You should figure out what those definition names mean.

Or keep spreading panic about false positives without the research to warrant it, whichever you want.

It is a 100% false positive.
If you are still concerned, go ask Dege about it here, http://www.vogons.org/viewtopic.php?f=9&t=34931

Before I made a forum post, I had sent email his way, but haven't gotten a reply. I already had a once over of that thread you linked to, checking for the word "virus" and the only thing that came up was for a game title that some one had tried running it with (virus 2000 or something similar). I don't have a Vogons account and I'd probably be barraged with ZellSF type replies if I did, ya'd think that asking an honest question was a crime.

I figured the Symantec one was a false positive, but the others make me wonder what might be going on.

Then why not look into it like I suggested? You have the same tools we do, you have the same tools Dege does to look into it.

Google quickly gave me some results on what those definition names meant, or at least what they were linked to. I'll give you a hint: they're all guesses. Also 8/57 AV software saying something is a virus does not exactly fill me with confidence that it is. Especially not when the list you consult includes shit like Norton.

Edit: Dege has written his thoughts on the matter

Thank you for the update. I'm glad he made a statement today.

I already did do some research, but I'm not a security expert so it's hit and miss to me as to what means what, hence asking questions.

The list was is fairly comprehensive, so Norton and TrendMicro were in there as a matter of course. It also included AVG, Ad-Aware, Avast, ClamAV, Comodo, DrWeb, F-Secure, Kaspersky, McAfee, Microsoft, Panda (none of which found anything), as well as a few AV clients that I haven't heard of, that did (Ikarus, Sophos, Tencent, and VBA32). Virus Bulletin lists Ikarus and Tencent as fairly reputable AV clients, so I'm not sure concern is unwarranted.

You aren't asking questions about how to interpret virus scans though. You're specifically implying one piece of software has a virus, it's a false positive and people might believe you. This is not a good idea. You could've posted the results in general discussion without naming the software, get people to help you interpret results and THEN raise panic if needed.

I mean, the person who brought this up to you said it had "WS.Reputation.1" and you took this to mean something. Let's Google "WS.Reputation.1": If you're having trouble reading the awful Norton PR speak: they're basically saying they have never heard of the file, so it must be dangerous.

Oh, and there are no security experts here. Dege isn't one either (assumption). If you wanted a second opinion from security experts, submit it to your AV company.

ZellSF, I already read that WS.Reputation.1 report that Norton published, I am asking WHY would it pop up with the alleged "false positives" about the Trojan/Malware stuff. I wasn't necessarily implying that dgVoodoo2 had a virus, I was only pointing out what happens when you run a virus scan using multiple agents and it raised a concern. If you recall, I did ask "if dege has addressed these on the Vogon forums or elsewhere?". Thank you for forwarding the question to dege on the Vogons forum, to gnerate a reply, on my behalf.

I am willing to accept dege's statement: "What I can say is that dgVoodoo and my other stuffs often get false positive detections from various antivirus softwares but they are 100% safe. They don't contain any backdoor or dangerous code at all, it doesn't matter what your AV says.". I will ammend my original post with the quote.

I have previously pointed people at dgVoodoo2, to resolve some of their older DirectX game issues here and elsewhere, it's a great tool, but that was when I took it at face value and assumed it was safe, I wanted assurances that it is. If some one is having an issue and I am able to direct them to a solution, I want to be sure it is a good one.

Please let me clarify where my concern arose.

If it was just Symantec reporting WS.Reputation.1, or TrendMicro reporting Suspicious_GEN.F47V0401WS.Reputation.1, I wouldn't have had issues with it because the tags pretty much say "Hey, these kind of look suspicious, you might want to be careful". I get that when you scan the Glide and DirectX substitute DLL files, it would generate some questions because the hash they generate will not match any of the published Microsoft of 3dfx hashes and thus be...suspicious. I get the idea of a false positive and would expect it for something like that. Again: "I understand that the provided DDraw.dll and D3Dlmm.dll files are wrappers and function as translators for the modern DirectX counterparts, so a flag of "WS.Reputation.1" that Symantec returned makes sense...

But why the Trojan/Malware stuff? Is it because dgVoodooSetup.exe has code it in to change the included DLLs? I'm guessing that it would have to do that to remove the watermark from the rendered screen? Believe me all I have to go on at this point is speculation.

For a full list of the results, many of which I already ignored, things like "generic" or "suspicious" : If you want to rag on me about not checking into the full definitions of the offending flags, why not check into one I actually had a problem with? Trojan.Win32.Qudamah.Gen.8 (detected by Tencent), Trojan-Dropper (Ikarus), HEUR/QVM18.1.Malware.Gen (Qihoo-360), Mal/EncPk-OJ (Sophos), Malware-Cryptor.Limpopo (VBA32). Mal/EncPk-OJ looks particularly agregious, but for the most part I could only find information about it from dubious remove spyware vendors. That might be "proving" your point, but I'm not sure it does. Again Ikarus, Qihoo and Sophos scored fairly high on the Virus Bulletin rankings. The question is does Virus Bulletin take in account false-positive numbers as part of their ranking.

I will leave it at that, again I will take Dege at his word and update the original post.

Edit: had the wrong "quote" mark-up

You know of course that if you want to disregard generic names (as you should, because they are just guesses) then you definitely should disregard "trojan-dropper".

They don't have one definition for all trojan-droppers. They're basically saying that's what they think it is. They have no specific information to go on or they would make a fancier name for it and raise their prices.

HEUR/QVM18.1.Malware.Gen ... HEUR = heuristics = guess. Gen = Generic. It's a generic guess. They think it might be malware (aka mostly harmless). They remembered to add some random letters and numbers so it looks like they know what they're doing.

That should leave, what, 3 results out of 50? Let me ask you this: we have 40 companies saying this is NOT a virus, we have 7 companies saying they have no idea and we have 3 companies saying they have a definition for it in their secret non-public database. Why believe those 3 over the 40 saying they're wrong?

Mal/EncPk just sounds like malware encrypted package btw... I'm sure they're deliberately making up stupid names because they don't want their users to educate themselves.

Now AV makers do make... sort of educated guesses. If over half thought there was a virus there would be cause for worry. If 10 of them had very solid definitions, there would be cause for worry. You also need to weigh in the trustworthiness of the source when trying to evaluate how safe it is to run something.

So far, from my experience, I haven't come across any false alarms when it comes to the program. What it is is that common people are too afraid to do research about what's a virus and what's not a virus and will flag anything as a virus. That's why I switched to Avast.

Hi there, it's October - 2019, and apparently this problem still exist. I installed Blood Omen 2: Legacy of Kain. Of course the game is not working properly. I found a YouTube video showing the dgVoodoo as a solution to the screen freeze issue. I went to the website and tried downloading, both Windows Defender (Windows 10) and McAfee Live Safe are preventing the download going forward warning that there is a Trojan inside the file download.

Is there a solution to this problem, i.e.is the threat real? or still a false positive?
thanks

Still very much a false positive.

For anyone who may still have concerns about this being a real virus, let me share a story of what I've just done with the latest version of dgvoodoo (2.62.3):

- I downloaded the file from dege.freeweb.hu
- Norton AV went nuts and started quarantining the DL
- I restored the file and unzipped it
- Norton went NUTS flagging basically every file as it came out of the archive
- Moved the archive to my NAS and unzipped it there (no problems)
- I set about manually scanning EACH FILE with Norton after they were unzipped
- EACH FILE came back "no threats found" (Even the DLLs)

So in summary: the EXACT SAME AV PROGRAM that had a problem with the zip file, found NO PROBLEMS when I scanned each file within individually.

Of course it's still good practice to do your own research on a given file if your AV of choice starts throwing up flags, but if everyone online is saying they've used it and it's clean... it's probably clean.

Also, I need to dump this Norton shit and find a reliable AV.

The built-in windows (10) antivirus thingie keeps quarantining the exe. I keep going in there to allow it/ignore it/restore it/all that shit and some time later once again it's magically been quarantined as I notice the game I've set up with it won't run properly or when I do a registry cleanout that exe's path will be among the obsolete items. It's really annoying, MS need to get its shit together...

Edit: ok, I just did the exceptions thing on the exe, I hadn't delved into the settings before, lol, hopefully that fixes it forever.

Even Firefox and Chrome are now blocking the site and flagging files

Anyway dgvoodoo works great

Edit: Went back to site with Firefox and now no warnings or blocking