Home » Archived Forums » RenGuard Client » Renguard/Norton Problems
| Re: Renguard/Norton Problems [message #176069 is a reply to message #176011] |
Sun, 23 October 2005 14:05   |
 |
rc22fires
Messages: 146
Registered: May 2005
Location: C&C & Software Sm...
Karma: 0
|
Recruit |
|
|
My svkp.sys WAS infected. I could not delete it due to write protection. Its size was more than it should have been. It WAS an infected version.
People who have gotten the infected version are the ones who got the Error: failed to initialize service! when trying to start RG.
Norton has added it to its bad list because of that virus that was going around.
Norton gives you the virus found message even after you have deleted or quarantined the svkp.sys file when starting RG because RG uses the svkp.sys and Norton detects that svkp.sys and RG work off eachother to infect your computer.
I have replaced my svkp.sys to get RG working. I got rid of Norton so I don't have to deal with its messages because I personally don't like putting a file used for viruses on a ignore list.
Please try this working AntiVirus freeware if you don't want Norton but don't have any idea what you would get instead.
http://free-av.com/
Please if you have gotten rid of the Norton problem and you are stuck with Error: failed to initialize server! message when starting RG just:
1. Uninstall RG.
2. Put in a clean svkp.sys to c:\windows\system32(attached)
3. Restart computer.
4. Innstall RG.
5. The core update sometimes fails to download and install itself. Download it from http://www.blackhand-studios.org
Also you would wan't the svkp.sys if you have deleted the other one even if your coppy wasn't infected as some were.
Well best of luck to all getting back on RG.
EDIT: Deleted svkp.sys attachment, as I already attached mine several posts ago in this same thread, and I cannot be certain of the integrity of yours. -Blazer
[Updated on: Mon, 24 October 2005 04:40] Report message to a moderator |
|
|
|
|
|
| Re: Renguard/Norton Problems [message #176093 is a reply to message #176090] |
Sun, 23 October 2005 17:29 |
=HT=T-Bird
Messages: 712
Registered: June 2005
Karma: 0
|
Colonel |
|
|
| Alkaline wrote on Sun, 23 October 2005 19:14 |
What is the possibility for rengaurd team to release something that lets renguard run without relying on this windows service?
|
0
Hint: Read Crimson's post on this earlier in this thread
HTT-Bird (IRC)
HTTBird (WOL)
Proud HazTeam Lieutenant.
BlackIntel Coder & Moderator.
If you have trouble running BIATCH on your FDS, have some questions about a BIATCH message or log entry, or think that BIATCH spit out a false positive, PLEASE contact the BlackIntel coding team and avoid wasting the time of others.
|
|
|
|
|
|
|
|
|
|
| Re: Renguard/Norton Problems [message #176116 is a reply to message #176114] |
Sun, 23 October 2005 22:10 |
CrazyNick
Messages: 11
Registered: October 2005
Karma: 0
|
Recruit |
|
|
|
Would someone help me with this problem.I don't want to fuck anything up.Can someone walk me through step by step and don't leave any important details out.I've tried what Kanezor "said" on page 2 at the end of the page.I went to delete the last HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _SVKP. and it gave me an error saying that I couldn't delete it. It gave me this error message
|
|
|
|
|
|
|
|
| Re: Renguard/Norton Problems [message #176139 is a reply to message #176096] |
Mon, 24 October 2005 02:40 |
 |
Blazer
Messages: 3322
Registered: February 2003
Location: Phoenix, AZ
Karma: 0
|
General (3 Stars)
Administrator/General |
|
|
| =HT=T-Bird wrote on Sun, 23 October 2005 20:47 |
I found what appears to be the website for SVKP itself. It appears to be a sophisticated (2Kbit RSA + Rijndael AES) encrypting protector for applications.
Link:
http://www.anticracking.sk/products_svkp.html
|
Excuse my french, but NO SHIT! As I have been saying SVKP is part of Renguard, BHS has a paid license for SVKP. It is an integral part of RG's protection.
I wish everyone would stop trying to "uninstall" SVKP, thinking it's something bad, or looking for a "clean" copy. SVKP is not infected, it is simply added to Nortons list of "hacker tools" because some script kiddies use the same protection on their viruses/trojans.
[Updated on: Mon, 24 October 2005 02:43] Report message to a moderator |
|
|
|
|
|
| Re: Renguard/Norton Problems [message #176145 is a reply to message #175500] |
Mon, 24 October 2005 03:39 |
|
Blazer
Messages: 3322
Registered: February 2003
Location: Phoenix, AZ
Karma: 0
|
General (3 Stars)
Administrator/General |
|
|
FYI, I have just sent this message to Symantec:
| Blazer |
I work for a nonprofit company that provides legacy support for a particular game title. One of our products is an anti-cheat addon, which utilizes the "SVKP Protector" to encrypt and protect our code from crackers.
In effect, every game client (thousands) are using our module, which utilizes SVKP.
The problem is that as of last week, Symantec added SVKP to their virus definitions as "Hacktool.Rootkit".
This is causing *major* disruption of our customers who use Symantec security products, as their game clients no longer work, and we are being flooded with support issues as the average joe user just sees a popup that they are "infected" and want to know why our software is a virus or trojan.
Please reply ASAP and let me know the procedure for requesting removal or alteration of a virus definition, or at least it's description page ( http://securityresponse.symantec.com/avcenter/venc/data/hack tool.rootkit.html), to include information to the effect of that just because a program is using SVKP, doesn't mean its a backdoor/trojan/rootkit.
Our company pays a licensing fee to use SVKP, and Symantec has pretty much pulled the rug out from under us....please advise.
|
|
|
|
|
| Re: Renguard/Norton Problems [message #176146 is a reply to message #175500] |
Mon, 24 October 2005 03:52 |
ingram091
Messages: 24
Registered: August 2003
Karma: 0
|
Recruit |
|
|
ok in an effort to smooth things over between clans... mostly under pressure from the clan to comply... I will make 1 civil post on this issue and then consider it dropped.
My problem is not with your using the tool, its not taking action to eliminate the need for a tool that is being used by numerous worms and viruses out there to launch their attacks. AND telling people to just allow it to work ignoring the virus warning. New viruses are NOT caught in time by anti-virus companies all the time. So by white listing a blocked tool you put yourself at a higher risk then is recommended. Just to use your program. In my particular case I can not use it anyway, because I use windows 2000, but that's another issue.
According to a message I received from AntiCracking@AntiCracking.sk the golden support customer base are able to receive an updated method for embedding their protection into their compiled executable. all you have to do is request a support ticket on the matter.
This is a computer safety issue, not a renguard issue.
according to symantec here http://securityresponse.symantec.com/avcenter/venc/data/w32. spybot.ubh.html the file "Creates the file %System%\SVKP.sys. This is used by the worm to unpack itself and execute" this is one of many worms currently using this method. Thats is why all of them are now adding it to their list of blocked signatures.
Thus it is a vulnerability that should not be used if at all possible. the developers are aware of its current abuse and are taking stems to secure the method through other means. but at this time its a vulnerability, most. including myself, are not willing to risk using just for a 3rd party anti-cheating program.
A similar problem is also hitting punkbuster, so there is no need to feel singled out. This is what they do. In any case. This is my last posting to your forums. I have no desire to continue the flame war between clans forums. I will instruct our members that upon a single complaint of continued flaming we will suspend them from HT clan for some predetermined period. I too will be suspended for a short time as a council member over this issue. This is an effort to repair any misgivings between clans and to end the PMs and flame posting...
thank you,
=HT=Ingram
HazTeam Council.
|
|
|
|
|
|
|
|
| Re: Renguard/Norton Problems [message #176155 is a reply to message #176146] |
Mon, 24 October 2005 05:00 |
|
Blazer
Messages: 3322
Registered: February 2003
Location: Phoenix, AZ
Karma: 0
|
General (3 Stars)
Administrator/General |
|
|
| ingram091 wrote on Mon, 24 October 2005 06:52 |
My problem is not with your using the tool, its not taking action to eliminate the need for a tool that is being used by numerous worms and viruses out there to launch their attacks. AND telling people to just allow it to work ignoring the virus warning.
|
Firstly, we cannot "eliminate the need for" the tool. If RG is not encrypted, there would be cracked copies of it out within 24 hours, and people would even be poking around it with a hex editor. And I would like to point out, that there has been no "virus warning". The alert the Symantec/Norton gives, if you actually take the time to read it, is that svkp.sys is not a virus itself, but rather may be part of or indication of another virus or trojan. To be honest, I have never heard or actually seen SVKP used for an actual virus, most script kiddies use UPX and other free exe wrappers.
| ingram091 wrote on Mon, 24 October 2005 06:52 |
New viruses are NOT caught in time by anti-virus companies all the time. So by white listing a blocked tool you put yourself at a higher risk then is recommended. Just to use your program.
|
As I said, blacklisting SVKP is about as silly as blacklisting Visual C++, since afterall, they can both be used to create or part of a virus. If its possible, I would recommend some combination of settings such that svkp.sys is ignored, except if something tries to overwrite it.
| ingram091 wrote on Mon, 24 October 2005 06:52 |
According to a message I received from AntiCracking@AntiCracking.sk the golden support customer base are able to receive an updated method for embedding their protection into their compiled executable. all you have to do is request a support ticket on the matter.
|
SVKP is a kernel mode ring-0 driver, and you cannot simply embed it into an executable. They do have lesser forms of protection that are not ring0 and can be embedded, but they can also be bypassed with ease, which is why we use the more elaborate solution.
| ingram091 wrote on Mon, 24 October 2005 06:52 |
This is a computer safety issue, not a renguard issue.
according to symantec here http://securityresponse.symantec.com/avcenter/venc/data/w32. spybot.ubh.html the file "Creates the file %System%\SVKP.sys. This is used by the worm to unpack itself and execute" this is one of many worms currently using this method. Thats is why all of them are now adding it to their list of blocked signatures.
|
That particular worm not only creates an SVKP.sys, it also exploits a bug in windows PNP (which has long since been fixed), and connects to an irc network. For to get infected by that worm, they would have to have a non-updated windows installation, the virus infection, and no firewall whatsoever (or at least one that wouldnt stop or popup on the outgoing irc connection). If they meet any of those criteria, I doubt blacklisting svkp will make them any more secure 
| ingram091 wrote on Mon, 24 October 2005 06:52 |
Thus it is a vulnerability that should not be used if at all possible. the developers are aware of its current abuse and are taking stems to secure the method through other means. but at this time its a vulnerability, most. including myself, are not willing to risk using just for a 3rd party anti-cheating program.
|
Until I hear of a significant number of cases where an actual virus uses SVKP, I would not be concerned at all about whitelisting SVKP.sys. The very URL you provided as "proof", shows that the number of reported infections were "0-49"...I bet it was a lot closer to 0 (like a single report), than it was to 49.
Despite my views, I do recognize that it's your computer and you are entitled to be a paranoid as you want. Just know that we are very aware of the issue and are taking steps to do what we can, including considering a different protection software for RG 1.04, and accelerating the development of RG 1.04.
|
|
|
|
|
|
| Re: Renguard/Norton Problems [message #176159 is a reply to message #176147] |
Mon, 24 October 2005 05:09 |
|
Blazer
Messages: 3322
Registered: February 2003
Location: Phoenix, AZ
Karma: 0
|
General (3 Stars)
Administrator/General |
|
|
| trashyall wrote on Mon, 24 October 2005 07:17 |
Hey it worked!!!
My only concern would be any other virus that uses this SVKP file?
Thanks for your help, sure glad soe of you know whats up so we can continue to enjoy playing Renegade!!!!
|
There has been a very isolated report to Symantic of a virus that used SVKP.sys. For all we know it is the very incident that caused them to put SVKP.sys on their blacklist. The strange thing is it's not often that anti-v companies add a *file name* to their blacklist, usually the fingerprint specific virii and detect them that way.
So, to answer your question, will blocking SVKP.sys stop any viruses that may use SVKP? Yes.
But also consider, that SVKP itself is not a "hacker tool", or a virus, or a trojan. It is the kernel mode driver part of the SVK Protection software, so basically, just because you have an SVKP.sys, doesn't mean you have a virus.
Think of it this way. Your car has blinking red lights to alert you of problems. So, does making sure there are no blinking red lights mean that your car is fine? Yes, but also just becauser there is a blinking light, doesn't mean it's something bad (alarm system?). So instead of making sure there are no blinking lights in your car, you consciously ignore the alarm system blinking light, because you know it's harmless. Same for SVKP.sys. If there was a real virus that used SVKP.sys, there would surely be other indications of it via either a direct fingerprint id by your antivirus, or your firewall, etc.
[Updated on: Mon, 24 October 2005 05:13] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Renguard/Norton Problems [message #176456 is a reply to message #176447] |
Tue, 25 October 2005 20:03 |
Kanezor
Messages: 855
Registered: February 2005
Location: Sugar Land, TX, USA
Karma: 0
|
Colonel |
|
|
| Alkaline wrote on Tue, 25 October 2005 20:31 |
Nightma, that isn't a solution, in fact any one saying get a better antivirus is an idiot.
People will uninstall RG over getting rid of Norton any day  
Personaly I would file a legal breif, send something directly to symantec threatning legal action against them if they don't resolve this issue.
|
I quite agree. Unless Symantec can prove SVKP not only can... but does cause harm to your computer, they should refund BHS (and all other of SVKP's clients) money, plus damages, plus public relations costs, etc etc.
---
|
|
|
|
 Re: Renguard/Norton Problems [message #176462 is a reply to message #175500] |
Tue, 25 October 2005 21:25 |
Xerevix
Messages: 2
Registered: September 2003
Karma: 0
|
Recruit |
|
|
If you follow Kanezor's instructions at the bottom of page two in this post, Renguard will once again work!! Even if you can't remove the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _SVKP. I was having the same problem w/Norton... I'm glad I read this though.
I would add one more step though. Norton Antivirus has an "Auto Protect" feature. You must put the SVKP file under the exclusions list for this feature as well, or when you start renguard again, the auto protect will kick in, and you'll get that same message.
Anyways, I'm glad Renguard is working again. I was in a game today, and it was 2vs1, and I was kickin some butt on hourglass, and they kept "!forcerg" me. I hate cheaters, and just because you're getting owned doesn't mean someone cheats...  Thanx Kanezor! 
|
|
|
|
Goto Forum:
Current Time: Wed May 15 03:47:00 MST 2024
Total time taken to generate the page: 0.01302 seconds
|
Search
Help
Members
Register
Login
Home
