Latest Diablo 3 News
DiabloWiki Updates
Support the site! Become a Diablo: IncGamers PAL - Remove ads and more!

Suspicious file creation on D2 startup

Discussion in 'Diablo 2 Patch Bug Reports & Suggestions' started by Psyrus, Sep 15, 2006.

  1. Psyrus

    Psyrus IncGamers Member

    Joined:
    Oct 15, 2004
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    41
    Suspicious file creation on D2 startup

    I don't know if this belongs here, but I guess I'll find out.

    This just began today. Almost immediately upon starting up D2, I get a warning from Windows Defender regarding the creation of CmdLineExt03.dll in the /system32 directory classifying it as a trojan named "CmdLineCM." Removing it is successful at every attempt, but it recreates itself everytime I restart D2.

    I ran a number of Google searches (dll name + diablo 2) to find out what the deal is, but the result leaves me more confused. I find search results containing people mentioning similar incidents: Half state that it is indeed a trojan and is in relation to game cracks, key generators, desktop hijacks, etc. The other half states that it's involved with CD copy protection and is normal. At this point, I get stuck with many choices from contacting MS support, Blizzard support, and/or posting on a forum. I'm just trying to find out whether if this thing is indeed normal or not, and if it is not, how to get rid of it for good.

    Now before you ask about what I mentioned earlier, I have not and never will touch any kind of hack and/or keygen in relation to D2 or not.
     
  2. Inokis

    Inokis IncGamers Member

    Joined:
    Nov 11, 2003
    Messages:
    411
    Likes Received:
    0
    Trophy Points:
    99
    This is a copy protection mechanism employed by many other games. There was an update to Windows Defender that now identifies the file. I'd recommend just removing it at every instance that it comes up. I'm hesitant to recommend allowing the file as then any malware that incorporates the same technique would then be ignored.

    Remove it when it comes up, don't quarantine it or dii may not run properly.

    I've posted at the below link to get the best method on handling the instance as i don't want to give bad advice to anyone, for now just remove it per instance:
    http://www.microsoft.com/athome/sec...&cr=US&r=33d293cc-19b6-404b-865b-565a73822c7f
     
  3. kuafu

    kuafu IncGamers Member

    Joined:
    Aug 2, 2005
    Messages:
    1,639
    Likes Received:
    0
    Trophy Points:
    255
    Good to know that it's not just me seeing the error today. To merge threads, see mine for an easier solution than deleting the file every time.
     
  4. Psyrus

    Psyrus IncGamers Member

    Joined:
    Oct 15, 2004
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    41
    That's a relief. Thanks for the responses.

    I tried quarantining the .dll instead of removing it yesterday, and it seems that it doesn't affect the game any. It just creates a new copy. Having to remove the thing after every instance of starting D2 up will be a bit monotonous though.

    Edit: Nevermind, I won't have to. I created a dummy folder/file instead.
     
  5. Inokis

    Inokis IncGamers Member

    Joined:
    Nov 11, 2003
    Messages:
    411
    Likes Received:
    0
    Trophy Points:
    99
    You can safely ignore the file when its generated by Diablo II.

    What this does is it sends a marker to the program to temporarily ignore the file, so long as it only behaves in the manner when detected. If the file does something different, such as it would with malware etc, then any additional activities would be detected and you would be prompted again for action.

    For example, if you ignore it and then try opening it with notepad, it will come up again since that is a new event not coded in the orginal detection.

    So long as you currently are only getting this when dii runs, I advise ignoring it and any warnings later you should remove the file.
     
  6. IntelligentX

    IntelligentX IncGamers Member

    Joined:
    Apr 17, 2005
    Messages:
    3,937
    Likes Received:
    0
    Trophy Points:
    346
    Sorry if my question looks stupid, but will this thingy get fixed later?
     
  7. Inokis

    Inokis IncGamers Member

    Joined:
    Nov 11, 2003
    Messages:
    411
    Likes Received:
    0
    Trophy Points:
    99
    What's to get fixed?

    Windows defender, along with other spyware programs, detect this file due to the fact that it has been used to mask malware. Since the generation of the file isn't tied to the program that generated it, its impossible to allow the file based on programs allowed to run on your system. That I believe is why it triggers the detection.

    The software is doing what its supposed to, there's nothing broken.
     
  8. SirDooFuss

    SirDooFuss IncGamers Member

    Joined:
    Jul 18, 2003
    Messages:
    1,872
    Likes Received:
    0
    Trophy Points:
    120
  9. Inokis

    Inokis IncGamers Member

    Joined:
    Nov 11, 2003
    Messages:
    411
    Likes Received:
    0
    Trophy Points:
    99
  10. IVfluids

    IVfluids IncGamers Member

    Joined:
    Jul 10, 2006
    Messages:
    645
    Likes Received:
    0
    Trophy Points:
    120
    phew, tx, i was getting this over the past couple days also and was like 'omgwtfhax......'
     
  11. tmilitti

    tmilitti IncGamers Member

    Joined:
    Jan 29, 2006
    Messages:
    130
    Likes Received:
    0
    Trophy Points:
    86
    Phew, I thought my addiction to D2 was about to come to a tragic end!
    Thanks for the explanation!
    t
     

Share This Page