Hey guys, sorry if this is in the wrong forum, but it's important. For some reason, today when I launched Minecraft, my Avast Antivirus says that there is a virus contained with in and it closes the game. It was working fine last night around 9:00 p.m. PST when I was playing LAN with my sister, but this morning it's telling me there's a virus. Wtf is the problem?If it helps any, the only thing I've downloaded is a map for the 'White Cannon Tournament, sponsored by MindCrack' from the official link.
I am 100% sure the map is not a virus. It is the direct official link from the trailer video released by the Mindcrack Network on Youtube. I just removed the map from my computer, and its still giving me the warning. It says the 'Object' is 'http://pixel.quantserve.com/ , which is a site I have never heard of nor gone to before.
I know, the same thing is happening with me. The exact same thing. It's almost 9PM here and I was playing yesterday at 11PM. I think maybe Mojang is being attacked by hackers? Who knows. I'll lay low until I stop getting alerts.
I have gotten the same warning too! I am a bit worried, someone should look into this. Everything was fine last night, but this morning, as soon as I launched Minecraft, the same malware warning popped up in avast... hopefully its nothing to worry about and perhaps just an Avast thing. But if someone would let us know, I'd be grateful.
Thanks.
Hey guys,
same for me. Can anybody confirm it is false-positive? I launched Minecraft more than one time today on this laptop always getting this message. I made a boot-time scan, it did not found anything. The bigger problem is: I launched Minecraft on my freshly installed Windows Server 2012 too. And there is no antivirus software due MS removed Windows Defender in this version and other AV-Software (including AVAST!) refuses to install.
Did I really infected my freshly installed Server with a virus after only 2 days of using?
I just have disassembled the file using ida free. Nothing that looks pretty shell-code-like or malicious. Just the 'GIF89a'-Magic number and some bytes that look like the GIF-header. Has many 0-bytes in it, what shellcode typically avoids. And 35 bytes are too few for writing something malicius. Seems to be either false-positive or free download manager didn't download the whole file.
Wait wait wait, what does MrSnowBunni mean about this coming from Tumblr? I'm confused. I use Tumblr a lot, are you saying the virus is infecting Minecraft from Tumblr? or are you just using Tumblr as an example of what is going on right now?
It seems that the minecraft launcher has content from Tumblr. If you look at the upper right hand corner of the launcher, it will say "Powered by Tumblr". This has reminded me to update to the latest java XD. I have been running java 7 update 9 and forgot to update it. Everyone else should take this time to update their java to the latest version :P. (This does not fix the false positive).
I also got this problem, so i searched for the http://pixel.quantserve.com/pixel/ on the web. And some people say (non minecraft related) that quantserve is like google analytics and that it is not a virus. So i searched for quantserve and its seems to be legit site but still i could be wroung.
I got this too today, some are saying tumblr was hacked or something but I'm not sure i can still run minecraft but avast blocks whatever it is it doesn't show up in virus scans either so it's something web based.
I still remember when games would constantly trigger, a "OHMYGOSH THAT'S A VIRUS!!' reaction from it. xD It was also really bad at finding trojans and such.
I just use Malwarebytes and SuperAntispyware these days.
MALurl's are not always virii (thanks by the way to whomever bumped this so I could see it). Avast is a bit paranoid when it comes to 'hot-linked' images as they can be used in two malicious ways...
1. May increase traffic to a server beyond capability ((DDOS))
2. May be use to secretly track users of a given software by IP.
The second takes a bit of explaining... if an image is not linked by any web page, but is only used by a given program via hotlink, the Log of GETs for that image will give you a list of IP addresses ( computers) running that software.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
Can't think its tumblr... I load it in chrome, no alerts... only happening in launcher.
Thanks.
same for me. Can anybody confirm it is false-positive? I launched Minecraft more than one time today on this laptop always getting this message. I made a boot-time scan, it did not found anything. The bigger problem is: I launched Minecraft on my freshly installed Windows Server 2012 too. And there is no antivirus software due MS removed Windows Defender in this version and other AV-Software (including AVAST!) refuses to install.
Did I really infected my freshly installed Server with a virus after only 2 days of using?
PS: Sorry for my poor english.
seg000:00000000 ; +-------------------------------------------------------------------------+
seg000:00000000 ; ¦ This file is generated by The Interactive Disassembler (IDA) ¦
seg000:00000000 ; ¦ Copyright © 2010 by Hex-Rays SA, <[email protected]> ¦
seg000:00000000 ; ¦ Licensed to: Freeware version ¦
seg000:00000000 ; +-------------------------------------------------------------------------+
seg000:00000000 ;
seg000:00000000 ; Input MD5 : 55D25E9DC950D5DB4D53A3B195C046C6
seg000:00000000
seg000:00000000 ; File Name : C:\Downloads\p-19UtqE8ngoZbM_._gif_.__evil
seg000:00000000 ; Format : Binary file
seg000:00000000 ; Base Address: 0000h Range: 0000h - 0023h Loaded length: 0023h
seg000:00000000
seg000:00000000 .686p
seg000:00000000 .mmx
seg000:00000000 .model flat
seg000:00000000
seg000:00000000 ; ---------------------------------------------------------------------------
seg000:00000000
seg000:00000000 ; Segment type: Pure code
seg000:00000000 seg000 segment byte public 'CODE' use32
seg000:00000000 assume cs:seg000
seg000:00000000 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
seg000:00000000 GIF_Header <'GIF89a', 1, 1, 0, 0, 0>
seg000:0000000D GIF_ImageDesc <2Ch, 0, 0, 1, 1, localColorTable> ; sizeColor table = 0 -> Color table contains 2 ^ (0 + 1) = 2 entries
seg000:00000017 GIF_LocalColorTableEntry <0FFh, 0FFh, 0FFh>
seg000:0000001A GIF_LocalColorTableEntry <0>
seg000:0000001D db 2 ; Initial count of LZW bits
seg000:0000001E db 2 ; Image data
seg000:0000001F db 44h ; D
seg000:00000020 db 1
seg000:00000021 db 0
seg000:00000022 db 3Bh ; ; ; End of image data
seg000:00000022 seg000 ends
seg000:00000022
seg000:00000022
seg000:00000022 end
And the structure definitions:
00000000 ; D/A/* : create structure member (data/ascii/array)
00000000 ; N : rename structure or structure member
00000000 ; U : delete structure member
00000000 ; ---------------------------------------------------------------------------
00000000
00000000 GIF_Header struc ; (sizeof=0xD)
00000000 GIF_magic db 6 dup(?) ; GIF89a or GIF87a
00000006 width dw ? ; width
00000008 height dw ?
0000000A colorTableInfo db ?
0000000B indBackColor db ?
0000000C pxAspectRatio db ?
0000000D GIF_Header ends
0000000D
00000000 ; ---------------------------------------------------------------------------
00000000
00000000 GIF_ImageDesc struc ; (sizeof=0xA)
00000000 imageSeperator db ? ; Should be 0x2C
00000001 imageLeftPos dw ?
00000003 imageTopPos dw ?
00000005 imageWidth dw ?
00000007 imageHeight dw ?
00000009 imageFlags db ? ; enum GIF_imageDesc_imageFlags
0000000A GIF_ImageDesc ends
0000000A
00000000 ; ---------------------------------------------------------------------------
00000000
00000000 GIF_LocalColorTableEntry struc ; (sizeof=0x3)
00000000 red db ? ; base 16
00000001 green db ? ; base 16
00000002 blue db ? ; base 16
00000003 GIF_LocalColorTableEntry ends
00000003
EDIT: After verifying the file does not contain any malicious code I opened it with mspaint. The result was a 1x1 px white picture.
I still remember when games would constantly trigger, a "OHMYGOSH THAT'S A VIRUS!!' reaction from it. xD It was also really bad at finding trojans and such.
I just use Malwarebytes and SuperAntispyware these days.
1. May increase traffic to a server beyond capability ((DDOS))
2. May be use to secretly track users of a given software by IP.
The second takes a bit of explaining... if an image is not linked by any web page, but is only used by a given program via hotlink, the Log of GETs for that image will give you a list of IP addresses ( computers) running that software.