Trojan blocking HM2

[PacnyTuH0]

Hi,

I have sent you an email but I further investigated my issue and am gonna ask here again.

I tried starting my HM2 and got the following error:
"The item Holdemmanager.x86.exe has been changed or moved".

When I try to run HM2 from my HM2 folder I receive the following:
"This App cannot run on your PC"
"To find a version for your PC please check with the software publisher"

It seems I got the following trojan/malware or whatever it is:
Trojan:Win32/Zpevdo.A

I then checked my Windows Defender Threat history and found out the following:

unknown.png

Could you please tell me whether I can fix this without reinstalling my HM2?
I have the option to "Allow" the threat but I'm not sure whether it will help, even if it's a false threat.

Thank you

[udbrky]

If you download from us, it is always clean. This is a false positive.

Report the false positive.

Add all the files to the exceptions, as well as the update file, and run it as admin. Tell them the files are ok and move them back.

Please see this FAQ to alleviate any security bottlenecks - http://hm2faq.holdemmanager.com/ques...olders+HM2+use

http://hm2faq.holdemmanager.com/ques...+Problems#7881

[PacnyTuH0]

I updated my HM2 to the latest version and it works fine again.

Thank you

[udbrky]

You are very welcome. Thank you for letting us know it solved your problems. It helps us when crafting future replies to other customers with similar problems.

Good luck at the tables. If you have any further questions or problems do not hesitate to ask us.

[Zeldyman]

If you download from us, it is always clean.

No, it's not. Today my windows defender:
trojan-defender.png

Virustotal: https://www.virustotal.com/gui/file/...53c5/detection
trojan-virustotal.png

HoldemManager.x86.exe is a latest version 2.0.0.8673:
trojan-version.png

downloaded by HEM's itself (autoupdater). The same version can be downloaded from here:
https://www.holdemmanager.com/store/...ds-manuals.php

Holdem Manager 2 Full Setup = https://edgecdn.holdemmanager.com/Do...Setup_8673.exe
Holdem Manager 2 Update = https://edgecdn.holdemmanager.com/Do...pdate_8673.exe

all HoldemManager.x86.exe files are the same as my file (checked by hash):
trojan-hash.png

Please fix it as soon as possible. Thank you.

[udbrky]

Please update to this version
http://www.holdemmanager.com/Downloa...pdate_8695.exe

I've never seen them show us as a virus.

virustotal.PNG

[Zeldyman]

Thanks for reply udbrky.

This new version is not clean. You can try yourself. Install 8695 version and try to check the executable file HoldemManager.x86.exe (or if you dont wanna install, you can just extract this file from installattion "archive" Hm2AutoUpdate_8695.exe by using 7-Zip or something like that). This is the result:
trojan-virustotal2.png

8695: https://www.virustotal.com/gui/file/...0e84/detection
8673: https://www.virustotal.com/gui/file/...53c5/detection

[Zeldyman]

today (8695 version):
trojan-defender2.png
Please, please, fix it as soon as possible.

[fozzy71]

It is a false positive. I just submitted it to MS as a false positive.

That is a false positive alert and you should report the false positive, remove it from quarantine and/or add exceptions for it and the installer and install the update/patch again.

Sometimes security software can prevent Holdem Manager communicating with PostgreSQL and the Poker sites. This can cause many issues including import, hud issues and issues with launching Holdem Manager. Please follow the instructions in this FAQ that creates exceptions for Holdem Manager and PostgreSQL to avoid these issues - http://hm2faq.holdemmanager.com/ques...%28Firewall%29

Open your Windows Defender (or chosen AntiVirus program) > History tab:

1) Select the files if they are from holdemmanager with that checkbox on the left side, then in the bottom right of the window click 'Allow Item'.
2) Start HM2.

Please let us know if that solved the problems.

If you continue to have problems:

Please zip/attach your HM2Logs folder with a detailed description of what you were doing and what problems you were experiencing - http://hm2faq.holdemmanager.com/ques...ger+Support%3F

[Alyz]

Hi,

I have the same problem.