[HOW TO] Solve your antivirus problems menu

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    KillerJohn's Avatar TurboHUD HUDmaster CoreCoins Purchaser Authenticator enabled
    Reputation
    3156
    Join Date
    Jul 2012
    Posts
    2,708
    Thanks G/R
    10/2803
    Trade Feedback
    0 (0%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    [HOW TO] Solve your antivirus problems

    Hi all!

    As you probably already know, antivirus systems does not like obfuscated .exe files.

    Q: What obfuscated means?
    A: It is the protection how I hide HUD's source code from shady eyes.

    Q: Which obfuscator do you use?
    A: ConfuserEx

    Q: How do you know ConfuserEx does not add a trojan to the .exe?
    A: It is opensource and I compile it myself, so it can't do that.

    Q: Any source ConfuserEx causes this?
    A: Virus Detection * Issue #17 * yck1509/ConfuserEx * GitHub

    Q: Why does this f*ck up antivirus software?
    A: Because it looks like something trying to hide it's real code pattern. In fact it looks like something really messed up.

    Q: Could you turn it off?
    A: No.

    Q: What can I do?
    A: You have multiple options:
    - Entirely disable your AV software. This is not recommended because it makes your system vulnerable.
    - Add TurboHUD's folder to a feature called "whitelist". Most AV software has this feature. Be aware that some of them has multiple whitelists for multiple features so be sure you added HUD to all.
    - Send a bugreport to your AV software support service, with TurboHUD.exe file, and this link to ConfuserEx
    - Pray every day, but I don't think it would solve the problem.

    Be aware that all antivirus-related topics will be deleted in the future.
    If you want to ask for help, do it here.

    These ads disappear when you log in.

  2. Thanks ADV2015, sdUnit, Lootsalot, Becksulinaa (4 members gave Thanks to KillerJohn for this useful post)
  3. #2
    KillerJohn's Avatar TurboHUD HUDmaster CoreCoins Purchaser Authenticator enabled
    Reputation
    3156
    Join Date
    Jul 2012
    Posts
    2,708
    Thanks G/R
    10/2803
    Trade Feedback
    0 (0%)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    - copied my original post from turbohud.freeforums.net -

  4. Thanks sdUnit, djkingston99 (2 members gave Thanks to KillerJohn for this useful post)
  5. #3
    Gurbak's Avatar Member Super Awesome Sparke Cake CoreCoins Purchaser
    Reputation
    8
    Join Date
    Dec 2014
    Posts
    25
    Thanks G/R
    6/7
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For those with Avast AV:

    [HOW TO] Solve your antivirus problems-thudavasust2-gif
    Last edited by Gurbak; 03-25-2017 at 02:03 PM.

  6. #4
    Screwyluie's Avatar Member
    Reputation
    1
    Join Date
    Mar 2017
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    been using turbohud for a long time (so glad it's back!) and I've never had my AV trigger until now. This version for game client 2.5.0.44247 triggered AV, Avast in particular, and yeah it's up to date.

    on a side note this is the first time I've needed to exclude something in avast and what a PiTA that is, so much so I might just uninstall it, super annoying. Thanks for the little guide, but that doesn't exclude the temp location when extracting the file initially. That location is random each time you extract so you can never exclude it.
    Last edited by Screwyluie; 03-31-2017 at 07:40 AM.

  7. #5
    bg4u's Avatar Member
    Reputation
    1
    Join Date
    Apr 2017
    Posts
    5
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So, I was playing and my HUD disappeared. Looked at my messages and saw that it had terminated because windows defender complained about it on W10 x64 Pro

    Re-extracted it and had the same issue.



    Disabled windows defender and then re-extracted, renamed and launched with diablo3 + process explorer + wireshark

    Caught which IP turbohud was connecting to, it's just a cloudflare IP in front of pastebin which just has the current version number. Here's what's in the data;



    TurboHUD version - Pastebin.com

    I dug through the process and checked for any odd calls or hooks but I didn't see anything that jumped out at me. The process didn't make any other connections, nor spawn/hijack any other processes to do so.


    I also checked it against virustotal and it came up high;
    Antivirus scan for f142211fc91be646c6d11c112dde5900aace9d1d3adb151215156069d9bc4d7e at
    2017-04-01 03:10:23 UTC - VirusTotal
    25/62

    So I scanned the old version from a few weeks ago;

    Antivirus scan for 61b1b2da3b824123618ef68ec7934c985a93c36392ddd94a82a641b31f3c863c at
    2017-03-09 20:11:15 UTC - VirusTotal
    only 8/61


    I think this is a false positive, but I don't know. I'll keep an eye on it.

  8. #6
    Cynide's Avatar Member
    Reputation
    1
    Join Date
    Apr 2017
    Posts
    3
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    "Unrecognized executable or library. Terminating.

    Turbo.Contracts.dll"

    Any ideas as to why I'm getting this message every time I try to run THUD?

  9. #7
    itsmylife's Avatar Active Member
    Reputation
    23
    Join Date
    Jun 2012
    Posts
    237
    Thanks G/R
    31/22
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You installed TH into a folder with other dlls or executables.

    TurboHUD has to be unzipped into an empty folder.

  10. #8
    sed-'s Avatar ★ Elder ★
    Reputation
    1113
    Join Date
    Mar 2010
    Posts
    1,575
    Thanks G/R
    51/150
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i talked to the guys over at kaspersky and within 24hours they are releasen an update to stop flagging turbohud as they tore it apart and deemed it safe.

  11. Thanks Litespeed0, levelmax (2 members gave Thanks to sed- for this useful post)
  12. #9
    Cynide's Avatar Member
    Reputation
    1
    Join Date
    Apr 2017
    Posts
    3
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually I wasn't putting it in "run in windows 7 compatibility mode"... I didn't realize that's how it works now... but yeah, once I did that, it fixed it... runs perfectly.

    I just had to tell windows defender to allow it and I'm good to go. Thanks for the reply.

  13. #10
    BalPorridge's Avatar Member
    Reputation
    1
    Join Date
    May 2017
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Does anyone know how to trust TurboHUD.exe with mcafee as it automatically gets quarantined so I am not able to trust it as I cannot extract it from the .zip file.

  14. #11
    Screwyluie's Avatar Member
    Reputation
    1
    Join Date
    Mar 2017
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by BalPorridge View Post
    Does anyone know how to trust TurboHUD.exe with mcafee as it automatically gets quarantined so I am not able to trust it as I cannot extract it from the .zip file.
    same issue with avast. you have to disable AV entirely... it should have a pause function. Get it extracted and then add the final destination to the whitelist. You'll have to pause your AV every time you update.

    I'm still a little bothered by the fact that this is the first time turbohud has ever triggered AV for me... old site shutdown, new site up and now AV triggered... it throws up mental red flags for me.

  15. #12
    BalPorridge's Avatar Member
    Reputation
    1
    Join Date
    May 2017
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Screwyluie View Post
    same issue with avast. you have to disable AV entirely... it should have a pause function. Get it extracted and then add the final destination to the whitelist. You'll have to pause your AV every time you update.

    I'm still a little bothered by the fact that this is the first time turbohud has ever triggered AV for me... old site shutdown, new site up and now AV triggered... it throws up mental red flags for me.
    The problem is is that I can't exclude files with my AV off with McAfee. If I turn off the AV then the excluded items field is grayed out meaning I don't have a to trust it.

  16. #13
    Screwyluie's Avatar Member
    Reputation
    1
    Join Date
    Mar 2017
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by BalPorridge View Post
    The problem is is that I can't exclude files with my AV off with McAfee. If I turn off the AV then the excluded items field is grayed out meaning I don't have a to trust it.
    that's fine, exclude it after you turn it back on. The real issue is the extraction puts the file in a temp folder with a random name so excluding it doesn't work, next time the path is different. So the file never makes it where it's supposed to go. Pause the AV, extract the file, then unpause and proceed. Either exclude the file right away (AV won't catch the file until you try and access it) or open the file and the AV will popup and then you can either respond or if it's set to auto then go into the history/virus lockup/cache/whatever it's called in yours and restore/whitelist the app.

    You won't have to do the last half each time. once you get it whitelisted in it's final destination then you just have to pause while you extract the file, unpause and all should be well again.

  17. #14
    BalPorridge's Avatar Member
    Reputation
    1
    Join Date
    May 2017
    Posts
    4
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I can't exclude the file even if I'm not accessing it, the file is automatically deleted and I can't do anything about it.

  18. #15
    gjuz's Avatar Contributor
    Reputation
    115
    Join Date
    Mar 2017
    Posts
    214
    Thanks G/R
    41/112
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    pause your antivirus
    add THud too the ignore list of your antivirus
    check again.

Page 1 of 2 12 LastLast
All times are GMT -5. The time now is 09:38 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2020 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search