Hybrid PhysX Mod Package Contained Trojan

[trick0502]

But if NGOHQ really want to save grace they should release a packer free version and/or submit it to symantec or some other company for proper report on whether they put a virus in it.

Plus Symantec is a PoS anyways and I would never trust them to start with...

i cant wait to see what NGOHQ says about this.

+1 symantec is a PoS.

 

[sigvoror]

I DLed it yesterday, and installed it. Avast called it clean. Made Avast recheck it and a few extra spots, again nothing. I am currently running a full scan. Also, I have no new programs trying to connect to the internet. I will run a few more scans here in a few, about to grill, post back after all scans are finished.

 

[jamesrb]

People that are [H] don't use antivirus..

 

[Gorankar]

People that are [H] don't use antivirus..

Some don't. many others do.

 

[Izza]

People that are [H] don't use antivirus..

Yes, we also pass on LN2 cooling in favor of forcing our body temperatures to drop, and simply pissing in our cases.

Gotta go... I'm hungry, and there's a jar of nails in the garage with my name on it...

 

[Regeneration]

just saw this: http://www.ngohq.com/graphic-cards/17753-trojan-in-the-physx-mod.html

False information! I’ve checked the file myself. That’s just a false positive due to the included packer. I'm going to issue a press release soon since HardOCP messed up big time with this announcement. And by the way, nobody even bothered to contact us to verify or to ask for our reply before they accused us in distributing malware! That’s not very cool. Even my very own DSEO is also flagged as a virus for some reasons, I wrote about it a few months ago.

 

[LAiN_OfTheWired]

All of the most trust-worthy AV solutions don't detect this as a virus (at least according to virustotal). So if the leaders of the AV realm (Kaspersky, Sophos) don't detect a threat and the ones we typically laugh at and uninstall immediately upon first boot (Symantec, McAfee) say there is a threat, I'd have to lean toward the "I'm installing my 9800GTX+, loading this baby, and watching physx happen with an ATI card doing my 3D rendering" position.

 

[Gorankar]

just saw this: http://www.ngohq.com/graphic-cards/17753-trojan-in-the-physx-mod.html

Yea, I saw that as well. We will prolly see the files in that package put under a microscope b4 this is all over.

I am hoping [H] is wrong on this one. While I no longer use it, I prefer to maintain the option without infecting my PC.

 

[thesmokingman]

Yea, I saw that as well. We will prolly see the files in that package put under a microscope b4 this is all over.

I am hoping [H] is wrong on this one. While I no longer use it, I prefer to maintain the option without infecting my PC.

Smacks head. This is old news specially if you've been following along in the hybrid physx evolution. It's been a known false positive for a while now.

 

[RADEoN]

I'm tempted to throw my 8800GTS in and install the package just to prove a point.

 

[caveman-jim]

Got a nice message from a site admin of NGOHQ, at Rage3D:

I'm from NGOHQ and everything published here is a complete lie. Including the latest "warez site" comment. That's just a false positive due to the included packer. In addition, no one even bothered to contact us or to ask for our reply/explanation. Amateurish journalism at its best, and I’m going to issue a press release asap.



caveman-jim, you can go **** yourself.

GenL is helping the entire community for free out of good intentions. He’s not getting paid for his work, so don’t blame him for using free PE packer, all the good ones cost money. And he has to use one to prevent it from getting cracked, since Nvidia has blocked his mod in the recent Geforce drivers. The guy is doing you all a favor and gets **** in return. At least give him the opportunity to reply and defend himself.

So there you have it, GenL is using a freeware packer to circumvent the GeForce drivers from detecting the mod and disabling it.

 

[RADEoN]

Got a nice message from a site admin of NGOHQ, at Rage3D:





So there you have it, GenL is using a freeware packer to circumvent the GeForce drivers from detecting the mod and disabling it.

why doesn't this post include this:

I won't comment on how reputable NGOHQ is.

 

[BBA]

My thoughts...why not pressure nvidia to not cripple their drivers just because you have an ATi card installed?

That, or just use the older nvidia drivers that worked if all you want it for is physics.

 

[Cutriss]

My thoughts...why not pressure nvidia to not cripple their drivers just because you have an ATi card installed?

Kyle and Steve have certainly been trying.

 

[HisSvt76]

i have this running and have scanned everything with every piece of software that is worth a damn and havent found any issues. Machine in my sig and have had zero problems and nothing comes up in any scans.

 

[cyclone3d]

It has come to our attention that the Hybrid PhysX Mod from NGOHQ.com posted earlier this month contained the Infostealer.Gampass trojan. According to Symantec, Infostealer.Gampass specifically targets video game credentials, log-ins and passwords. I would recommend uninstalling this and doing a full scan on your computer. I would also recommend that you avoid downloading anything from sites that do not scan files before offering them to the general public. We apologize to anyone that may have downloaded the Hybrid PhysX Mod after we posted that link. Thanks to Theron E. for the heads up.

Why would you even for a second trust anything that Symantec puts out?

Symantec, Mcafee, and Norton are the WORST pieces of crap software that dare to call themselves anti-virus products.... other then the fake ones that I end up having to clean off of people's systems.. most of which have one of the 3 aforementioned products on their computers.

 

[Lupine]

NGOHQ.com's response:

Posted by Regeneration on April 30th, 2010, 03:54 AM

It has come to our attention that HardOCP has recently published false accusations regarding GenL’s PhysX Mod. HardOCP claims that mod is infected with a Trojan and recommends avoiding it and avoiding files offered by NGOHQ.com. HardOCP hasn’t even bothered to contact us to request clarification, response or explanation before it published the story. In addition, HardOCP’s Kyle Bennett has posted the following fascistic comment on his forums: "NGOHQ will never again see a link on HardOCP and within a few days, the name will be banned from being typed here at all. The only reason it is not right now is so that it can be discussed easily."

We have checked GenL’s latest mod by using advanced tools and we couldn’t find any record of malicious content in it. The file is fully clean and safe, like all the other files hosted here. However, some Antivirus software does detect it as a Trojan, but that’s just a false positive due to the included EXE packer. Software developers use packers to compress their executable files and protect them from being cracked and debugged, a well known fact by every software developer and end-user. GenL is forced to use a packer since Nvidia has blocked his mod in recent drivers and it is likely they will try to do it again. GenL has even warned users regarding the false positive issue in the FAQ.

GenL has written the mod out of good intentions and in good faith to help the community. He’s not getting paid for his work and he does it in his free time as a hobby. He’s working hard just to help you and doesn’t see a single buck from it. Therefore, he doesn’t have the budget to acquire a good commercial packer, and he’s forced to use a free one. Unfortunately, malware developers are using the same free packers in their malware in an attempt to avoid Antivirus detection. To counter this issue, some Antivirus suites are targeting and banning free packers, and that’s why GenL’s mod is detected as a Trojan in those suites.

GenL is a community hero and deserves to be rewarded his efforts. We are proud having him around and we welcome more creative users like him. HardOCP’s has failed to provide even a single real piece of evidence and we consider their claims against us and GenL defamatory. We believe that HardOCP should compensate GenL with a donation for their offending error. After all, GenL does us all a favor - for free - out of good will. We also recommend that HardOCP should check their sources and investigate before they publish false accusations.

Regarding Kyle Bennett’s comment, we would like to invite all HardOCP users to join our fascist-free forums. Unlike other websites, NGOHQ.com is a consumer-orientated website and proud of it, and we will always be loyal to this policy. Our loyalty to our readers cannot be sold or rented. We believe that someone has to defend consumer rights even if it’s unwise financially and may turn vendors against us.

http://www.ngohq.com/news/17755-ngohq-responses-to-hardocps-false-accusations.html

 

[Arcygenical]

Calling [H] out directly like that smacks of desperation. Kyle's likely response: "K, lol"

 

[talon_262]

NGOHQ.com's response:


http://www.ngohq.com/news/17755-ngohq-responses-to-hardocps-false-accusations.html

As I posted in reply to REGENERATION back at R3D, Lup:

I understand Kyle & Co. pissed you off, but with this "rebuttal", you just bypassed sticking your foot in your mouth and instead deepthroated both of your legs. [H], just as NGOHQ and R3D are, is a private enterprise, run by their ownership/management as they see fit, not to soothe your ego; if they're wrong, I think they'll say so.

/seriously, whipping out the word "fascist" or a variation thereof to describe Kyle and the [H]? That word doesn't mean what you think it means...

 

[Lupine]

As I posted in reply to REGENERATION back at R3D, Lup:

The leg deep-throating part is pretty sig-worthy lol.

 

[talon_262]

The leg deep-throating part is pretty sig-worthy lol.

*bows* Thank you, thank you very much! Don't forget to tip your waitress and try the veal!

 

[Hornet]

I like how they take this opportunity to promote their forum at the end of their rant
*facepalm*

 

[Riftsaw]

The drama! I love it.

Aside from that, I haven't even bothered doing a scan even though I had plenty of chances to do so while I worked on other people's PCs today.

If its the free packer acting up like that, I'm willing to throw a fiver towards him packing it up in something that doesn't make AVs panic.

 

[caveman-jim]

why doesn't this post include this:

Because that comment was in direct response to another Rage3D members' question, not something REGENERATION asked.

I'm not sure why "no comment" needs clarification - REGENERATION decided he wanted to be purile based on some imagined insult. I said I'm not going to comment. No winks, no smilies, no emotional context to indicate sarcasm, or otherwise.

 

[thesmokingman]

Because that comment was in direct response to another Rage3D members' question, not something REGENERATION asked.

I'm not sure why "no comment" needs clarification - REGENERATION decided he wanted to be purile based on some imagined insult. I said I'm not going to comment. No winks, no smilies, no emotional context to indicate sarcasm, or otherwise.

Dude knee jerk much? Obviously you haven't followed GenL's work on the physx mod, obviously...

 

[RADEoN]

Which never indicates something good is to be said. A false detection and people are going on forum wars that are completely pointless.

If this shit was for real, we'd have heard it sooner and seen more complaints.
Posted via [H] Mobile Device

 

[Derangel]

Why would you even for a second trust anything that Symantec puts out?

Symantec, Mcafee, and Norton are the WORST pieces of crap software that dare to call themselves anti-virus products.... other then the fake ones that I end up having to clean off of people's systems.. most of which have one of the 3 aforementioned products on their computers.

While I don't disagree with your post, one thing to note: Symantec makes Norton. They're not two different companies.

 

[Blacklash]

Didn't symantec detect ATi drivers as being loaded with spyware or a virus at one time?

I've had false positives from them before.

 

[anonmoniker]

loldrama

 

[Parmenides]

Given that it is indeed a false positive, their response/rant does not make them look any better. That's for sure. They make it sound like HardOCP is always against any sort PhysX mod. If they are innocent, they still know how to act childish.



There must be some bad blood from before this all.

 

[Blacklash]

Read this old post for some NAV goodness

http://www.computerworld.com/s/arti...se_positive_cripples_thousands_of_Chinese_PCs

 

[thesmokingman]

Read this old post for some NAV goodness

http://www.computerworld.com/s/arti...se_positive_cripples_thousands_of_Chinese_PCs

Yea, these guys always know what they are doing just like McChokeafee.

 

[teenk]

Given that it is indeed a false positive, their response/rant does not make them look any better. That's for sure. They make it sound like HardOCP is always against any sort PhysX mod. If they are innocent, they still know how to act childish.



There must be some bad blood from before this all.

Kyle gave a knee jerk reaction to some forum member posting that the mod is a trojan. Most everybody kissed his ass for it. NGOHQ makes a knee jerk reaction to a knee jerk reaction and most everybody here rips them for it. I looked at it this morning and saw Kyle's post and thought this will not turn out good. Kinda reminded me of that Newegg i7 a few weeks ago.

 

[Riftsaw]

Kyle gave a knee jerk reaction to some forum member posting that the mod is a trojan. Most everybody kissed his ass for it. NGOHQ makes a knee jerk reaction to a knee jerk reaction and most everybody here rips them for it.

I'm sure an equal and opposite reaction is happening on the NGOHQ boards.

Anyway, this'll only go on for as long as we allow it to be an issue.

One side says its a false positive and the other side is playing safe. And me? I'm eating a sandwich.

If anyone feels the stance [H] took is mistaken or premature, they could throw together a bunch of donations to send over so the creator can get a non-free packer and end this false-positive shit once and for all. Hell I'll even chip in.

 

[Lupine]

I like how they take this opportunity to promote their forum at the end of their rant
*facepalm*

The fact that I source quotes doesn't infer support.

 

[enzolt]

http://www.ngohq.com/news/17755-ngohq-responds-to-hardocps-false-accusations.html

You guys read this yet? Its a false positive.

Also, NGOHQ resents the fact that they are being called an ex-warez site

http://www.ngohq.com/off-topic/17757-active-viral-marketing-campaign-against-ngohq.html

So much controversy going on..........

 

[technogiant]

I can't believe that Kyle Bennett would publish such a slanderous article with so little evidence or research. Surely someone of his standing would be aware of the potential of AV software to produce false positives? And yet he has done and slanders another site in the process, so you have to ask why?
I've noticed Kyle is very protective of Nvidia in the past, really to the point that it is obvious bias, perhaps he is in their pockets or should I say they are linning his.
People here should see this report as proof of this and move to a site that provides correct information without paid for bias.....NGOHQ is a good example of that.

 

[Hornet]

The fact that I source quotes doesn't infer support.

I did not imply that you support or agree with them.

My post was referring to NGOHQ's response. By "this opportunity" I mean this whole fiasco with their mod thing, not you quoting their statement

 

[fnord0]

wow, lot's of drama... just want to say, I've used NGOHQ's driver signature enforcement overrider tool and was elated to see that they released a Phys-X mod for ATI folk. it's sad to see one of my fav sites ([H]) ripping into these guys, as I think they are doing the community a favor by releasing their software, for free.

[H]: I love u guys, but I am sad to say I think you are wrong on this. antivirus scanners and false positives are very common, heck I recall when the daniel_K modded creative drivers would spawn antivirus false positives. this seems like a similar situation, but [H] I think is dumping on the wrong group... imho some [H] people should be dropping their antivirii apps, and hopefully rethinking the position posted on the [H] front page, and thanking the NGOHQ guys for their contributions to the driver modding community at large.

 

[Hornet]

I can't believe that Kyle Bennett would publish such a slanderous article with so little evidence or research. Surely someone of his standing would be aware of the potential of AV software to produce false positives? And yet he has done and slanders another site in the process, so you have to ask why?
I've noticed Kyle is very protective of Nvidia in the past, really to the point that it is obvious bias, perhaps he is in their pockets or should I say they are linning his.
People here should see this report as proof of this and move to a site that provides correct information without paid for bias.....NGOHQ is a good example of that.

The article posted was to stop people from continuing to download and use that mode, which at the time it was posted, nobody knows it was false positive yet. Yes, Kyle can take the time to investigate, send a mail to the site admin and wait for his response, but other users who are unaware would continue to download and use the mod.

What if it turned out to be true? Many more users would be infected while we investigate it.

HardOCP posted the link here previously, if they have no integrity, they would just keep quiet while investigating it, and praying that its false. Instead, they decided to announce it at once to stop us from continuing to download and use it even though they will be criticize for posting links without verifying that its safe first.