Jump to content
  • 0
Slowmotion

problem with gathering patcher

Question

hi there, since few day i got a problem with the gathering patcher .

my antivirus program (kasperski internet security) say there is Trojan.win32.Ramnit.bhy in the GatheringRO-Patcher.exe

so i auto delet it .

i play now on gatheringro for like 6 or more months and never had probs like this .....

i would like to play on ..... hope u can help me to fix this problem ....

sorry for my bad english ... :-)

 

Share this post


Link to post
Share on other sites

15 answers to this question

Recommended Posts

  • 0

Kaspersky does no more detect the false positive now, just make sure to update Kaspersky with the latest anti virus database ;)

I'm still fighting to get the other ones removed as well.


The following Anti Virus Softwares have now white-listed our patcher system.
So if you're using one of these, make sure to update their virus database,

- Kaspersky
- Avast
- IKARUS Security Software

Share this post


Link to post
Share on other sites
  • 0
22 minutes ago, Slowmotion said:

hi there, since few day i got a problem with the gathering patcher .

my antivirus program (kasperski internet security) say there is Trojan.win32.Ramnit.bhy in the GatheringRO-Patcher.exe

so i auto delet it .

i play now on gatheringro for like 6 or more months and never had probs like this .....

i would like to play on ..... hope u can help me to fix this problem ....

sorry for my bad english ... :-)

 

Hello, please try adding "GatheringRO-Patcher.exe" to your anti-virus' "Trusted Applications" list.

Here is a link to helpful guide that you can follow:

https://support.kaspersky.com/11444

 

Please let us know the results.

Share this post


Link to post
Share on other sites
  • 0

hi my problem is the trojan in the gathering patcher

What is Win32:Ramnit-BY?

Win32:Ramnit-BY is a trojan that comes hidden in malicious programs. Once you install the source (carrier) program, this trojan attempts to gain "root" access (administrator level access) to your computer without your knowledge.

Trojans like Win32:Ramnit-BY are difficult to detect because they hide themselves by integrating into the operating system. Once it infects your computer, Win32:Ramnit-BY executes each time your computer boots and attempts to download and install other malicious files. Upon successful execution, it deletes the source program, making it more difficult to detect.

What are Trojans?

Trojans are one of the most dangerous and widely circulated strains of malware. A trojan disguises itself as a useful computer program and induces you to install it. By the time that you discover that the program is a rogue trojan and attempt to get rid of it, a lot of damage has already been done to your system.

The intent of a trojan is to disrupt the normal functionality of a computer, gradually stopping it from working altogether. Trojans can make genuine software programs behave erratically and slow down the operating system. Trojans can delete files, monitor your computer activities, or steal your confidential information. They can enable attackers to have full access to your computer… as if they are physically sitting in front of it.

Share this post


Link to post
Share on other sites
  • 0

It's a false positive. We have this issue every time we release a new version of our patcher. The only thing that changed is the ip address which it needs to connect to(the new server we moved to) and correction of the support button link.

 

I have reported it to all anti virus softwares which detected it as a false positive.

I always check it by using https://www.virustotal.com

So i can report false positives once detected.

After being reported it usualy takes several days before they release an update so the false positive gets removed.

 

The false positive is caused because the patcher system downloads files and has the possibility to delete and replace files within the gRO folder. (That's what a patcher is used for)

I will report it again and hope it's being removed asap.

Share this post


Link to post
Share on other sites
  • 0

I've reported it to Kaspersky just now, to remove this false positive detection.

I hope they remove it within the next days.

I will-recheck it later.

Share this post


Link to post
Share on other sites
  • 0
6 hours ago, Slowmotion said:

still no change :/

Disable your KIS first. Right click over KIS tray icon > Pause protection... > Pause until application restart > Pause protection.

Re-install gRO to ensure you have the latest version / updated client.

Next, open KIS settings by clicking gear icon on left bottom of KIS window > Additional > Threats and Exclusions.

A window will pop up > click Add > browse to your gRO installation folder > Add

Finally, you can restart your PC to apply all KIS settings customization. ;)

DdZ7mBLH.png

Share this post


Link to post
Share on other sites
  • 0
On 7/24/2017 at 6:48 AM, Everade said:

First removal:
- IKARUS Security Software will no more detect a false positive on the next update.

 

Same thing happened, just now I'm not sure if there's been an update in the patcher. Yesterday it works fine but now it keeps deleting the patcher because it says threat detected: A variant of generik.FEZBMPA Trojan detected.

Anti-Virus program= ESET NOD32 Antivirus

Share this post


Link to post
Share on other sites
  • 0
7 minutes ago, Slowmotion said:

omg omg omg i can play again thanks alote :-)))

Nice! Now im waiting for my program to allow ragna too xD

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×