1.18 Patch Installation - Trojan threat stops installation ... please help

[SoraLeoyfaith]

Still no improvement, This is starting to get annoyding ... specially for a pay game

[Altera]

I just made it so my BitDefender AV was offline for 5mins, installed the patch and did a deep scan after and found no trojans or viruses.

[Coldfire]

Probably a heuristic false alarm. The updater uses checksums to verify the downloaded files and you get many parts from different people around the world. Means it's very difficult to spread a virus via this system.

[ContagionX]

I want to get this solved quickly but I'm not even sure if anyone from SE even bothers to look at this forum ... and official answer or even better a remedy would be better. I'm going to post a clear picture of the files affect and location just in case so the SE team knows where to look.

I just so happened deleted the update files and let it re-download again. This time the problematic file that popped up at 10.9% sat there for a while and then bypassed and continued to try to install ~ where at that point at 16.9% or so it snagged and pulled up another trojan file. This cannot be a coincidence since doing a regular file scan these 2 files do come up.

The 2 problematic files and their location are:

SquareEnix\FINAL FANTASY XIV\client\script\729s9\wu7\658p3\q5rqs9166pw35vw5wqs9w75.le.lpb

SquareEnix\FINAL FANTASY XIV\client\script\tp5rq\r75w9s1v\5q7\5q7jpi.le.lpb.tmp2

Call me paranoid but I'm not going to knowingly install something that could potentially hurt me and end up being insanely hard to clean up. ~ So hopefully a direct SE personnel can clarify this issue.

The heuristic false alarm idea could but the result that both these files are script based actions during installation; whatever it is doing it is making it well known enough to trigger a virus quarantine.

I have the same problem but the error is call 20709. This game use the p2p technologie and a virus can come from a other computer I would not dissable my anti-virus simply because this game use credit card information. I would be glad if someone could tell how to get rid of the corrupt data and start downloading it again ...

P2P is problematic ~ a hacker that knows what they are doing can easily mask a virus and a P2P actually makes it easier as it spreads to specific targets that they are looking for.

Well you can always delete the patch files. They are in your user folder -> Documents -> My Games -> FINAL FANTASY XIV -> downloads -> ffxiv

Did that hoping to see if it remedy itself ~ the same problem occurs ~ problem is still out there, there is a high potential for the seeders to redistribute said files. So basically ends up being wasted bandwidth.

I have exactly the same issue..
It is really anoying me as I can't play now.

Are you useing BitDefender by any chance?

Not using BitDefender ~ anti-virus that comes with my cable provider; Radial Point ~ they offer to high end networks and corporate ended solutions so its not just one thing that is picking it up; as people have listed other services running into this problem ~ on top of that I have another strong anti-virus/spyware on back up

I just made it so my BitDefender AV was offline for 5mins, installed the patch and did a deep scan after and found no trojans or viruses.

The problem is when you allow a trojan to integrate into your system, by the time it is active it is already masking itself; and sometimes takes another more sensitive anti-virus to remedy; ~ as you all know no single anti virus is god; I had a problem with a keylogger issue happen when I was back playing WoW and Nortons could not pick up the trojan after it was integrated as it was masking itself as a component within the anti virus software ... getting keylogged is not fun; and with SE if you read their ToS replacing you items if you get keylogged is a one shot deal if not almost zero. Doesn't matter if you have a security token key ~ you are just leaving yourself open to data mining on your financial transactions and other sensitive materials the longer you have stuff on your system.

Hopefully this thread gets big enough that a SE rep has to confirm or deny and rectify the situation.

[SoraLeoyfaith]

I checked a bit info on trojan.generic virus ... Throught I couldn't find any info on what that particular trojan do. It would seem that type of virus is very common to p2p technologie. It could do anything from erasing your hard drive to stole your personal information. Usually very hard to remove.

I find this rather threatning since it infected official data, that would also mean it spreading like wildfire and would most likely download itself on any new user that try to patch. I don't really see what we can do ,if I cannot play safely that mean Final fantasy XIV is dead to me. The only thing that can be done would be for SE to change the the patch download location with the uncorupted data but even that there no garanty it would not come back .

Well I do hope SE prove me wrong through I love that game but as I say safety come first, I honestly feel like they rushed that patch instead of doing it correctly I wouldn't mind have waited longer for the patch specially if that patch mean I can't play the game anymore.

[Zephir]

I checked a bit info on trojan.generic virus ... Throught I couldn't find any info on what that particular trojan do. It would seem that type of virus is very common to p2p technologie. It could do anything from erasing your hard drive to stole your personal information. Usually very hard to remove.

I find this rather threatning since it infected official data, that would also mean it spreading like wildfire and would most likely download itself on any new user that try to patch. I don't really see what we can do ,if I cannot play safely that mean Final fantasy XIV is dead to me. The only thing that can be done would be for SE to change the the patch download location with the uncorupted data but even that there no garanty it would not come back .

Well I do hope SE prove me wrong through I love that game but as I say safety come first, I honestly feel like they rushed that patch instead of doing it correctly I wouldn't mind have waited longer for the patch specially if that patch mean I can't play the game anymore.

Exclude FFXIV process (all) from AV e firewall scan.

[SoraLeoyfaith]

Exclude FFXIV process (all) from AV e firewall scan.

That is seriously not wise ... best way to get your pc infected. As for allowing program it is already allowed.

[SoraLeoyfaith]

Did a little more research on trojan.generic.5934904,according to the type of file infected, it seem to be a modified version of trojan.PWS.OnlineGemes.RAH wich is a password stealer ... in other word this is a real virus design to steal player information. I would greatly advice to people who actually desactivate there anti-virus to investigate a way to remove it from there comp.

[Coldfire]

You sure that it gets past the verification of the updater?

[Zuellni]

I've checked those 2 files with Virus Total Uploader, and 3/43 virus scanners they run the files through say those files are trojans. Do what you will, but I'd say it's a false positive.