Hi,

I'm using Kapersky Internet Security 10. Regnum always was in the trusted group and I never had problems with Regnum starting, running or updating until now. 14 hours ago I wanted to log into the game. The launcher verified and then downloaded 1.6 MB, closed itself, but didn't restart. After a while I started the launcher again and got a message "PDM.Worm.p2p.generic" with risk 100%. Since then, it tries to patch if I start the launcher, but either it is stopped or moved to quarantine by Kapersky.

I might be able to make it work, but I would first like to know,
1) if that patch was intended by NGD
2) why it is suddenly judged as being extremely risky although in the trusted group of Kapersky

In short, I don't trust that unannounced patch. Could I please get a confirmation, that it is an official NGD patch?

I can confirm this, I'm using Kaspersky 10 as well. Same thing happened to me, but my antivirus automatically quarantined the worm (I think..)

I'd like an answer on this as well.

I can't speak for NGD, but I work in the malware removal industry and clean viruses and trojans off multiple computers every day. I can tell you a little about the detection:

PDM = potentially dangerous module. So it's not saying it is definitely a threat, just that it detected some behavior that could be considered dangerous.

The p2p generic part tells a bit more about the suspect behavior. P2P in this context means peer to peer (like filesharing - what applications like limewire / frostwire / bearshare, etc do) and again the generic indicates that no specific threat pattern was matched, just generic code that looks like fire sharing code. Considering that the file is an auto-patcher that downloads updates and applies them to an installed application (game) I don't find this detection particularly troublesome. I would interpret it as a false alarm and consider it safe.

I did apply the patch to my system and have run a thorough malware check on my machine and I have no signs of any infection.

DISCLAIMER: this is only my opinion - I am a professional and believe my assessment to be accurate, but it is still only my opinion and I could be wrong, of course. This post is made for informational purposes only and is not to be considered advice in any official capacity. Your actions are entirely your own and I expressly deny any legal responsibility for any action you may or may not take as a result of this information. :angel2:

That was a very helpful explanation, cheapPK. Although I still don't understand why Kapersky suddenly reacts this way, although Regnum's executables are all trusted (and nearly uncontrolled), I consider this a legal patch and do my workaround to get RO running again.

Thank you :)

can u inform a false detection to KIS?

may it helps