My HEM has a trojan

[<j3ezy>]

Every time I try to open my HoldemManager, my antivirus pops up and says that a Trojan was found.

File Name: C:\Documents and Settings\Keith\Local Settings\Temporary Internet Files\Content.IE5\3KY9GGK7\rvgsoftware_com[1].htm

Malware name: JS:Redirector-H [Trj]

Malware type: Trojan Horse

VPS version: 090506-0, 05/06/2009
My antivirus client also won't let me "move the malware to virus chest", which is the recommended option, because the file is "in use by another program".

I have run several virus scans while HEM was not open, which have come up clean.

I have also uninstalled/reinstalled HEM several times, and tried to update my version to the most recent by using the link in the other forum thread, but it fails to update certain parts of the program.

If I choose to delete the file or "not respond" and just open tables/auto import, the program does not import any hands, but the table manager does recognize my being seated at the tables.

If I just ignore the virus alert by clicking no response and sit at tables/auto import, the HUD does not work even though table manager seems to be working.

This is a thread from the forums of the antivirus client that I use: http://forum.avast.com/index.php?topic=44728.0

another thread talking about the malware: http://forum.avast.com/index.php?topic=44728.0

[morny]

In the vast majority of cases this is a false positive however there are some viruses that can attach themselves to .exe files and when you run it instead of running HM it will run the virus. The safest thing to do is 1) Make a backup of your C:\Program Files\RVG Software\Holdem Manager\Config folder
2) Uninstall HM via the Control Panel
3) Go to Program Files and delete the RVG Software directory, or the equivalent for Vista
4) Reboot your computer
5) Install the complete setup of HM: http://www.holdemmanager.com/downloa...demmanager.zip
7) Download the latest patch HM: http://www.holdemmanager.com/downloads/HmUpdate.exe
8) Test if it for a while and see if it work
9) Close down Holdem Manager and copy the config folder from step 1 and copy and overwrite it to your C:\Program Files\RVG Software\Holdem Manager\Config folder
10) Test if it works again for a while

If the problem persists it may be worth conidering changing to another antivirus but usually when a virus attaches to an .exe file it will infest most of the computer so its most likely a false positive if its an isolated incident

[JCS]

Hi,

I just got the same problem as OP. I tried the same exact procedure as Morny described, but to no avail, I still get the trojan warning as soon as I start HEM (step 8 in Morny's list). I use Avast as my antivirus and don't really intend to change it since it's considered a real good one. Also, I have kinda huge monies on my various poker accounts, and with all the hacking stories lately, I'm scared to even open a pokerroom lobby right now.

I'd really like to know how OP got to solve his problem. Could it be possible for an admin to send him a mail for him to come check this thread back? Since he's got only 1 message, I suppose he's not cheking around here regularly.

Thanks in advance.

[LostCause]

I am having the same issue.

[pilz]

Same here,

I got these 2 messages from Avast:



Followed the steps above, but I still got these messages.

[Ajeto]

I have the same issue.
Antivir: Avast
Version of HEM: 1.08.03

[JCS]

Feels a bit better to know that it's not my (or all you guys') particular computer that is targeted, and that instead it seems something related to RVG's website, whose source code seems to have been infested by 'pirate' redirections to other websites containing malicious content.

[LostCause]

Here are the results of a scan I ran on the rvgsoftware.com

http://www.unmaskparasites.com/secur...ntversion.html

[bigadin]

Same with HM 1.08.04 and Avast

[Felix9381]

Same Problem with GData:

Trojan
Adresse: www.rvgsoftware.com
Virus: JS:Redirector-H7 [Trj] (Engine B)

It seems to be a false positive, but I would like to have that be assured/explained.