HiPiHi Infected With Trojan? - SLUniverse Forums
Navigation » SLUniverse Forums > Off Topic Discussion > Gaming » HiPiHi Infected With Trojan?


Gaming Discuss all aspects of gaming.

 
Reply
 
LinkBack Thread Tools Display Modes
Old 12-18-2007, 11:34 AM   #1 (permalink)
Senior Member
 
ZATZAi's Avatar
 
Join Date: Jun 2007
Location: California
Posts: 2,524
HiPiHi Infected With Trojan?

Quote:
Originally Posted by SuezanneCB
I installed 40012 last night and my antivirus reports the presence of the Bifrose.YM backdoor trojan, a keylogger and password sniffing program.

I told the antivirus program to ignore this warning. I am now getting warnings when using Hipihi.

There have been other reports of this sort about other versions of Hipihi, from folks that reported using antivirus programs other than the one I use. I use AVG from Grisoft.

Here's the warning message I get a lot now when using Hipihi:



Hipihi needs to take some effort to keep people from seeing that. Just checking with Kaspersky isn't sufficient to prevent users from seeing this notice, users that will include reviewers, bloggers, authors of books on virtual worlds, investors, etc.

Checks should be done with the AVG, Avira, Panda, and other common malware detection programs. The purpose of the checks with multiple anti-malware programs is to prevent users - or would-have-been users, in the case of those who just abandon the use of Hipihi when they get the warning - from getting false positives.
Source

...

Quote:
Originally Posted by Google Groups
During installing I get an alarm that a virus had been found in the
newly created "Uninstall.exe" (BDS/Bifrose.Gen).

I'm not sure what to make of it but I'll trust my antivirus program a
little more than HiPiHi.

I can't tell whether there is a backdoor program or not, since even if
there would be such program in action, it would be hidden! I did not
start the game rather erased it.

Note: The original HiPiHi_world_30014_sp2.exe file does not cause a
virus alarm!
Source

...

Quote:
Originally Posted by Wikipedia
The uninstall routine of HIPIHI tends to be infected with a Trojan. With releases up to 30014 it was BDS/Bifrose.Gen from the Bifrost family. The new releases 40011 and 40012 feature the backdoor program Packed.64. The change indicates that the Trojan is deliberately inserted in the code.
Source

...

I can confirm I get the same warning from AVG with HiPiHi's uninstaller myself. Rather interesting development wouldn't you say? And supposedly the Trojan has changed over time.



So is this an accidental infection, a false posative, or as Wikipedia suggests (And something of us feared coming from this company) something far more sinister?

EDIT:

For those of you finding this weeks after the fact. As of January 1st 2008 this has been labelled a false posative with the AVG Virus scanner that has since been corrected.
__________________
- ZATZAi

Last edited by ZATZAi; 08-27-2008 at 03:17 PM.
ZATZAi is offline   Reply With Quote
Old 12-18-2007, 11:40 AM   #2 (permalink)
Banned
Loved by printesa
 
Join Date: Jul 2007
Location: Springfield, Illinois
Posts: 3,979
My Mood:
SL Join Date: September 23, 2003
Business: N&B Exports

Awards: 1
Thread Title of the Week 
Your PC is now a COMMIE!!!!

Briana Dawson is offline   Reply With Quote
1 User Said Thanks:
Old 12-18-2007, 11:43 AM   #3 (permalink)
Senior Member

*SLU Supporter*
 
Reality Control's Avatar
Playing WoW
 
Join Date: Jun 2007
Posts: 5,885
As promising as HiPiHi looks I don't trust chinese software.
Reality Control is offline   Reply With Quote
Old 12-18-2007, 12:16 PM   #4 (permalink)
Senior Member
 
ZATZAi's Avatar
 
Join Date: Jun 2007
Location: California
Posts: 2,524


Lot's of loading screens, everywhere. I went by Intel's place and Suez's "home". My bandwith monitor showed things coming down at 250KBps (SL tops out around 100KBps) but things never seemed to load, so pretty much everything was untextured for me.

The geometry of the objects wasn't terribly impressive but perhaps I just need to look around more. It doesn't use hardle any CPU/GPU but about 425MB of RAM. I can't for the life of me figure out how to zoom in towards my character, I'm way the heck zoomed out (Couldn't find anything in the english manual either).

It runs in a window but you can't change it's resolution (Strech, resize and/or maximize the window). So I had to run it 4:3 on my 16:9 screen, kinda annoying that. When you "close" the program it minimizes to your taskbar (Next to your clock) rather than actually close. The icon has some menu options, I don't know what they are though, and you can bring the program back up quickly.

...

And yes, it looks a lot like Second Life, more than coincidentally so (Statements by their staff to the contrary).
ZATZAi is offline   Reply With Quote
Old 12-18-2007, 01:41 PM   #5 (permalink)
Cheese Baron
 
Lianne Marten's Avatar
 
Join Date: Sep 2007
Posts: 3,069
My Mood:
SL Join Date: 5/6/2004
AVG decided, completely out of the blue, that the main executable of Vampire: TM: Bloodlines was a virus and deleted it. I had to reinstall and manually tell the damn thing to leave it alone.

It's probably a problem with AVG. It seems to enjoy getting false positives from games you are enjoying at the moment. Try another virus scanner and see if it gets triggered as well.
Lianne Marten is online now   Reply With Quote
Old 12-18-2007, 01:53 PM   #6 (permalink)
Senior Member
 
ZATZAi's Avatar
 
Join Date: Jun 2007
Location: California
Posts: 2,524
Quote:
Originally Posted by Lianne Marten View Post
AVG decided, completely out of the blue, that the main executable of Vampire: TM: Bloodlines was a virus and deleted it. I had to reinstall and manually tell the damn thing to leave it alone.

It's probably a problem with AVG. It seems to enjoy getting false positives from games you are enjoying at the moment. Try another virus scanner and see if it gets triggered as well.
Yah that's very possible, though apparently other anti-virus programs pick it up as well. Fortunately AVG was able to repair the file in my case so I could go on using it.

Nice avatar btw.
ZATZAi is offline   Reply With Quote
Old 12-18-2007, 02:09 PM   #7 (permalink)
Cheese Baron
 
Lianne Marten's Avatar
 
Join Date: Sep 2007
Posts: 3,069
My Mood:
SL Join Date: 5/6/2004
Quote:
Originally Posted by ZATZAi View Post
Yah that's very possible, though apparently other anti-virus programs pick it up as well. Fortunately AVG was able to repair the file in my case so I could go on using it.

Nice avatar btw.
That wikipedia mention is interesting, though i'd like to see a citation for it, since I have no idea what they're talking about. It's something to keep in mind if you're playing/planning on playing though, for certain. Thanks.
Lianne Marten is online now   Reply With Quote
Old 12-18-2007, 02:56 PM   #8 (permalink)
Senior Member
 
ZATZAi's Avatar
 
Join Date: Jun 2007
Location: California
Posts: 2,524
Quote:
Originally Posted by Lianne Marten View Post
That wikipedia mention is interesting, though i'd like to see a citation for it, since I have no idea what they're talking about. It's something to keep in mind if you're playing/planning on playing though, for certain. Thanks.
Indeed, I wish it was cited. I haven't gone too deep into Google looking for a citation yet. I may...
ZATZAi is offline   Reply With Quote
Old 12-18-2007, 05:18 PM   #9 (permalink)
worried
 
Mukatsuku's Avatar
homesick
 
Join Date: Aug 2007
Location: 兵庫、日本
Posts: 10,311
My Mood:
I got the same thing and use AVG.
But, I have recently got many false positives from AVG and have to disable it at times to get some things to run!
I am starting to wonder about looking into other virus software, though AVG has been great for so many years that I am reluctant to switch.

PS. Hipihi refuses to load any objects when I log in anyway, so I've not been able to try it.
__________________
--

My Sims Exchange - http://www.thesims3.com/mypage/Mukatsuku
My Photography/Graphics Design - http://www.zedpeejay.com
Meet-me wiki - http://meetme-english.wetpaint.com

Mukatsuku is offline   Reply With Quote
Old 12-19-2007, 05:58 PM   #10 (permalink)
Senior Member
 
ZATZAi's Avatar
 
Join Date: Jun 2007
Location: California
Posts: 2,524
Found a mention of build 30014 back on December 3rd having the same Trojan in the uninstaller.

Quote:
Originally Posted by Not Possible IRL
HiPiHi (type that intentional cuteness five times in a row!) for English language users is now in limited Beta testing. You will have to submit your personal info, including your address and cell phone number, and wait to hear if you have been accepted. Oh, and the uninstall of the current release "30014" is infected with the backdoor Trojan BDS/Bifrose.
Source
ZATZAi is offline   Reply With Quote
Old 12-19-2007, 06:09 PM   #11 (permalink)
Senior Member
 
ZATZAi's Avatar
 
Join Date: Jun 2007
Location: California
Posts: 2,524
In this thread on the HiPiHi forum you can see Suez futilly trying to explain to the HiPiHi staff about the malware issue. There response is quoted below.

Quote:
We'll check virus with kaspersky when every version updata, so take it easy
So no answer from HiPiHi yet, apparently they run a virus check on their code with one virus program before it goes out. So we're back where we started then. Is it infected and they just don't know it because they're software does not detect it? Is it a false possative, or something else?

It wouldn't be the first time a virus made it's way into a corporate development infastructure and got out to the client base.
ZATZAi is offline   Reply With Quote
Old 12-19-2007, 07:03 PM   #12 (permalink)
Banned
adores her psycho
 
Join Date: Sep 2007
Location: melbourne
Posts: 4,360
My Mood:
are the chinese capable of exporting anything?
prinţesă nină is offline   Reply With Quote
Old 12-19-2007, 11:18 PM   #13 (permalink)
Senior Member
 
ZATZAi's Avatar
 
Join Date: Jun 2007
Location: California
Posts: 2,524
Massively has been doing their own investigations into the story. The Linux version of HiPiHi seems to have the virus as well (Note my test was done on Vista).

Quote:
Originally Posted by Massively
Update:

We performed an independent test to see if this could be the result of pre-existing trojans or software threats on people's machines.
Our test setup:
An old PC with no network access, and an Ubuntu Feisty Linux installation CD.
Procedure:

We freshly installed Ubuntu and while we waited for that we downloaded the HiPiHi 40011 installer on a spare linux box and burned that to a rewritable CD to avoid potentially contaminating anything.

We loaded the HiPiHi installer, onto the fresh linux install, and unpacked it by the simple expedient of installing it using wine.

Once it was all installed, we checked it out with two virus scanners, which we freshly installed and updated: Clam Antivirus, and Grisoft's AVG (Free Edition).
Results:
Clam Antivirus did not find any problems.
AVG reported the trojan signature from the bifrost family, as the story originally reported.
Conclusion:

This could still, honestly, be a false positive - in which case, we urge (and have urged) the HiPiHi people to get in touch with Grisoft to clear it up. The mention in the Wikipedia article casts some doubt on the matter.

"The uninstall routine of HIPIHI tends to be infected with a Trojan. With releases up to 30014 it was BDS/Bifrose.Gen from the Bifrost family. The new releases 40011 and 40012 feature the backdoor program Packed.64. The change indicates that the Trojan is deliberately inserted in the code." -- from Wikipedia.

Either the uninstaller is being routinely infected (we don't believe for a moment that that would be condoned or intended by the HiPiHi company), or AVG's scanner is a bit hypersensitive.

Until it is confirmed either way, you should exercise caution. The family of trojans that are claimed to be involved are quite rude strangers to have on your machine, and you want to avoid them. By all means, take a look at HiPiHi, but be careful.
Source

Apparently one of the Devs on HiPiHi saw the story as well and is commenting on it. They appear to be furthing looking into the issue as well, which is great. Hopefully this'll spur them to correct the issue since it's been around since December 3rd as I mentioned in a previous post.

Quote:
Originally Posted by Bjorn
we hear ya at HiPiHi here, tests internally on various virus scans have reflected inconsistent results on the presence of this "trojan". dun seem to have any real threat but we are keeping an eye out for it.

if any of you folks out there have updates to this problem, give us a holler by replying here.
Quote:
Originally Posted by Bjorn
strange, my earlier comment seems to have disappeared..

I am from HiPiHi and our team has run a number of tests with different virus scanning softwares. It appears the trojan result from AVG is an anomaly. Nonetheless, the inconsistent trojan results is a cause for concern and we are looking into it.

if any readers here have follow on updates to this problem, give us a holler by replying here..
ZATZAi is offline   Reply With Quote
Reply

Tags
hipihi, trojan, virus

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are On


LinkBacks (?)
LinkBack to this Thread: http://www.sluniverse.com/php/vb/gaming/4581-hipihi-infected-trojan.html
Posted By For Type Date
Virus warning, HiPiHi may contain trojan [UPDATED] - Massively This thread Refback 02-22-2008 12:40 AM