Kaspersky detecting Trojan in Lotroclient.exe

[Paniro84]

Hi

I can open up the launcher and select a server, but as soon as I connect, Kaspersky detects a virus in Lotroclient.exe, specifically "PDM:Trojan.Win32.Bazon.A" . it then immediately deletes the .exe and the game doesn't start. I restart the launcher, which automatically re-downloads the .exe, but then deletes the file again.

I set the restriction to "low-restricted", but it still deletes. I would change it to "trusted", but from what I've seen on the net, its seems to be a pretty bad virus, if it was "..n32.Generic.wdc" then it's probably ok, but this one isn't.

So, is the file ok to run? is it a false positive?
and is it ok to set the restrictions to "trusted"? or deactivate Anti-Virus? or other method?

Many thanks

[WillOTheWisp]

I am having the same problem.

I am using ZoneAlarm anti-virus.

[OrophinElensar]

Hi Paniro 84,

I have exactly the same problem and my girlfriend too. We are both using Kaspersky PURE 3.0

I de-activated it just to check and the game launches normally. I just hope it's gonna be solved quickly.
Gonna check Kaspersky's forums for now.

[Thruili]

I got the same problem and need to redownload the lotroclient again which unfortunately takes ages with my lowspeed internet connection.

[OrophinElensar]

I got the same problem and need to redownload the lotroclient again which unfortunately takes ages with my lowspeed internet connection.

Hmmmm maybe not, like me you might find the exe in your quarantine folder.

[Frelorn]

Thanks for the reports. We are looking into why this popped up now, but as of this moment we do not have a root cause as to why just Kaspersky users are having this issue. We do know that many companies have been increasing their Anti-Virus security due to the rising number of threats.

For those of you having this issue we recommend you do a full scan just to be safe, and once that is done you can add LOTRO to your safe list. This should allow you play LOTRO without issue. You can see how to add something to your safe list here: http://support.kaspersky.com/9724

[pinkcupcake]

I'm also having the problem (I'm using Kasperksy too). I restored the quarantined file, fiddled with my firewall and unblocked the lotroclient. Still nothing. I was so looking forward to playing today as it's my birthday!

[Paniro84]

Thanks for the reports. We are looking into why this popped up now, but as of this moment we do not have a root cause as to why just Kaspersky users are having this issue. We do know that many companies have been increasing their Anti-Virus security due to the rising number of threats.

For those of you having this issue we recommend you do a full scan just to be safe, and once that is done you can add LOTRO to your safe list. This should allow you play LOTRO without issue. You can see how to add something to your safe list here: http://support.kaspersky.com/9724

Thanks Frelorn, I was going to post on Kaspersky's forum, see if anyone there knows the severity of the Malware. But its good to here from the horse's mouth that you guys are aware of the issue and now have the option to continue playing, thanks for the link.

[hippocrit01]

Fre... I am also having the same problems with Kaspersky.... note above willowisp is not using Kaspersky and is also having the problem... I think it not wise to disable Kaspersky as it is reporting a Trojan "Detected: Trojan.Win32.Bazon.a" followed by 'Process (PID: 1732): c\program files (x86)\the lo...\lotroclient.exe'

I got a Trojan from DD online a few years back in a similar suspension process. Please help us... thanx in advance

[Masragorn]

Frelorn, thank you for your response. I would like to note two things for you:
1) Kaspersky Pure 3.0 was not the only antivirus product that is detecting Trojan.Win32.Bazon.a in lotroclient.exe. One person reported using ZoneAlarm, and my wife and I are using Kaspersky Internet Security 2013, which are both detecting the same malware.
2) Attempting to identify lotroclient.exe as a "trusted application" in Kaspersky Internet Security 2013 does not help. Kaspersky continues to flag the application has being infected with the Trojan.Win32.Bazon.a malware, blocks the application, and quarantines it. I have found no combinations of setting lotroclient.exe as a trusted application that prevents this behavior; Kaspersky is apparently overriding the settings in active detection.

We have been unable to play LoTRO since this issue appeared earlier today.

[Frelorn]

Frelorn, thank you for your response. I would like to note two things for you:
1) Kaspersky Pure 3.0 was not the only antivirus product that is detecting Trojan.Win32.Bazon.a in lotroclient.exe. One person reported using ZoneAlarm, and my wife and I are using Kaspersky Internet Security 2013, which are both detecting the same malware.
2) Attempting to identify lotroclient.exe as a "trusted application" in Kaspersky Internet Security 2013 does not help. Kaspersky continues to flag the application has being infected with the Trojan.Win32.Bazon.a malware, blocks the application, and quarantines it. I have found no combinations of setting lotroclient.exe as a trusted application that prevents this behavior; Kaspersky is apparently overriding the settings in active detection.

We have been unable to play LoTRO since this issue appeared earlier today.

The Zone Alarm error I saw reported was something different (Akamai NetSession Client) which is a known message from time to time with LOTRO, though there is a post above but not too much detail there. The one you are reporting seems isolated to just Kaspersky users as far as we have seen thus far. Our tech support may be able to help you work through this and get you playing again if you want to try contacting them about it. http://support.turbine.com

[Paniro84]

Frelorn, thank you for your response. I would like to note two things for you:
1) Kaspersky Pure 3.0 was not the only antivirus product that is detecting Trojan.Win32.Bazon.a in lotroclient.exe. One person reported using ZoneAlarm, and my wife and I are using Kaspersky Internet Security 2013, which are both detecting the same malware.
2) Attempting to identify lotroclient.exe as a "trusted application" in Kaspersky Internet Security 2013 does not help. Kaspersky continues to flag the application has being infected with the Trojan.Win32.Bazon.a malware, blocks the application, and quarantines it. I have found no combinations of setting lotroclient.exe as a trusted application that prevents this behavior; Kaspersky is apparently overriding the settings in active detection.

We have been unable to play LoTRO since this issue appeared earlier today.

Hi Masragorn, If you follow the instructions in Frelorn's link, it allows you to leave it as "low restricted" and it should open, i've managed to get online. I'm using KIS 2015, it maybe different from 2009 and 2013, but if you navigate to the application manager, right click on the Lotroclient.exe, select "details and rules", another window will pop up, under the "exclusions" tab you should see the tick boxes, select all these and click save. it will allow you get online, whether there is still a risk is another question, it maybe safe to leave until we know for sure its safe.

[Amrundir]

If you are unsure, upload your file to virustotal or jotti.

Here my results:
http://virusscan.jotti.org/de/scanre...297be7bb501292
https://www.virustotal.com/de/file/7...ef80/analysis/

[fiets]

My Kaspersky 2015 detected UDSangerousObject.Multi.Generic in C:\Program Files (x86)\Codemasters\The Lord of the Rings Online\lotroclient. exe in stead of the other trojan. I could at first log in and only when i chose server and doubleclicked did i get the message from my virusscanner. After i restarted the computer to complete desinfecting and started the client again it asked me to agree to the akamai terms of agreement. I have done now a full scan of my computer and found nothing.

Argh...obviously the emote isnt detected , read UDS:capitalD

[hippocrit01]

Fre I have turned in a ticket as suggested....

[OrophinElensar]

Me and my girlfriend had already put the file in the safe list and have been able to play tonight although i have been disconnected twice but am not sure it has anything to do with this issue.

Anyway, it would be good to know what to do exactly.

Thanks Frelorn for your answer.

[Masragorn]

Finally succeeded in setting lotroclient.exe as a "trusted application", and was able to get online.

[Stormrider39]

I have Kasperski Pure 3.0. I tried to follow the link on how to add lotroclient.exe to the trusted zone, but I don't see lotroclient.exe as a selection when I try to put it in. I see AppProgramm:TurbineInc. and I selected that and started to follow the rest of the steps, checked all the boxes, but do I want "all" or "encrypted" network traffic? I don't understand the rest about a assigning a hotspot and IP address. I don't even know what the IP address is.

I am not sure I did anything in Kaspersky that helped. The game still won't load. I am afraid I don't understand all of this technical stuff. What can I do?

[BasicInformationIIII]

My experience at first was like fiets with UDS DangerousObject.Multi.Generic. Also got the Akamai agreement.

I rebooted the system restarted the launcher. When lotroclient started I got the Trojan.Win32.Bazon.a message with it being cleaned.

I started the launcher again and got the lotroclient redownloaded without launching lotroclient.exe. I did a Kaspersky file scan with no report of malware.

However, as soon as lotroclient launched I got a couple of Kaspersky pop ups that went by quickly. The messages indicated that lotroclient.exe was behaving like malware and was promptly stopped and quarantined. If Kaspersky logs the popups somewhere I could report the content. As it was I am reporting what I thought I saw that went by quickly.

The questions I ask myself: Is it safe to try to configure Kaspersky to trust lotroclient? I mean perhaps the LOTRO site has been compromised or could be at some time in the future. Is it a Kaspersky issue or a lotroclient issue?

[Stormrider39]

I figured it out. At AppProgramm:Turbine,Inc., double click on it to go to the next level and there are all of the lotroclient.exe and lotroclientlauncher.exe that can have the boxes checked off on them. I am back in the game.

[Finrodel-Laurelin]

I am using Zone Alarm and have the same problems.
After patching i could login to my account, but Zonealarm pbly changed something in the client and it just stopped.
Next try the client (8MB) had to be patched again and the problem repeated.

Akamai NetSession Client was indicated, so I turned down protection of that tool.
Now I can login and play again.
Is that safe enough ?

[fiets]

I am using Zone Alarm and have the same problems.
After patching i could login to my account, but Zonealarm pbly changed something in the client and it just stopped.
Next try the client (8MB) had to be patched again and the problem repeated.

Akamai NetSession Client was indicated, so I turned down protection of that tool.
Now I can login and play again.
Is that safe enough ?

Thats my question as well. It is simple enough to add lotroclient to the trusted list as a workaround. Probably, as someone suggested, it is as simple as a missing signature from a trusted party which leads to the antivirus program treating lotroclient with alarmbells. I dont know anything about programming and trojans etc. but i don´t want to ignore my antivirussoftware when it says a program is not safe. For all i know some leak is used and the program now has a malicious object in it like Kaspersky states. I´ll just go another day without playing till the problem is solved . I hate sending tickets for a generic problem especially when they ask me my email adress again.

[Grimdi]

Thats my question as well. It is simple enough to add lotroclient to the trusted list as a workaround. Probably, as someone suggested, it is as simple as a missing signature from a trusted party which leads to the antivirus program treating lotroclient with alarmbells. I dont know anything about programming and trojans etc. but i don´t want to ignore my antivirussoftware when it says a program is not safe. For all i know some leak is used and the program now has a malicious object in it like Kaspersky states.

If a established and generally trusted software company says that it is a false positive you better believe it. Antivirus software is horrible when it comes to heuristic detection and does a very poor job at properly telling users what's going on (as unfortunately too many people are apparently unable to read/understand proper messages).

[Deisos]

Hello, i have exactly the same problem. I probably don't saw the answer, but perhaps an official can confirm this is a false positive ? if not, it means there is a serious doubt !

[DarthSidious1973]

Hi

I can open up the launcher and select a server, but as soon as I connect, Kaspersky detects a virus in Lotroclient.exe, specifically "PDM:Trojan.Win32.Bazon.A" . it then immediately deletes the .exe and the game doesn't start. I restart the launcher, which automatically re-downloads the .exe, but then deletes the file again.

I set the restriction to "low-restricted", but it still deletes. I would change it to "trusted", but from what I've seen on the net, its seems to be a pretty bad virus, if it was "..n32.Generic.wdc" then it's probably ok, but this one isn't.

So, is the file ok to run? is it a false positive?
and is it ok to set the restrictions to "trusted"? or deactivate Anti-Virus? or other method?

Many thanks

Today, after update 20.1.1, kaspersky internet security detects the same virus!!!!! What happen???