Forgotten Hope Toolbox - McAfee - Trojan Artemis Issue

[pvtgmerpyleusmc]

Last night I ran a virus scan on my machine using McAfee, and it flagged FH2_Toolbox.exe and the 2nd part of the downloaded install executable that was part of the Forgotten_Hope2_v2.2.zip file as containing Trojan Generic!Artemis.

McAfee also removed a registry entry for FH2.

I downloaded the 2.2 update using mu Torrent shortly after it's release. 

Questions:

(1)  Has anyone else seen this with McAfee or some other virus protection like Avast or Trend?

(2)  Is this an erroneous recognition on the part of McAfee, much like one that would previously occur with an older version of AVG where it would quarantine - I think it was the game spy browser portion - of the original BF1942 and make it unplayable.

(3)  Is this an actual Trojan infection that has been noted by others here, and if so, where can I find a clean copy of the FH2.2 client?  My gut feeling after having researched Generic!Artemis is that it's a browser hijacker and I've experienced none of this.  That said, it's possible that it was deployed in such a way as part of it's payload may not have installed and worked as it should've.

Thanks guys.  I really appreciate the assistance. 

[pvtgmerpyleusmc]

I think I found the answer myself, but I wanted to post it here for others to view.  Apparently this is a result of a false positive (see web link).  Trojan Generic!Artemis basically means that McAfee found something suspicious, flagged it as a trojan, and assigned the name of it's new threat technology, Artemis.

Therefore, if you're using McAfee as your virus protection software, you'd be well advised to exclude C:\EA Games\Battlefield 2 and it's associated sub folders from any "full" scan that you do as well as your FH2 install files.

http://www.thetechherald.com/article.php/200847/2460/Review-McAfee-Total-Protection-2009?page=1

[Die Happy]

first time i read about something like this


however the toolbox is not included and supported in FH 2.2 anymore.
i would say it is false alarm.
try using some online virus scanner and scan those files again.

[sheikyerbouti]

 my download of 2.2 had a copy of the toolbox inside. I found it under : Program Files\EA GAMES\Battlefield 2\mods\fh2\binaries\fh2_toolbox

 I use it every day to see which servers are running and whether or not the North American servers are up and running. I have also found that the toolbox works for me to connect to servers, whereas it barely worked at all during 2.15. (that lag compensator can be a lifesaver)

 Under Kaspersky Internet Security, I get a number of FH2 related material that are flagged as "keyloggers" on my PC. I just checked and i got warnings for the FH2 toolbox, Fh2.exe and the Fh2 crash reporter but they were all classed as low.

[General Tso]

Why isn't the toolbox supported?  I still use it and find it very handy.  The lag compensation thing is nice, because it looks like I'll be playing in Europe again. 

[Die Happy]

because the only dev who developed it isnt active anymore
no dev = no support

[Laboraffe]

I find it handy to check if suitable servers (low ping with lots of players) are available from the Toolbox, however launching from it takes considerably longer than simply starting FH2 and then joining. But then, if the the servers have not previously been laboriously added to favorites then it can be time consuming to find the one you want. As it is, it seems all the filters must be disabled and then the full list parsed with FH2 or Forgotten although that can still miss some surprisingly enough. It would be nice if all servers standardized on including FH2 at the beginning of their name or indeed if something could be done with the browser filters.

[Remdul]

The toolbox EXE is compressed with an 'EXE compressor', which makes the file smaller. A lot of malware is compressed because that makes it easier to distribute and hides some info that is otherwise easy to detect. Hence the false positives.