PDA

View Full Version : Virus warning / Backdoor Trojaner in Beta 36b ?



Pages : [1] 2 3

KBS444
10-11-2009, 11:46 AM
Yesterday I installed the latest beta of HM and all was fine.
Today I started HM and my VirusScanner(F-Secure) says:
Backdoor.Win32 Poison.aujn in HMImport.exe + HMHud.exe
what is it falsepositive alarm or real?

Kingfish
10-11-2009, 12:05 PM
same problem

Huppat
10-11-2009, 12:22 PM
Backdoor.Win32.Poison.aufu in HMImport.exe
and
Backdoor.Win32.Poison.aufv in HMHud.exe

in C:\users\NAME\appdata\local\xenocode.......

:mad::mad::mad::mad::mad::mad::mad:

Rvg72
10-11-2009, 12:26 PM
Guys,99% sure it is a false positive but we are taking down the release until we get this resolved.

Roy

Sam
10-11-2009, 12:31 PM
I have 1.09 beta 34 and got message from Norton that many Backdoor Trojans has removed from my computer. Here are some of the files:

C:\users\username\appdata\xenode\appliancecaches\h oldemmanager.exe_v15840c91\native\stubexe\@system@ \conime.exe

C:\users\username\appdata\xenode\appliancecaches\h oldemmanager.exe_v45bcf5af\native\stubexe\@system@ \conime.exe

C:\users\username\appdata\xenode\appliancecaches\h oldemmanager.exe_v45bcf5af\native\stubexe\@system@ \msiexec.exe

Is this normal?

Huppat
10-11-2009, 12:39 PM
seems to be theres a new trojan going around.

im doing a scan right now, hoping i can get rid of it.

Rvg72
10-11-2009, 12:58 PM
I have 1.09 beta 34 and got message from Norton that many Backdoor Trojans has removed from my computer. Here are some of the files:

C:\users\username\appdata\xenode\appliancecaches\h oldemmanager.exe_v15840c91\native\stubexe\@system@ \conime.exe

C:\users\username\appdata\xenode\appliancecaches\h oldemmanager.exe_v45bcf5af\native\stubexe\@system@ \conime.exe

C:\users\username\appdata\xenode\appliancecaches\h oldemmanager.exe_v45bcf5af\native\stubexe\@system@ \msiexec.exe

Is this normal?

Everything in the C:\users\username\appdata\xenode\appliancecaches folder are virtualized versions of Holdem manager. We use the xenocode software to virtualize and protect the code and these are basically temporary folders that are left behind.

I believe what is happening is that when xenocode virtualizes those conime.exe and msiexec.exe programs (which are windows programs) in order for it to be usable by HM they move copies of them to those folders. The AV software looks at these windows files and sees them running in non windows\system folders and generates the alert.

You can actually reboot and delete all the folders under C:\users\username\appdata\xenode\appliancecaches and then relaunch HM. It will create one new folder (which could be picked up by the anti virus software as a false positive) but those other ones likely aren't even active

Roy

Sam
10-11-2009, 01:03 PM
Ok, thanks.

Huppat
10-11-2009, 01:08 PM
Backdoor.Win32.Poison.aufu in HMImport.exe
and
Backdoor.Win32.Poison.aufv in HMHud.exe

in C:\users\NAME\appdata\local\xenocode.......


hmm. these files are systemfiles too?????? ^^
i think u at RVG should scan your systems

---------------------------------------------------
nice, i cant start HM anymore because when i start it, it makes a file in the xenocode folder with the trojan in HMImport.exe
which i surely delete

Rvg72
10-11-2009, 01:19 PM
hmm. these files are systemfiles too?????? ^^
i think u at RVG should scan your systems

We don't deploy those system files - they are being grabbed by Xenocode at runtime from your own windows folders and being moved to the virtualization folder. That process is I think what is flagging the issue with the latest virus update for your AV program most likely because a real recently discovered trojan might do the same type of thing.

Roy

Huppat
10-11-2009, 01:26 PM
read articles about xenocode

xenocode S*cks

xwon
10-11-2009, 01:44 PM
I have the exact same problem with Kaspersky Antivirus since today. Worked fine yesterday.
So i've gone back to HM 1.08.04. And i just bought TableScanner yesterday.:(

remete13
10-11-2009, 01:49 PM
Yesterday I installed the latest beta of HM and all was fine.
Today I started HM and my VirusScanner(F-Secure) says:
Backdoor.Win32 Poison.aujn in HMImport.exe + HMHud.exe
what is it falsepositive alarm or real?


Same with Windows 7/ Kaspersky antivirus. Can't use the HeM anymore. :(

Rvg72
10-11-2009, 02:55 PM
Please try this

1) go into your C:\users\username\appdata\xenode\appliancecaches folder (nor username will be your windows user name) and delete all the sub folders there. These are old cached versions of Holdem Manager and are not needed.

2) download new version from http://www.holdemmanager.com/downloads/HmBetaUpdate.exe

I updated the internal version number and recompiled and it seems like doing those two things fixes the problem on one person who I was working with on teamviewer. Still trying to figure out what is triggering it but we didn't increment the internal version number of holdem manager on the last build so maybe the anti virus programs saw a new exe with a previously used version number combined with the fact that we use some virtualization techniques etc

Roy

remete13
10-11-2009, 03:29 PM
It is working, thanks

Veteran68
10-12-2009, 07:44 PM
FWIW, I've had no issues with 36b on Windows 7 Ultimate RTM 64-bit running Norton Internet Security 2010. After every update it prompts me once to allow holdemmanager.exe to go online for the activation check, but otherwise I've heard not a peep from Norton and 36b has been running fine since the day it was released.

fozzy71
10-12-2009, 08:10 PM
beta 37 is available from my signature.

A-LX
10-12-2009, 08:14 PM
I still get a trojan warning whenever I press the auto import button, is it save to just ignore it? I tried installing older versions but that didnt work out and I deleted the cache files as was suggested in a previous post


edt: I tried ignoring it but it still wont work after that it says the HUD isnt working

Arpeggios
10-12-2009, 09:23 PM
Please try this

1) go into your C:\users\username\appdata\xenode\appliancecaches folder (nor username will be your windows user name) and delete all the sub folders there. These are old cached versions of Holdem Manager and are not needed.


Roy

This file does not exist for me, and my HEM is also not working, since installing the beta patch to play on Stars. :(
Same virus warning, and Kapersky closes it.

Arpeggios
10-12-2009, 09:26 PM
Update alone seems to have it working now???

Arpeggios
10-12-2009, 11:00 PM
Ok, so after installing new update, HEM will load, but now says HUD won't work! What's going on? Help please!

Oh, and it's the virus warning again.

Like I said, THIS file does not exist for me:

Quote: 1) go into your C:\users\username\appdata\xenode\appliancecaches folder (nor username will be your windows user name) and delete all the sub folders there. These are old cached versions of Holdem Manager and are not needed.

No "Appdata" file. Though I installed HEM on my E drive. Anything I can do here?

Found the "appdata" file after running a search. No idea why not listed. Anyway, cleared the file.

Arpeggios
10-12-2009, 11:06 PM
Still no good.

Says when opening HEM:

Error launching the hud: %1 is not a valid win32 application

Great.

Relaunch HUD = HUD is not available

Arpeggios
10-13-2009, 12:06 AM
Can I rollback my install somehow? I no longer need to play on Stars.

creepfish
10-13-2009, 12:13 AM
No use to delete these files.Hud import doesn't work yet.

netsrak
10-13-2009, 03:17 AM
Please try to disable or delete your virus scanner (at least for the Holdemmanager installation path)

Respawn
10-13-2009, 06:03 AM
Same problem since a couple minutes ago. Didn't have it before.
My anti virus (Antivir) just updated right before I started HEM though.
I was using beta 35 then FWIW. Deleted xenocode subfolders and installed new beta. Still trojan alert "Backdoor Poison".

creepfish
10-13-2009, 06:23 AM
close your virus scan before run HEM,run virus scan when HEM start complete

xwon
10-13-2009, 07:30 AM
I have the same problem with Kaspersky.

My solution is to make an exception for the directory C:\Users\**Me**\AppData\Local\Xenocode\ApplianceCa ches so that it wil be not scanned for viruses.

Don't really like that. I hope they will find a solution for the problem.

luckylucky
10-13-2009, 10:31 AM
I'm getting same problem with avira anti-virus. i'm just clicking ignore at the moment.

zoomoo
10-13-2009, 10:31 AM
Avira antivir finding BDS/poison trojan with my computer also with the latest beta installed.. tried to delete C:\Documents and Settings\Username\Local Settings\Application Data the xenocode caches but I'm still getting the error from the new instances of HmHud.exe in that folder when I try to start auto import. Also, the error just appeared today even though I have been using the same software all along. Maybe the virusscan just picked it up today or smthing

OiDaimon
10-13-2009, 11:25 AM
Avira antivir finding BDS/poison trojan with my computer also with the latest beta installed.. tried to delete C:\Documents and Settings\Username\Local Settings\Application Data the xenocode caches but I'm still getting the error from the new instances of HmHud.exe in that folder when I try to start auto import. Also, the error just appeared today even though I have been using the same software all along. Maybe the virusscan just picked it up today or smthing

same here. using beta 36b and did not experience any problems til todays update of antivir. if i start autoimport now, hud.exe causes trouble...

Huppat
10-13-2009, 04:52 PM
NEVER EVER make an exception to a trojan, doesnt matter WHO says u should do so

lihan
10-13-2009, 06:05 PM
i'm using the latest version and still getting a virus warning. First I deleted the Xenocode directory. Then I reran the program and tried to open the HUD. The virus scanner then tells me that this file

c:\Documents and Settings\My Username\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v0 B2DCC9C\Native\STUBEXE\@APPDIR@\HMHud.exe

has a virus.

Here's an online scan of the file
http://www.virustotal.com/analisis/b6c1ea832e7a0a9042b720a43038ae9c60b0a0cffb4f96e43d 74bbb8f8e7a825-1255459467

a.rairan
10-13-2009, 06:07 PM
Hi,

When i start the auto import and open the table manager my antivirus "avira" appear this virus:

BDS/Poison.aumz like a back door program...

I already upgrade to beta 37 and this virus warning persist.

What i have to do?

Regards

BNTRL
10-13-2009, 06:07 PM
Please try this

1) go into your C:\users\username\appdata\xenode\appliancecaches folder (nor username will be your windows user name) and delete all the sub folders there. These are old cached versions of Holdem Manager and are not needed.



I am not able to delete those file and I can still not open HM after the update to 1.37. how can I delete those files?

hos07
10-13-2009, 06:39 PM
+1 same here

Avira AntiVir:

Definitions: V7.01.06.106, 13.10.2009
Searchengine: V8.02.01.35, 07.10.2009

demonseed
10-13-2009, 06:58 PM
No matter what I do I still get those errors (deleting the subfolders, etc.)... that is pretty annoying.

ibombonato
10-13-2009, 07:01 PM
+1

Same here w windows 7 + Kaspersky 2010

Even if i delete the xenocode folder, when i open HM he creates a new one and the antivirus blocks the program to run :-\

Very annoing problemn....


Is there a way to rollback ?

BNTRL
10-13-2009, 07:03 PM
I can not even open HM right now. Would be very nice if we could have some kind of feedback pretty soon.

Mike chops
10-13-2009, 07:28 PM
i'm using the latest version and still getting a virus warning. First I deleted the Xenocode directory. Then I reran the program and tried to open the HUD. The virus scanner then tells me that this file

c:\Documents and Settings\My Username\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v0 B2DCC9C\Native\STUBEXE\@APPDIR@\HMHud.exe

has a virus.

Here's an online scan of the file
http://www.virustotal.com/analisis/b6c1ea832e7a0a9042b720a43038ae9c60b0a0cffb4f96e43d 74bbb8f8e7a825-1255459467

I don't understand why the hmhud.exe file size is only 17k. The size on my machine is 1,200k. Can you reinstall holdem manager?

Huppat
10-13-2009, 07:41 PM
+1

Same here w windows 7 + Kaspersky 2010

Even if i delete the xenocode folder, when i open HM he creates a new one and the antivirus blocks the program to run :-\

Very annoing problemn....


Is there a way to rollback ?


i was going back to beta34 and all is fine now ;)
but the real problem is at RVG that intrudes the trojan in their beta36+ with the s*cking xenocode sandboxes

lihan
10-13-2009, 07:54 PM
I don't understand why the hmhud.exe file size is only 17k. The size on my machine is 1,200k. Can you reinstall holdem manager?

the HMHud.exe in the \Program Files\RVG Software\Holdem Manager directory is not the same one I mentioned.

Lunatic973
10-13-2009, 07:59 PM
Well guys this is the one of the reasons I don't update right away. I'm still using beta 35, and now that I saw these posts, I'm glad I didn't update.

It doesn't end there, I'm not just here to brag. Just a few minutes ago I got the same thing as you guys, just after my avira updated. That pop-up/advertisement from avira came up, as soon as I closed a warning popped up.

So it's obvious it's not just 36 that's the problem, is the solution to go back to 34?

BNTRL
10-13-2009, 08:02 PM
how can I go back to beta 34?

BNTRL
10-13-2009, 08:39 PM
also working for me going back at beta34.

Lunatic973
10-13-2009, 09:05 PM
Can you share your steps for going back to 34? Did you just redownload and install beta 34 file?

Huppat
10-13-2009, 09:13 PM
Can you share your steps for going back to 34? Did you just redownload and install beta 34 file?

simply, yes

Lunatic973
10-13-2009, 09:16 PM
Just went back to 34, and the same trojan warning popped up again.

Huppat
10-13-2009, 09:24 PM
you have to delete the c:\.....xenocode.... folder

last betas will be found here: http://www.holdemmanager.net/forum/showthread.php?t=11865

Lunatic973
10-13-2009, 09:24 PM
Gotcha that's what I didn't do then.

Lunatic973
10-13-2009, 09:25 PM
Please try this

1) go into your C:\users\username\appdata\xenode\appliancecaches folder (nor username will be your windows user name) and delete all the sub folders there. These are old cached versions of Holdem Manager and are not needed.

2) download new version from http://www.holdemmanager.com/downloads/HmBetaUpdate.exe

I updated the internal version number and recompiled and it seems like doing those two things fixes the problem on one person who I was working with on teamviewer. Still trying to figure out what is triggering it but we didn't increment the internal version number of holdem manager on the last build so maybe the anti virus programs saw a new exe with a previously used version number combined with the fact that we use some virtualization techniques etc

Roy

You mean these steps here?

Lunatic973
10-13-2009, 09:58 PM
Deleted the file, went back to 34, and still same problem.

Even went back to 32 and still getting the same alarm.

Do I need to completely reinstall HEM? Because just using the old beta patches, it's not working.

ibombonato
10-13-2009, 11:07 PM
I just run the HMBeta.exe from 34b that i had here and it works again :D

mupoker
10-13-2009, 11:46 PM
i just got the virus warning in 35b

Rvg72
10-13-2009, 11:55 PM
Here is an update on a bunch of comments

1) it is not happening only on beta 37 or 36 or 34 etc - it is caused by an update that some AV software companies have released. Reverting to an old version may work for a while but it will probably come up again

2) the files in that Xenocode folder are not the real files - they are all 17KB and this has always been the case. These files contain virtualization information that allows HM to run the way it does.

3) We are trying to determine why it is happening and stop it. Previously HoldemManager.exe and HmImport.exe were causing the same alerts for these AV programs and we simply updated the revision number and recompiled and they were ok after that at least for the people that provided feedback. We are going to recompile the hud with a new version and get that released and see if it helps

What I expect happened is that a real trojan / virus has been released on the internet and it does some things in a certain way so these AV programs try to create generic rules so that if other programs use some of the same techniques or meet some other criteria then it will flag it as a virus. We do a lot of things that might look suspicious from the point of view of an AV program. Things like hooking into processes, opening ports to communicate with postgresql, using a program like xenocode to virtualize and obfuscate the code, the licensing software which checks into the server every 15 days etc.

Hopefully we can make some good progress tomorrow for the people with this issue

Thanks,
Roy

Zografa
10-14-2009, 03:10 AM
Virus or unwanted program 'BDS/Poison.aumz [backdoor]'
detected in file 'C:\Documents and Settings\XXX\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v0 B2DCC9C\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe.


I use the latest beta(38). Is it safe to just ignore the warning and let the thing run? My antivirus is Avira.

rec1
10-14-2009, 04:37 AM
Virus or unwanted program 'BDS/Poison.aumz [backdoor]'
detected in file 'C:\Documents and Settings\XXX\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v0 B2DCC9C\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe.


I use the latest beta(38). Is it safe to just ignore the warning and let the thing run? My antivirus is Avira.

Same 2 me, Can we really ignore the warning by antivir? I need my stats^^^

HELP!!!

iDonk
10-14-2009, 05:58 AM
Please try this

1) go into your C:\users\username\appdata\xenode\appliancecaches folder (nor username will be your windows user name) and delete all the sub folders there. These are old cached versions of Holdem Manager and are not needed.

2) download new version from http://www.holdemmanager.com/downloads/HmBetaUpdate.exe
Roy

Do you mean C:\users\username\appdata\local\xenocode\appliance caches?

netsrak
10-14-2009, 06:03 AM
Please try Beta 38 from the link in my signature.

veos
10-14-2009, 06:07 AM
Please try Beta 38 from the link in my signature.

Still doesn't work. Gives a warning with latest Avir Antivirus..

netsrak
10-14-2009, 06:08 AM
Thanks, i already informed Roy....

a.rairan
10-14-2009, 07:18 AM
I reinstal de HM and beta 38 and virus alert persist...

ide
10-14-2009, 10:34 AM
was offtopic

Rvg72
10-14-2009, 10:42 AM
Guys, sorry about the issue - we are working on it. To confirm that HmHud.exe is not a virus and this is a false positive you can try running hmhud.exe manually from the holdem manager folder. You will see that no virus warnings appear - these programs just do not like something that is happening in the virtualization folder.

Roy

fasteddie_21
10-14-2009, 12:12 PM
I'll throw my hat into the ring too...I'm repeatedly getting the same warnings.

You have to admit, for those of us who make our living playing poker, this is quite disconcerting. Put yourself in our shoes...we trust you with our lively hood (in a sense) and while I do think these are false positives, this still makes your customers very, VERY nervous....

waedi
10-14-2009, 12:12 PM
my friend is running HM 1.09 beta 9 and he has an up to date antivir running and does not get any warnings. maybe that helps

Rvg72
10-14-2009, 12:14 PM
I'll throw my hat into the ring too...I'm repeatedly getting the same warnings.

You have to admit, for those of us who make our living playing poker, this is quite disconcerting. Put yourself in our shoes...we trust you with our lively hood (in a sense) and while I do think these are false positives, this still makes your customers very, VERY nervous....

Hi, I completely agree with this. We are working on solving this to make sure everyone has peace of mind and even if it means eliminating xenocode and purchasing a new code obfuscation piece we will do that.

Roy

Tibchy
10-14-2009, 02:15 PM
Ok I downloaded the latest beta as you suggested
http://www.holdemmanager.com/downloads/HmBetaUpdate.exe
But get this error message when I click on start auto import button:
"Error launching the hud: The system cannot find the file specified"
When I download http://www.holdemmanager.com/downloads/HmUpdate.exe then after auto import button clicked the HM start working, but only at Bodogpoker where I use handgrabber. On other sites there is no hud and HM is absolutely does not work.

ibombonato
10-14-2009, 03:33 PM
Problemns here w 38b...

w beta 37, i got the message when i start HM...

Now, in 38b, it only apears when i start the AutoImport and HM open the HMHUD.exe


I back it up to 34b and it works...

fozzy71
10-14-2009, 03:38 PM
Ok I downloaded the latest beta as you suggested
http://www.holdemmanager.com/downloads/HmBetaUpdate.exe
But get this error message when I click on start auto import button:
"Error launching the hud: The system cannot find the file specified"
When I download http://www.holdemmanager.com/downloads/HmUpdate.exe then after auto import button clicked the HM start working, but only at Bodogpoker where I use handgrabber. On other sites there is no hud and HM is absolutely does not work.

You were posting in a different thread earlier. it is hard to keep track when half the conversation is in 2 different threads, instead of a single thread devoted to your problem.

Please email me at fozzy@holdemmanager.net with a link to this thread, and your forum name, so we can schedule a Teamviewer session. Download and install the www.Teamviewer.com Quick Support version. Please let me know what time zone you are in and what time/days are convenient for you.


Problemns here w 38b...

w beta 37, i got the message when i start HM...

Now, in 38b, it only apears when i start the AutoImport and HM open the HMHUD.exe


I back it up to 34b and it works...

klausschreiber
10-14-2009, 03:48 PM
Hi, I completely agree with this. We are working on solving this to make sure everyone has peace of mind and even if it means eliminating xenocode and purchasing a new code obfuscation piece we will do that.

RoyWhy you don't inform the developers of Antivir, ... about the false positive? Maybe they can fix their programs.

Stingray
10-14-2009, 03:53 PM
Good - I thought it was just me!!!!!!!!

Gomez224
10-14-2009, 04:24 PM
Hello

This trojan was detected on my computer (I have F-Secure) after upgrading holdem manager to version 1.9 beta 37. WTF ???

Wyniki: Liczba znalezionych złośliwych programów: 1
Backdoor.Win32.Poison.auvk (wirus)

* C:\Users\Wojtek\AppData\Local\Xenocode\ApplianceCa ches\HoldemManager.exe_v0B2DCC9C\TheApp\STUBEXE\@P ROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe Czynność: poddane kwarantannie

IdWalk500Miles
10-14-2009, 04:25 PM
Hi,

Ive been playing this afternoon and I got no alert, but I had some problems with the connection to the Ipoker server and I left playing and switched off the computer. Now I wanted to play again but when I started HM, Avast antivirus gave me this alert:

Name of the file: C:\Documents and Settings\User\Configuración local\Datos de programa\Xenocode\ApplianceCaches\HoldemManager.ex e_v12EFC15E\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe

Name of malware: Win32:Malware-gen

Virus/Worm


What should I do? Anyone else having the same problem?

Thanks for your help!

KJM
10-14-2009, 04:30 PM
I have same problem with latest beta, is there any link on the site to download the previous file without the virus warning?

Thanks

liquid_quik
10-14-2009, 04:31 PM
i got this exact same alert when i tried to open HEM 10 minutes ago... and is what i came on here to ask about

Niani
10-14-2009, 04:32 PM
Same alert with avast

sennin
10-14-2009, 04:34 PM
got the same msg with AVG.

LuckyDevil
10-14-2009, 04:54 PM
My Avast had no problems with 36b. I updated to 38 and now i get warnings. I assume they are probably false positives, but Avast keep closing HM whenever i try to open it. Other then turning off Avast, is there a way i can keep HM open?

zombien
10-14-2009, 04:58 PM
Hello,

Tried to open my HEM today, I got it open then avast! popped up saying there was a virus in HEM:

C:\Users\Eirik\Appdata\Local\Xenocode\ApplianceCac hes\HoldemManager.exe_v41BF0FF4\TheApp\STUBEXE\@PR OGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe

It says it contains a Win32:Malware-gen

When I select to not take any action it closes my HEM. Happens every time.

Using the latest beta.

Please help :)

Regards, Eirik

Niani
10-14-2009, 04:59 PM
HM doesnt even start anymore

RunBad4Life
10-14-2009, 05:04 PM
Same with AVG wtf??????????

Kesky
10-14-2009, 05:04 PM
I have the exact same problem.

Britchenko
10-14-2009, 05:17 PM
I was using beta 27, today launched HM and got the trojan warning, thing is that it asked me for a new registration, and i can't complete the process and for that reasos can't even launch HM.

Tried also the updated, delete folders process and everything remains exactly the same.

zecavis
10-14-2009, 05:19 PM
Iīm having that avast alert too.

tappiinasti
10-14-2009, 05:20 PM
Everything in the C:\users\username\appdata\xenode\appliancecaches folder are virtualized versions of Holdem manager. We use the xenocode software to virtualize and protect the code and these are basically temporary folders that are left behind.

I believe what is happening is that when xenocode virtualizes those conime.exe and msiexec.exe programs (which are windows programs) in order for it to be usable by HM they move copies of them to those folders. The AV software looks at these windows files and sees them running in non windows\system folders and generates the alert.

You can actually reboot and delete all the folders under C:\users\username\appdata\xenode\appliancecaches and then relaunch HM. It will create one new folder (which could be picked up by the anti virus software as a false positive) but those other ones likely aren't even active

Roy

I'm bad at this type of maintenance, do I have to reboot to delete the files? I can't seem to access them, how do you do that?

sennin
10-14-2009, 05:22 PM
theres a pinned topic at the top. seems to just be a false positive.

sostegno
10-14-2009, 05:25 PM
vers. beta38: AntiVir reports virus too using the replayer or HUD

RunBad4Life
10-14-2009, 05:25 PM
I can't get ANYTHING to start up, not even the HUD by tself. I deleted all xenode crap, installed new beta, rebooted pc, nothing even starts up. Am now losing $30 an hour in my job!!

pMac
10-14-2009, 05:26 PM
Same here. Although, I was using an older beta version with no issues. I actually downloaded the latest update but had not installed it when I got the virus warning the first time. My HEM was actually already running and I must have had an Avast update while playing maybe? I installed the update and restarted HEM and got the same warning upon opening.

Any help is much appreciated. Thanks in advance!

-p

sleepathon
10-14-2009, 05:35 PM
uments and Settings\sleepy\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 8C3BDD2\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe

me too
whats up?

IdWalk500Miles
10-14-2009, 05:37 PM
You are right, I didnt see the sticky thread. Mods, please delete this thread as we can continue in the other one. Sorry!

budzior
10-14-2009, 05:40 PM
Hello!

I have the same problem, please help me, i have to eat something!

Dave1212
10-14-2009, 05:41 PM
My Avast had no problems with 36b. I updated to 38 and now i get warnings. I assume they are probably false positives, but Avast keep closing HM whenever i try to open it. Other then turning off Avast, is there a way i can keep HM open?

I don't think it is the update to HEM I think it is an Avast update. I was using HEM fine 2 hours ago and just tried to start up 15 mins ago and had the problem, so I assume that Avast has updated and caused the problem.

Also looking for a workaround - got a bonus to chase!

Smartkid
10-14-2009, 05:44 PM
Could someone pls tell me how to delete the xenocode folder? It seems i can't have access to it since i can't see it. I am running windows xp home.

rcomo
10-14-2009, 05:51 PM
I downloaded beta 38 and when I try to run Auto Import with my anti virus turned off I still get,

Can not open HUD: access is denied.

Lunatic973
10-14-2009, 05:52 PM
Guys deleting the folder did nothing for me, or a lot of others on here. The only solution is to just ignore if you want to play that badly. I just tried running leak buster, and it's bringing up another warning.

zecavis
10-14-2009, 05:56 PM
Sorry, iīm portuguese and my english is very weak. Iīm having this problem too. We can delete the files "infected"? I can find them... They are in RVG folder?
Thanks and sorry if i wasnīt clear.

dagrim1
10-14-2009, 06:01 PM
Deleting the files is of no use (atleast with avast), HM just recreates them and avast will complain again. Cleaning, moving, ignoring, it all results in HM crashing or shutting down.

A workaround might be opening the Avast console and pause the 'standard shield'. Now start HM and once it's up and running (including tablescanner/import thingies) start/resume the standard shield again. Can't really test it but atleast HM starts and runs, but I don't know if it will check again at a later time. Already reported it to avast as a false positive btw.

SoNe88
10-14-2009, 06:01 PM
I have problem with antivirus when I start autoimport. Antivirus Avira detects virus in HMHud.exe , this file is in:
C:\Users\xxx\AppData\Local\Xenocode\ApplianceCache s\HoldemManager.exe_v4...\Native\STUBEXE\@PROGRAMF ILES@\RVG Software\Holdem Manager,

Iīve had this problem for 3 last days. Just when I unistalled PartyPoker(new version) because HUD didnt appears in tables No DP(actually, HUD dont appears in any table in Party).

LuckyDevil
10-14-2009, 06:02 PM
Deleting the files is of no use (atleast with avast), HM just recreates them and avast will complain again. Cleaning, moving, ignoring, it all results in HM crashing or shutting down.

+1

cantona
10-14-2009, 06:15 PM
I had the same thing.

I had no poker client open a the time.

I have never downloaded partypoker so I don't think it is that.

Avast tried to move it to chest 3 times and then it closed HEM down.

I last used it, (HEM), a week ago.

zecavis
10-14-2009, 06:22 PM
I open avast console, i paused like you said, but when i open HM the alert comes again. This is the right way or iīm doing anything wrong?

dagrim1
10-14-2009, 06:31 PM
I open avast console, i paused like you said, but when i open HM the alert comes again. This is the right way or iīm doing anything wrong?

Hmmm, do you pause the 'standard shield' part? I DID delete those files mentioned above btw, perhaps that did help partly...

Dubya32
10-14-2009, 06:45 PM
Hi Guys,

Its been working for me for a few days, today however I got the virus alert (use Avast). I followed your instruction re: deleting files and installing the latest beta38. However, it's still not working. Any other suggestions or timeframe of when you guys will develop a solution?

Much appreciated,
Dubya

cristina
10-14-2009, 06:54 PM
When I open HM apears this

http://img26.imageshack.us/img26/6358/hmvirus.png

MyNameWuzBoB
10-14-2009, 06:58 PM
Before seeing this thread I uninstalled and reinstalled holdem manager beta 38 but now it won't even launch past the splash screen due to a unhandled exception error stating the parameter is incorrect. Any help?

bananeffm
10-14-2009, 06:58 PM
When is this going to be fixed?
I had b35 running and today antivir showed me this message the first time.
I tried to update to the lates beta (39?) and it changed nothing.
After reading this thread i tried the way "deactivate av, start import, activate av again". This one worked for me.

But that is hopefully not the solution for the future...

...and last question:
I think Antivir detected the backdoor after the last update today.
Doesn't that mean, that the trojan was there before like i don't know the last few weeks? Do i need to be concerned about this?

Thanks

zecavis
10-14-2009, 06:58 PM
Dagrim, itīs working... tomorrow i donīt know...
Thanks a lot.

4entourage
10-14-2009, 07:01 PM
Is this the best thread to keep an eye on?

Mine was workign fine earlier today. All of a sudden internet keeps getting real spotty. I restart the PC and restart my router. Once internet is back I log back into FTP and STARS and load up hem -- sees the "virus" and auto closes HEM the second it loads up.

I did the "delete xenocode files" and tried different betas. Obviously its not fixed yet - just wanna know if this is the best thread to keep an eye on for once they have the solution.

MajorHassle
10-14-2009, 07:03 PM
yeah ive just had the same thing but am not using partypoker

zecavis
10-14-2009, 07:05 PM
I didnīt delete any files, i didnīt install other HM versions, i simply do what Dagrim said about avast console. Itīs working normal.

HPR1978
10-14-2009, 07:13 PM
When is this going to be fixed?
I had b35 running and today antivir showed me this message the first time.
I tried to update to the lates beta (39?) and it changed nothing.
After reading this thread i tried the way "deactivate av, start import, activate av again". This one worked for me.

But that is hopefully not the solution for the future...

...and last question:
I think Antivir detected the backdoor after the last update today.
Doesn't that mean, that the trojan was there before like i don't know the last few weeks? Do i need to be concerned about this?

Thanks

This last question is my concern too.

Rvg72
10-14-2009, 07:15 PM
When is this going to be fixed?
I had b35 running and today antivir showed me this message the first time.
I tried to update to the lates beta (39?) and it changed nothing.
After reading this thread i tried the way "deactivate av, start import, activate av again". This one worked for me.

But that is hopefully not the solution for the future...

...and last question:
I think Antivir detected the backdoor after the last update today.
Doesn't that mean, that the trojan was there before like i don't know the last few weeks? Do i need to be concerned about this?

Thanks

Hi, there is no trojan / backdoor. It is a false detection which is fairly common since these programs want to make sure they don't miss anything. We're working with the AV companies and the software that does the virtualization for Holdem Manager to ensure you can use it without getting these false alerts

Roy

Dubya32
10-14-2009, 07:16 PM
YUp, dagrims ideas works. But i dont want to do this everytime, from a peace of mind p.o.v. id like to see the fix

wims
10-14-2009, 07:43 PM
Guys, bad antivirus programs has A TON of false positives, so they get higher detection rates in antivirus reviews. Holdem manager is doing alot of suspicious low-level things, using similar techniques as virus does. This is probably why its being detected as a virus. Its almost certainly not a real virus.

rcomo
10-14-2009, 08:03 PM
why does it still not work if i turn my virus scanner off?? I still get a HM error saying HUD access is denied.

donkyklonk
10-14-2009, 08:08 PM
Hi, i cant use my HM anymore cause my antivirus, Avast, found a worm/virus when i start it.
Its the same everytime, tried to unistall and install HM again but the same, I get this message when i start HM from my antivirus:
C:\Användare\---\Lokala inställningar\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v4 1BF0FF4\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe
Malware name: Win32:Malware-gen

I try to reapir, delite and take no action but cant get HM to work anyway... any tips?

Macka
10-14-2009, 08:11 PM
Guys, bad antivirus programs has A TON of false positives, so they get higher detection rates in antivirus reviews. Holdem manager is doing alot of suspicious low-level things, using similar techniques as virus does. This is probably why its being detected as a virus. Its almost certainly not a real virus.

We are aware this is the situation and that most probably it's a false alert, however for the people that are playing professionaly it's still a huge concern as our living might be at stake.

cubfan2238
10-14-2009, 08:14 PM
http://i594.photobucket.com/albums/tt30/cubfan2238/HEMthreat.jpg

This comes up and HEM opens then closes right away. What should i do?

phexac
10-14-2009, 08:14 PM
I have the same issue.

It is Avast Anti-Virus. I chose "take no action, so it should not have done anything." I turned off the Anti-virus, but I get the JIT exception from Microsoft .NET Framework whenever I try to run Holdem Manger. I have tried reinstalling Holdem Manager in same and different locations, but the error persists. Here is the info on the error:

"Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.

Access is denied."

When I try to click continue, Holdem Manager just hangs on the load screen.

Details for this error:

"ee the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.ComponentModel.Win32Exception: Access is denied
at System.Diagnostics.Process.StartWithShellExecuteEx (ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start(String fileName)
at HoldemManager.അ.ᨗ(Object ొ, EventArgs ో)
at System.Windows.Forms.Timer.OnTick(EventArgs e)
at System.Windows.Forms.Timer.TimerNativeWindow.WndPr oc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3074 (QFE.050727-3000)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
HoldemManager
Assembly Version: 1.9.0.38
Win32 Version: 1.9.0.38
CodeBase: file:///C:/Program%20Files%20(x86)/RVG%20Software/Holdem%20Manager/HoldemManager.exe
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
DevComponents.DotNetBar2
Assembly Version: 7.9.9.3
Win32 Version: 7.9.9.3
CodeBase: file:///C:/Program%20Files%20(x86)/RVG%20Software/Holdem%20Manager/DevComponents.DotNetBar2.DLL
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
HMClass
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Program%20Files%20(x86)/RVG%20Software/Holdem%20Manager/HMClass.DLL
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3074 (QFE.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Accessibility
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
----------------------------------------
DeployLX.Licensing.v3
Assembly Version: 3.1.2000.0
Win32 Version: 3.1.2000.19262
CodeBase: file:///C:/Program%20Files%20(x86)/RVG%20Software/Holdem%20Manager/DeployLX.Licensing.v3.DLL
----------------------------------------
System.Configuration
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Web
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3074 (QFE.050727-3000)
CodeBase: file:///C:/Windows/assembly/GAC_32/System.Web/2.0.0.0__b03f5f7f11d50a3a/System.Web.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.


"

al4as
10-14-2009, 08:32 PM
Hi

Today HM started crashing whenever I tried to open it.
I see the autoimport window for 2 sec then the program instantly closes, without any error messages. I updated to the latest beta and the same is happening.

Any ideas ?

adgergewh
10-14-2009, 08:32 PM
I just had the same exact problem, HEM closes immediately after opening. Here is what I get...

http://i38.tinypic.com/2crocur.jpg

urflatbeat
10-14-2009, 08:34 PM
the same thing is happening to me....

Never had any problems with the software before this.:confused:

proshares
10-14-2009, 08:35 PM
having same issues.. HM will work if i turn off antivirus. but if i turn the antivirus back on and open up hand replayer, it crashes again.

please get this resolved asap.

bearnet2001
10-14-2009, 08:38 PM
I just had the same exact problem, HEM closes immediately after opening. Here is what I get...

http://i38.tinypic.com/2crocur.jpg

Came to post exact same thing, had the img uploaded and ready to:

http://imgur.com/o30Sn.png

So is this a problem or false alarm?

Note I am still on beta 28 and haven't updated HEMm since a montha go

2eazy
10-14-2009, 08:43 PM
having same issues.. HM will work if i turn off antivirus. but if i turn the antivirus back on and open up hand replayer, it crashes again.

please get this resolved asap.

i use a avg anti virus, i cant even open holdem manager, anybody know how to turn off this anti virus

JP1986
10-14-2009, 08:47 PM
I'm having the same problem with AVG. I hit ignore and it still saves hands to the database but my hud is not showing up at the table. Any suggestions?

phexac
10-14-2009, 09:03 PM
Hey guys. I too had this problem. I turned off Avast and tried running HEM then, but ran into exception error and was unable to even start the program. Here's what worked for me:

First of all, turn off or uninstall your anti-virus. Next run system restore and restore your system to the day before you started having issues. Make sure your anti-virus is still not running. Everything should work properly now.

unirease
10-14-2009, 09:07 PM
In the line of the last post, I don't know if the last update of windows which was made today could be at the origin of the problem???

Jeffmet3
10-14-2009, 09:08 PM
i use a avg anti virus, i cant even open holdem manager, anybody know how to turn off this anti virus

same, nothing seems to work, and other then uninstalling idk how to turn off avg

LT22
10-14-2009, 09:14 PM
pretty easy to add an exception to AVG Resident Shield

sethypooh21
10-14-2009, 09:14 PM
FWIW, rolling back to 34b seems to have resolved the problem for now for me.

structure
10-14-2009, 09:16 PM
use AVG also..
can't get my HUD to work
I hate to disable my entire anti-virus system just to run HEM, any other options?

2eazy
10-14-2009, 09:16 PM
pretty easy to add an exception to AVG Resident Shield

how? im pretty bad at this stuff

Jeffmet3
10-14-2009, 09:17 PM
pretty easy to add an exception to AVG Resident Shield

i did, it doesn't seem to work and avg still closes out HEM when i open it

al4as
10-14-2009, 09:17 PM
Did you try reinstalling ?
I dont feel like losing all my custom settings so I didnt try yet

tamuet01
10-14-2009, 09:21 PM
I get the same thing.

urflatbeat
10-14-2009, 09:22 PM
not yet....hoping i don't have to.

comura125
10-14-2009, 09:29 PM
srsly, what is going on with this virus warning all of a sudden?

I have installed the latest beta as directed and am still getting this warning.
I am running Avira av

Thank you

Jackal703
10-14-2009, 09:31 PM
after using hem for 2 weeks, every time i open the program i get a bunch of warnings from my antivirus software b/c it found a trojan horse imbeded with holdemmanager.exe

what should i do?

EDIT refer to this thread its the same problem:

http://www.holdemmanager.net/forum/showthread.php?t=19389

Chode
10-14-2009, 09:32 PM
i got the same problem, just started today. My virus software popped up too and said there was something wrong with the HMimport.exe file....

richie912
10-14-2009, 09:32 PM
Hi, i have just recently purchased holdem manager. and i just got multiple threats from my virus scanner and in hold em manager it says Error launching the hud Access is denied.

Trojan horse BackDoor.Generic11.BAUS

now i have no HUD

-Richard

Chode
10-14-2009, 09:33 PM
I have the same problem except mine happens on start up... just started happening today

PCP Poker
10-14-2009, 09:34 PM
I have not downloaded this latest Beta in question, and I am having the same issue. After further research, I have learned that this could be related to a spyware program known as Stub.exe. I actually found a copy of this program hidden in my Poker Stars install folder, and have emailed Poker Stars regarding this issue. I will keep you all posted with what I find out, as this is very disturbing to me.

richie912
10-14-2009, 09:35 PM
Yeah on starting up holdem manager i meant.

Jackal703
10-14-2009, 09:36 PM
I get the same thing.

+1

richie912
10-14-2009, 09:38 PM
Same.

Chode
10-14-2009, 09:38 PM
me too

richie912
10-14-2009, 09:39 PM
Hope some one is fixing this up

baba
10-14-2009, 09:42 PM
aaaaaahhhhh this is so frustrating!

luckyman
10-14-2009, 09:45 PM
Hi,

I have changed absolutely nothing since last opening HEM.

Whenever i open it, it now says it has a virus, ive ran scans etc and its still there when i open it

I have also gone back to version 1.08.04 from a 1.09 beta version, but its still there.

Any ideas?

richie912
10-14-2009, 09:53 PM
I feel naked with out it

DrGaskopf
10-14-2009, 09:53 PM
Hi,

this morning out of nowhere, when opening HM I get a message from my
AntiVir Guard Antivirus program saying that the file in C:documents and settings\my name\...\csc.exe contains some kind of dangerous backdoorprogram or trojan I guess, by the name: BDS/Poison.auwd
It also doesnt bring me to the HM start page anymore but asks me to register again. When I put in my code and press register I just get the same virus message again. Please help.

Dr

al4as
10-14-2009, 09:54 PM
damn, just found 53 trojans on my cpu all related to HM

HELLcopter
10-14-2009, 10:05 PM
Same problem here

Lunatic973
10-14-2009, 10:12 PM
Seek.....and.....ye shall find!

http://www.holdemmanager.net/forum/showthread.php?t=19162&page=12

You can do it, I believe in you!

cubfan2238
10-14-2009, 10:13 PM
I feel naked with out it

WTF i need my HUD

Chode
10-14-2009, 10:14 PM
yes it is

Chode
10-14-2009, 10:16 PM
http://www.holdemmanager.net/forum/showthread.php?t=19162
this seems to be main thread

Chode
10-14-2009, 10:17 PM
http://www.holdemmanager.net/forum/s...ad.php?t=19162
this seems to be main thread

Chode
10-14-2009, 10:18 PM
http://www.holdemmanager.net/forum/s...ad.php?t=19162
this seems to be main thread

jjdarling
10-14-2009, 10:23 PM
Earlier today I received a number of warning messages from my anti-virus software. I moved the files to the virus chest, as recommended by the software.

File name: C:\Documents and Settings\Justin\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v0 8404D5B\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager

After, moving the files to my chest, I restarted my computer and attempted to open HM and received this message:

"Holdem Manager has encountered a problem and needs to close. We are sorry for the inconvenience.

If you were in the middle of something, the information you were working on might be lost."

Now this pops up every time I try to open HM.

I noticed another thread on this topic, and it appears those people are at least able to open HM.

I'm computer illiterate so if anyone could provide me some information about what the problem is or how I could fix it, it would be greatly appreciated.

Thanks,

JJ

cubfan2238
10-14-2009, 10:29 PM
problem fixed? what can i do to fix? respond!!!!!!!!!

cruss
10-14-2009, 10:29 PM
fwiw I paused avast, opened HEM and began importing then took avast off pause and HUD works fine.....just don't use hand replayer or it will detect problems again

richie912
10-14-2009, 10:30 PM
Ok i am lost on what to do.

Ih8mycards
10-14-2009, 10:34 PM
I'm having the same issues as everyone with the Xeno file (whatever). I'm using AVG as my antivirus. I would love to play again sometime soon. Let me know if I can be of any help in solving the issue. (Teamviewer, skype, etc)

Thanks!

amarillotg
10-14-2009, 10:34 PM
same.

richie912
10-14-2009, 10:45 PM
Ok i just did a system restore to yesterday. and it works again. Obviously its going to get stuffed again though

Rvg72
10-14-2009, 10:47 PM
Hi guys, thanks for everyone who are providing work arounds for people are affected by the false-positive virus alert. Again, just want to confirm to everyone that this is not a real virus/trojan

We are going to be removing Xenocode from Holdem Manager. This is the program that virtualizes the files and protects the source code and it is the method that they are using combined with the way we are calling the hud (and dbcontrolpanel) that is causing the false positive. We are instead purchasing a top end product to replace it and we think it will do it in a way that does not cause any problems like this. I'm still hoping to be able to launch this later tonight with the new build but we have a bunch of configuration and testing to do.

For your own information, this has nothing to do with the licensing software and none of that is affected by this change.

Thanks for your patience with this

Roy

phexac
10-14-2009, 10:58 PM
I have since resolved the problem by uninstalling my AV and doing a system restore to before the problems started.

Brian J
10-14-2009, 11:03 PM
So why did this just happen to everyone today? We have all had the same antivirus programs and the HEM program running for months without a hitch.

And I have antivirus completely turned off but the program will not open. It gets to the main software page and then just shuts off

Hello
10-14-2009, 11:11 PM
So why did this just happen to everyone today? We have all had the same antivirus programs and the HEM program running for months without a hitch.

That's exactly what I was wondering. I'd really like to hear an explanation for that!

Lunatic973
10-14-2009, 11:13 PM
Thanks RVG, we know you guys are working on it, and we appreciate it!
:D

phexac
10-14-2009, 11:14 PM
I don't know about you guys, but for me the problem started after an update to the AV program. Evidently, what happened was the major AV service providers updated their definitions (not at all surprising that they all did it at around the same time) and what was fine before got flagged. It's really not as sinister or mysterious as it seems :)

Hello
10-14-2009, 11:18 PM
Again, just want to confirm to everyone that this is not a real virus/trojan

I'm sure that's true, but then why aren't you contacting the AV companies to add an exception instead of buying new software and changing HM? Surely that must cost more and take more time, not to mention the potential new bugs.

Just wondering. :rolleyes:

Strongsville
10-14-2009, 11:26 PM
This happened to me tonight and I had no idea what was going on. I just removed AVG virus software from my computer and HEM starts up with no problems.

fozzy71
10-14-2009, 11:32 PM
i use a avg anti virus, i cant even open holdem manager, anybody know how to turn off this anti virus


pretty easy to add an exception to AVG Resident Shield

Turning off Resident Shield before the poker session seems to work also.

Radical16
10-14-2009, 11:45 PM
yeah same problem...but your link is dead. any ideas yet?

Stacker969
10-15-2009, 12:02 AM
Havent read all the posts so if this is redundant ignore:

In AVG resident shield you can add and exception.

Click on Manage Execptions and add a path to the folder for the xenocode:

C:\Users\USERNAME\AppData\Local\Xenocode\Appliance Caches\ for example worked for me.

G/L

Contradictin
10-15-2009, 12:09 AM
Just wanted to thank you for all your hard work. I can only imagine that you guys are pulling your hair out right now. I am sure it is fustrating for all involved. One certainly realizes how valueble HEM is when one does not have it!! Just going to wait patiently untill we have a solution. Till then I will do the only thing I see fit, head for a casino and destroy some fish live, LOL.
GL and TY, I will keep an eye on this forum for a fix.

Lunatic973
10-15-2009, 12:19 AM
Sir you may have a gambling problem, you need to see someone about. :eek:

Rvg72
10-15-2009, 12:21 AM
I don't know about you guys, but for me the problem started after an update to the AV program. Evidently, what happened was the major AV service providers updated their definitions (not at all surprising that they all did it at around the same time) and what was fine before got flagged. It's really not as sinister or mysterious as it seems :)

Yeah, this is what happened. What I suspect is a new virus / trojan got released very recently and so a bunch of the anti virus programs updated their heuristic search to match the profile of the new virus but inadvertently HM got throw in that mix. Of the 41 AV programs available through totalvirus.com only 10 flagged the file - the other 31 got it right and left HM alone

Roy

Chode
10-15-2009, 12:24 AM
Havent read all the posts so if this is redundant ignore:

In AVG resident shield you can add and exception.

Click on Manage Execptions and add a path to the folder for the xenocode:

C:\Users\USERNAME\AppData\Local\Xenocode\Appliance Caches\ for example worked for me.

G/L

Why can i not find these folders? I even searched every word in the windows search. no results

Rvg72
10-15-2009, 12:25 AM
I'm sure that's true, but then why aren't you contacting the AV companies to add an exception instead of buying new software and changing HM? Surely that must cost more and take more time, not to mention the potential new bugs.

Just wondering. :rolleyes:

The main reason is that this is a serious issue for people and I don't know how long it will take for these AV sites to accept the program and update their virus files - we have contacted a few and don't even have any type of response yet. I don't want this to drag on another week or more.

Also, I wasn't convinced that it wouldn't happen again due to the way it virtualizes the application and lastly, we are needing to replace our version of xenocode soon anyways because we will be moving to .net 3.5 which it does not support.

Roy

rajmaster
10-15-2009, 12:42 AM
Havent read all the posts so if this is redundant ignore:

In AVG resident shield you can add and exception.

Click on Manage Execptions and add a path to the folder for the xenocode:

C:\Users\USERNAME\AppData\Local\Xenocode\Appliance Caches\ for example worked for me.

G/L

wow common sense prevails!

worked for me, tyvm sir :)

vladedoty
10-15-2009, 12:51 AM
i'm getting the sam trojan with the xenocode and now my holdem manager won't even recognize my serials.
wonderful!!

jonmon101
10-15-2009, 12:53 AM
Alright so I uninstalled my antivirus software, turned off the firewall completely, and still get this message:

Failed to establish a connection '127.0.0.1'

Any solutions????

gino1234
10-15-2009, 12:58 AM
Same thing here and nono of the other threads seem to offer any solution....have any of you guys found a way to fix this problem yet. I just bought holdem manager 3 days ago...and now im thinking maybe i shoulda went with poker tracker.

Homerow
10-15-2009, 01:03 AM
Why can i not find these folders? I even searched every word in the windows search. no results

Try C:\Documents and Settings\user\Local Settings\Application Data\Xenocode\ApplianceCaches

byosti
10-15-2009, 01:19 AM
tonight for some reason my avg antivirus software i guess thought holdemmanager was a virus and not i keep getting that message whenever i try to start auto import

a-line
10-15-2009, 01:24 AM
Same alert with avast

+1

Brian J
10-15-2009, 01:39 AM
Try C:\Documents and Settings\user\Local Settings\Application Data\Xenocode\ApplianceCaches

how do you even enter this in avg? It won't let me put it in manually and as this seems to be some sort of virtual file/folders it doesn't show up in the paths.

Ballcup
10-15-2009, 01:42 AM
to get things up and running until roy gets this fixed do what the other guy said:

delete your anti virus program and restore your system to previous point before you updated AV program

I did that and HEM is running fine for now (i just dont have a AV program temporarily now)

Surf
10-15-2009, 01:48 AM
how do you even enter this in avg? It won't let me put it in manually and as this seems to be some sort of virtual file/folders it doesn't show up in the paths.

Go to control panel->folder options -> check show hidden files or folders. This will allow those folders to be visible in the avg list.

Surf

y0rik
10-15-2009, 01:48 AM
+1

Your Mom
10-15-2009, 02:02 AM
for AVG users, you can temporarily disable resident shield. Open your AVG user interface. Then choose the Tools Menu from up top and choose adv. settings. Then click Resident Shield over on the left and then disable it on the right, then click Apply down below. Then open HEM, start your import, open your HUD, then reenable resident shield, click apply, and it should work. At least, mine did.....

Chode
10-15-2009, 02:06 AM
http://www.holdemmanager.net/forum/showthread.php?t=19162
either that works or i don't know how to do it but the main thread is a sticky in the general thread i think

Chode
10-15-2009, 02:13 AM
well done

Chode
10-15-2009, 02:14 AM
Try C:\Documents and Settings\user\Local Settings\Application Data\Xenocode\ApplianceCaches


Go to control panel->folder options -> check show hidden files or folders. This will allow those folders to be visible in the avg list.

Surf

I meant well done

Chode
10-15-2009, 02:35 AM
OK So for people with Windows Xp and AVG anti-virus, you can make HEM work this way. I am not good with computers and i know some of you aren't aswell but i was able to do this so you should too. It has been mentioned in the thread already but this might make it clearer... maybe.

1. Goto.... C :/Documents and settings/user/ ... then right click and go to preference and make sure hidden files are visible.
2. go to.... local settings/application data/xenocode/applianceCaches
3. delete folders in there (the only folders in there for me were HEM folders)
4. Open AVG and click Tools then Advanced settings
5. On the left you'll see Resident Shield, click it, then click exceptions in the sub folder.
6. Push the Add Path button then go ...
C:/Documents and settings/user/local settings/application data/xenocode/applianceCaches click APPLY then OK. worked for me. Although i did not try the HUD yet cause i must sleep.

Edit: I guess you don't have to delete the folders in applianceCaches since you are making it an exception anyways

Eclipse86
10-15-2009, 02:46 AM
Deleting the files is of no use (atleast with avast), HM just recreates them and avast will complain again. Cleaning, moving, ignoring, it all results in HM crashing or shutting down.

A workaround might be opening the Avast console and pause the 'standard shield'. Now start HM and once it's up and running (including tablescanner/import thingies) start/resume the standard shield again. Can't really test it but atleast HM starts and runs, but I don't know if it will check again at a later time. Already reported it to avast as a false positive btw.

Hey Dagrim,

Could you please link that thread u posted on the Avast forums?

Thanks!

jmitch19
10-15-2009, 02:50 AM
I have XP and AVG 8.5 Free. I'm not sure why this worked, but it did.

I just uninstalled AVG then reinstalled it. HEM worked after this. At first I thought maybe it was just because AVG didn't have the latest updates yet, so I manually forced AVG to install all available updates. After doing this HEM still is working.

I can't explain why it worked, but I'm up and running again, just figured this might help some others.

TPayne
10-15-2009, 02:57 AM
OK So for people with Windows Xp and AVG anti-virus, you can make HEM work this way. I am not good with computers and i know some of you aren't aswell but i was able to do this so you should too. It has been mentioned in the thread already but this might make it clearer... maybe.

1. Goto.... C :/Documents and settings/user/ ... then right click and go to preference and make sure hidden files are visible.
2. go to.... local settings/application data/xenocode/applianceCaches
3. delete folders in there (the only folders in there for me were HEM folders)
4. Open AVG and click Tools then Advanced settings
5. On the left you'll see Resident Shield, click it, then click exceptions in the sub folder.
6. Push the Add Path button then go ...
C:/Documents and settings/user/local settings/application data/xenocode/applianceCaches click APPLY then OK. worked for me. Although i did not try the HUD yet cause i must sleep.

Edit: I guess you don't have to delete the folders in applianceCaches since you are making it an exception anyways

Confirming that this worked for me, temporarily at least. Thanks.

drawingdeadd7
10-15-2009, 02:57 AM
Hi, I was just using my Hold em manager last night and it was working fine.
I tried opening it today and it immediately closes. I tried looking for that folded that was mentioned on this thread about the xenode thing and could find anything... please help!

gtpoker828
10-15-2009, 03:00 AM
Why can i not find these folders? I even searched every word in the windows search. no results

appdata is hidden by default in windows... you will need to show hidden files in folder options...

Cheers,
~gtp

Chode
10-15-2009, 03:00 AM
OK So for people with Windows Xp and AVG anti-virus, you can make HEM work this way. I am not good with computers and i know some of you aren't aswell but i was able to do this so you should too. It has been mentioned in the thread already but this might make it clearer... maybe.

1. Goto.... C :/Documents and settings/user/ ... then right click and go to preference and make sure hidden files are visible.
2. go to.... local settings/application data/xenocode/applianceCaches
3. delete folders in there (the only folders in there for me were HEM folders)
4. Open AVG and click Tools then Advanced settings
5. On the left you'll see Resident Shield, click it, then click exceptions in the sub folder.
6. Push the Add Path button then go ...
C:/Documents and settings/user/local settings/application data/xenocode/applianceCaches click APPLY then OK. worked for me. Although i did not try the HUD yet cause i must sleep.

Edit: I guess you don't have to delete the folders in applianceCaches since you are making it an exception anyways


Hi, I was just using my Hold em manager last night and it was working fine.
I tried opening it today and it immediately closes. I tried looking for that folded that was mentioned on this thread about the xenode thing and could find anything... please help!

Do this if you have XP and AVG

Chode
10-15-2009, 03:02 AM
Confirming that this worked for me, temporarily at least. Thanks.

Glad to hear it.

akcbr954
10-15-2009, 03:04 AM
OK So for people with Windows Xp and AVG anti-virus, you can make HEM work this way. I am not good with computers and i know some of you aren't aswell but i was able to do this so you should too. It has been mentioned in the thread already but this might make it clearer... maybe.

1. Goto.... C :/Documents and settings/user/ ... then right click and go to preference and make sure hidden files are visible.
2. go to.... local settings/application data/xenocode/applianceCaches
3. delete folders in there (the only folders in there for me were HEM folders)
4. Open AVG and click Tools then Advanced settings
5. On the left you'll see Resident Shield, click it, then click exceptions in the sub folder.
6. Push the Add Path button then go ...
C:/Documents and settings/user/local settings/application data/xenocode/applianceCaches click APPLY then OK. worked for me. Although i did not try the HUD yet cause i must sleep.

Edit: I guess you don't have to delete the folders in applianceCaches since you are making it an exception anyways

THIS GUYS IS THE NUTTTZZZZZ....tytytytyt chode

gtpoker828
10-15-2009, 03:04 AM
Turning off Resident Shield before the poker session seems to work also.

In Avast! Pausing the sheild during HEMs startup (including TableManager and HUD) and then restarting after will also work.

I also reported the false positive to Avast!

GL HEM Admins...

Cheers,
~gtp

drawingdeadd7
10-15-2009, 03:05 AM
Confirming that this worked for me, temporarily at least. Thanks.

woohoo! this worked for me, HUD and all! Thanks everyone!

custo80
10-15-2009, 03:07 AM
Just opend HEM after having it for months now and got this msg.

see attachment

what do i do?????????

veos
10-15-2009, 03:10 AM
To disable the antivirus program for a file or folder isn't a good idea. If I was a hacker and wanted to infect a victims computer this is a great opportunity. Everyone would think it's a false positive.

It's better to wait for a new release from Rvg, imo..

Ace1247
10-15-2009, 03:12 AM
Hi,

I was playing today and all the sudden my AVG popped up and give me this error. (print screen below). I have tried all the options move to vault and heal and it still keeps popping up every time I click Start Auto import. Any ideas?

thanks.

ffrllc
10-15-2009, 03:16 AM
Havent read all the posts so if this is redundant ignore:

In AVG resident shield you can add and exception.

Click on Manage Execptions and add a path to the folder for the xenocode:

C:\Users\USERNAME\AppData\Local\Xenocode\Appliance Caches\ for example worked for me.

G/L

This worked for me as well.

custo80
10-15-2009, 03:20 AM
holy shit i got the same msg

http://www.holdemmanager.net/forum/showthread.php?t=19403

wtf is going on

Ace1247
10-15-2009, 03:26 AM
I tried restarting HEM and the same error keeps popping up. The HUD wont even start. It says, "Error launching the hud: Access is denied." I can do a print screen if you like. AVG doesn't seem like it can do anything as ive tried all the options at least 5x :-(. It is good to hear I am not the only one experiencing this. It just happened as I was playing. HU PLO if it matters.

Jackal703
10-15-2009, 03:27 AM
Big news!!!!!!!!!!!!!!


Avg just released a database update!!!!!!!!!!!!!!

Force update your avg and everything works

rbhambha
10-15-2009, 03:35 AM
Wow. My Avira just found 21 detections in my System Volume Information folder. It looks like the Virus is spreading. My HEM isn't even running right now and it found all of these infections. What's going on guys?

netsrak
10-15-2009, 03:35 AM
xx

custo80
10-15-2009, 03:37 AM
thought i'd answer u before a mod does :)

go here
http://www.holdemmanager.net/forum/showthread.php?t=19162&page=21

basically go to ur AVG and click on updates, d/load updates and everything is fixed!

mikyjazz
10-15-2009, 03:37 AM
Hi!i have the same problem: yesterday i open Holdem manager and Avast said there is a virus in C:\Document and settings\Michele\Impostazioni locali\.......\HMImport.exe

What can i do?Thanks. Michele Verrastro

Byakhee
10-15-2009, 03:38 AM
Any help for the people who use avast! Home Edition and Windows XP?

netsrak
10-15-2009, 03:44 AM
Read the other thread we are working on it and you find a lot of possible workarounds there.

Latest news: a new AVG definition Update fixes it

gtpoker828
10-15-2009, 03:57 AM
Any help for the people who use avast! Home Edition and Windows XP?

Pause avast! during startup of HEM and TableManager (including HUD)... then restart avast!... I'm working on finding a way to add an exclusion... but it is being... difficult.

Cheers,
~gtp

zloj
10-15-2009, 04:08 AM
Hi who use Avast.

Add two exclusion:

C:\Documents and Settings\*\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.*\TheA pp\STUBEXE\@APPDIR@\HMImport.exe
C:\Documents and Settings\*\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.*\Nati ve\STUBEXE\@APPDIR@\HMHud.exe

Forum bag:

\The App\
\Nati ve\

Need:

\TheApp\
\Native\

housenuts
10-15-2009, 04:35 AM
I've been using HEM for a while and never had any sort of virus warning before.

Recently just turned it on and avast! gave me this virus warning.

File Name: C:\Documents and Settings\creed\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v0 8404D5B\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe

Malware Name: Win32:Malware-gen

Malware type: Virus/Worm

VPS Version: 091014-0, 10/14/2009

Pretty sure I'm just going to ignore this, but just feels a little weird suddenly getting it. Any thoughts?

ty

foxkiller
10-15-2009, 05:05 AM
Hud.exe
Contains a recognition pattern of the (harmful) BDS/Poison.amuz back-door program

rbhambha
10-15-2009, 05:06 AM
Any help for people using Avira? I keep getting new detections in my system volume information files.

Marats
10-15-2009, 05:10 AM
Hi who use Avast.

Add two exclusion:

C:\Documents and Settings\*\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.*\TheA pp\STUBEXE\@APPDIR@\HMImport.exe
C:\Documents and Settings\*\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.*\Nati ve\STUBEXE\@APPDIR@\HMHud.exe

Forum bag:

\The App\
\Nati ve\

Need:

\TheApp\
\Native\

this is for xp right? what about vista?

DrGaskopf
10-15-2009, 05:15 AM
What worked for me was just deactivating Avira and then starting HM. After its up and running I could just reactivate my Avira and everything worked fine.

Hopefully there will be a new update that will solve the problem once and for all.

johnny1
10-15-2009, 05:49 AM
Hi
I am using avast and have windows vista.
If I get it right, its possible to pause avast, then start HM and the hud, open up table, start playing - and the start avast again.

Is this correct?

Roy: when do u think u will have an solution that works for us all?

luckyman
10-15-2009, 05:50 AM
I use Avast.

When i first got the virus warning, i ran scans str8 away, it found nothing, and now since then i have ran scans again and i have just found 19 TROJANS on my computer.

And the mods r syaing it is not a real virus? LMAO

And why should we have to jeapordise our internet security by pausing or disabling our software when it is not our fault!!!

there is clearly a virus there, i had 19 of the fkers on my comp

When is it gettin sorted?

florian44
10-15-2009, 05:59 AM
Hi who use Avast.

Add two exclusion:

C:\Documents and Settings\*\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.*\TheA pp\STUBEXE\@APPDIR@\HMImport.exe
C:\Documents and Settings\*\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.*\Nati ve\STUBEXE\@APPDIR@\HMHud.exe

Forum bag:

\The App\
\Nati ve\

Need:

\TheApp\
\Native\

Doesn't work on Xp.

Jason82
10-15-2009, 06:08 AM
see:

http://www.holdemmanager.net/forum/showthread.php?t=19162

lenasrokas
10-15-2009, 06:31 AM
my solution is simple: when i start HM, Avira detects virus, i click move to quaranteen and HUD fails to start, i stop autoimport and start it again, now i do same thing just click move to quaranteen and now HUD shows up. Sometimes it shows up with first time, but in most cases it fails after first time i start autoimport.

FreeManC
10-15-2009, 06:56 AM
I had not this problem before, but since today avast found a virus each time I launch HEM.
I think there is a trojan which have infested HEM.

Do you have any solutions to suppress thh virus ?

ant9985
10-15-2009, 07:01 AM
Hi, i didn't know whether to post this in Kaspersky forums or here so i did both.

Basicly, I have Kaspersky interenet security and it keeps saying that i have backdoor.win32.poison.auuu located in Local settings\applicationdata\Xenocode\ApplianceCaches\ HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRA MFILES@\RVGsoftware\Holdem Manager\HMHud.exe

So it deletes it.

Obviously i don't think the HUD is a virus but could it have a virus attached to it somehow and that's why my antivirus keeps deleting it? or do u think it's completely wrong?

dway
10-15-2009, 07:12 AM
Hi,

Avast just gave me a waring that

C:\Documents and Settings\acer\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe

Malware name: Win32:Malware-gen

Malware type: Virus/Worm

I submitted this as a false positive to avast.

Byakhee
10-15-2009, 07:14 AM
I think there should be a FACT thread posted by admins of this "virus" problem so people wdont have to post same questions clueless over and over again in this thread...

Galoper
10-15-2009, 07:30 AM
Beta 34 and Beta 38 give me the same problem.

Avast! is my AV software.


C:\Users\AGMD\AppData\Local\Xenocode\ApplianceCach es\HoldemManager.exe_v41BF0FF4\TheApp\STUBEXE\@PRO GRAMFILES@\RVG Software\Holdem Manager\HMImport.exe


Win32:Malware-gen


What can i do to solve this issue?

How can i run HM with close the AV soft?

nosmith
10-15-2009, 07:31 AM
Ive been having exactly the same problem with Avast. Ive tried all sorts of fixes including setting up the exceptions but the only fix that works is to pause the standard sheild on Avast, start holdem manager and run the HUD then hit continue on the Avast standard sheild.

nosmith
10-15-2009, 07:34 AM
Read this thread http://www.holdemmanager.net/forum/showthread.php?t=19162

There is a few fixes there the only one that works for me is the last one that i have posted.

IversonAK
10-15-2009, 07:39 AM
There is any solution for Kaspersky IS on vista?

Contradictin
10-15-2009, 07:46 AM
Big news!!!!!!!!!!!!!!


Avg just released a database update!!!!!!!!!!!!!!

Force update your avg and everything works

I updated AVG right now, everything works fine. I am using beta 38.

HEM, importing, and HUD, all good!!

Success

Galoper
10-15-2009, 07:49 AM
I see it, thanks, but donīt work for me.

I finish Avast, run HM, restart avas, but whe want to see a hand in the replayer, avast give me problems again. HUD was disabled.

Iīm thinking to change AV soft, or hand tracker soft, nothing work.

nosmith
10-15-2009, 07:53 AM
Yeah there isnt a fix yet for the hand replayer. Im sure that they will be releasing a new version fo HM soon that will fix the problems. In the meantime i just wanted to be able to play poker. It might well work if you kept it disabled while you veiwed the hand histories but i havent tried it. FWIW people are getting similar problems on all sorts of AV software.

Smartkid
10-15-2009, 08:04 AM
I updated AVG right now, everything works fine. I am using beta 38.

HEM, importing, and HUD, all good!!

Success

Y i updated AVG too and now it's working fine!!

Zen179
10-15-2009, 08:17 AM
I use Avast.

When i first got the virus warning, i ran scans str8 away, it found nothing, and now since then i have ran scans again and i have just found 19 TROJANS on my computer.

And the mods r syaing it is not a real virus? LMAO

And why should we have to jeapordise our internet security by pausing or disabling our software when it is not our fault!!!

there is clearly a virus there, i had 19 of the fkers on my comp

When is it gettin sorted?

same here
ive found 35

:eek: :eek: :eek:

bearnet2001
10-15-2009, 08:21 AM
Also confirming AVG now not flagging HEM after update