I just recieved neverwinter nights 2 from play.com (i pre orderd it)

I installed it and told the game to update, all went well with the dowload of the patch but when it starts the patching process proper my virus checker finds this : W32/IRCBot-based!Maximus at C:\PROGRAM FILES\ATARI\NEVERWINTER N...\SERVERMONITORCONSOLE.EXE

then the patching stops and i get this error

Verify of new file failed
get the critical rebuild
http://nwn2.obsidian.net/support/patch_english.html#crit
the patch has been aborted.

So if anyone from atari can help it would be appreciated

It looks to me like your virus scanner is being over-sensitive. Its highly unlikely that you'd get any virus or trojan from the official patch site.

I'd suggest getting updated virus definitions for your scanner (or simply turn it off temporarily) then re-starting the automatic update process or starting afresh and download the critical rebuild patch.

W32/IRCBot-based!Maximus at C:\PROGRAM FILES\ATARI\NEVERWINTER N...\SERVERMONITORCONSOLE.EXE

It sounds like a false positive - however, it is very odd.

The IRCBot heuristics have not been known to generate false positives in the past, and they are very specific on just what they look for. I just talked to Michael (the programmer responsible for the Maximus heuristics), and he is as surprised as I am. Send us the SERVERMONITORCONSOLE.EXE program and we will get this straightened out in the AV program in no time if it is a false positive.

W32/IRCBot-based!Maximus at C:\PROGRAM FILES\ATARI\NEVERWINTER N...\SERVERMONITORCONSOLE.EXE

It sounds like a false positive - however, it is very odd.

The IRCBot heuristics have not been known to generate false positives in the past, and they are very specific on just what they look for. I just talked to Michael (the programmer responsible for the Maximus heuristics), and he is as surprised as I am. Send us the SERVERMONITORCONSOLE.EXE program and we will get this straightened out in the AV program in no time if it is a false positive.


Im just re-doing the patch now as my virus checker deleted the file. ive now set it to report only so it should leave the file so i can send it.

Thanks for the replys :)

It seems when the patching proccess aborts it delete's all the files to do with the patch as SERVERMONITORCONSOLE.EXE is no where to be found on my system.

Ive tried patching with the virus checker disabled but it still aborts at the same place :noooo:

ive managed to patch the game but my virus checker keeps finding SERVERMONITORCONSOLE.EXE

Where should i send this file as ive have now located it ?

to mike [at] f-prot.com (that's me) thx m8!

to mike [at] f-prot.com (that's me) thx m8!


Sent, thanks for your help

Ok got it! thx again

please post, as soon as you got to inspect that file...

ah, and thanks for your assistance, mike!

Let's say it in this way that due to the fact that this file is involved into license checking i can't discuss this here in details. It is not "really" malicious in this way that it acts like real malware but - and please note that this is my personal oppinion - i would consider this file as a serious security risk. Because i do not have the full package of the game (only this file) it is difficult to draw a final conclusion how serious this really is. I fixed the detection, it should not be detected anymore via heuristic analysing. However, i'm not really happy with this solution. Development Companies should learn how to develop especially parts of a program which are interacting via internet transfer (TCP/IP port access) ***especially if IRC is involved*** in a proper AND SECURE way. As i said i'm sorry that i cannot discuss this here because i do not know the EULA or other components which might interact into this.

Mike