everyone else is running. That might have been tampered with."

TLDR; Symantec / Norton is horrible. It''s almost as bad as actually having a virus. Just mark the files / folders as safe and restore them from quarantine.

FFXI DLL is encrypted (for protecting the game against cheating and reverse engineering) and obviously it's updated every time the game gets updated. While that could trigger heuristics protections on AV software, that has never happened before.

I find amusing that only now AV software bugs out with FFXI updates. My theory is that some malware maker copied and started using SE's protection coding on their own malware and that caused this issue.

This is getting old REAL fast... Waking up to this again, even after I did every measure to stop files from being removed. Starting to think maybe should just let this old game die with all the recent problems everyone been having.

You need to contact your antivirus company and tell them about the false positive. SE will not know what's triggering the antivirus detection.

Depending on how flexible your specific antivirus software is, just add the playonline folder to the whitelist so you don't have to worry about this anymore.

You need to contact your antivirus company and tell them about the false positive. SE will not know what's triggering the antivirus detection.


This is getting old REAL fast... Waking up to this again, even after I did every measure to stop files from being removed. Starting to think maybe should just let this old game die with all the recent problems everyone been having.


Depending on how flexible your specific antivirus software is, just add the playonline folder to the whitelist so you don't have to worry about this anymore.

"Yeah!!!" the same thing just happened to me, just right now at 1:48 pm-CST/CDT Time!!

First I found myself Disconnected from game with that error message up after minimizing the ffxiclopedia page I was editing over top the ffxi game window while the game was running behind it, then I attempted to log back into the game and upon the usual log-in checking my FFXI log in security passwords and checking ffxi files loading bar screen it went ahead and Quarantined the newer ffxi.dii file while all of the game and the POL viewer was completely closed out, faster then you can blink an eye. Originally I had it set to exclude the the ffxi.dii game file from before when this event occurred but apparently it was just the older one by chance, I guess.

I've done the virus scan history, go to removed file, restore and exclude file. Now to see if I can get it be fixed by the POL viewers log in screen > check files method. I hope it doesn't happen again too in which after doing the restore from quarantine it shouldn't, I can only hope!! :( :mad:

Note: Also I've done an run Live Update right after I did a restore and exclude file, it did successfully update the critically: critical file detection system. I can only hope it made an adjustment onto this not happening again!

Note: {2:40PM Cst/Cdt} Doesn't look like i'm free and clear of the situation at hand yet. My antivirus program just popped up the notification that my computer needs to restart in order for it to remove virus/Malware as it did the same thing the last time I went through all of this and i have set it to remind me with in 24 hours as a precaution for now. I'm changing virus companies after this happenning yet again with Symantics-Norton company on my Windows 8.1 Professional Alienware 18 inch laptop since my subscription is about to expire in less then 12 days anyways.

Go in to your Symantec settings and add the entire POL directory as an exclusion. For me, this is:
1) Open program
2) Change settings tabe
3) Exceptions link
4) Add...
5) Select the Folder option (or Application) for each option and navigate to the POL folder (or ffxi.dll)

Congrats, now your computer is slightly less secure but Norton won't eat your ffxi.dll anymore.

Same here Endpoint security just ate my FFXI.DLL