I am *Really* not too happy to report to you all right now that I have
just discovered that the KOH game trys to install a virus into your
C:/Documents and Settings/username/Local Settings/Temp folder
when you insert the disk and the auto run starts.

Wich seems to be hidden in the game cd that the *honest*
koh customers purchused *not*a pirated copy mind you..
wich would then make some sort of sense if it was.

The virus is named gkmixern.sys

Gkmixern.sys is infected with the Backdoor Genlot.CL

You can't delete the gkmixern.sys file once it is inserted
because it trys inject itself into the memory.

bit defender 9 removes it automaticly every time now
without effecting the game running but, you have
to select your monitor setup refresh screen every time.

I am however still pissed @ the fact that it's there to begin with
because I payed money to a company that thinks it's OK to do this crap.

I also wish to try and get an official explination as to why
sunflowers/Paradox/Black Sea Studios would purposely infect
their customers...wich makes no sense at all.

I (Highly) Recomend that All KOH Owners should download a free trial
copy of Bit Defender 9 Internet Security and Install it and then try and
run the game from the cd-2 and see exactly what I mean.

This is Infact a virus and *NOT* a false trigger in the AV software.

This might explain why *all of a sudden* there is talk of a second patch
because this file is now black listed and posted in the virus watch sites.
Maybe they have plans to hide this virus so it is undetectable again?

My last bit of trust for this company just went out the window! :Angry:

I wish we could all group together & form a rebel army GROUP LAW SUITE
for Invasion of privacy or atleast contact the better buisness
beurou and have their licenses revoked in the US. PERMANENTLY.

My virus checker (Blueyonder PC Guard) also finds a virus when i try to run Knights, i also am not too happy about this...
Please sort it out guys...

I actually think the virus is not from Knights of Honor [KoH] but from somewhere else. There have never been problems with KoH and viruses. Can you prove that there is not an active viruses affecting KoH's files (from outside of KoH)?

Sounds like they may have picked up a virus from somewhere that is disguising it's source to appear to be KoH. Maybe it is a virus that is triggered by the autoinsert function of the computer and it would cause the AV to mistakenly report the program that triggered autoinsert as the program installing the virus.

Sounds like they may have picked up a virus from somewhere that is disguising it's source to appear to be KoH. Maybe it is a virus that is triggered by the autoinsert function of the computer and it would cause the AV to mistakenly report the program that triggered autoinsert as the program installing the virus.

That makes MUCH more sense. BSS or Paradox would never allow a virus, its ludicrous.

Not only that BSS, SF or Paradox would not allow a virus, but it's also completely logical they wouldn't do so - if they had really done so, they wouldn't win anything, except real outrage from the customers. And none of these companies is that stupid!

I'm sorry, I too have found a virus on my disc 2!

Every single time I put KoH disc 2 into my drive, Norton AV picks up a virus called Backdoor.Pcclient.B. Here is the link from Norton:

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071010-2417-99

This is DEFINATELY on my disc 2, because if I run a full system scan with Norton, it says I have no viruses. Then, I put in disc 2, and BAM, a virus is put in my TEMP folder.

Blacksea Studios MUST fix this! Until then, this game is permanently uninstalled. :angry:

I too have been getting this. It's never happened before untill about a few day ago. I didn't think much of it since Norton said it was detected and deleted.

I'm sorry, I too have found a virus on my disc 2!

Every single time I put KoH disc 2 into my drive, Norton AV picks up a virus called Backdoor.Pcclient.B. Here is the link from Norton:

http://www.symantec.com/security_response/writeup.jsp?docid=2006-071010-2417-99

This is DEFINATELY on my disc 2, because if I run a full system scan with Norton, it says I have no viruses. Then, I put in disc 2, and BAM, a virus is put in my TEMP folder.

Blacksea Studios MUST fix this! Until then, this game is permanently uninstalled. :angry:

If it were on your game disc, it would have shown up the first time and every time you inserted it into your drive, instead of just suddenly starting now.

candelarius, did you check this Symantec page you linked?
There's a description of this virus called Backdoor.Pcclient.B, and it says (among other things): "Discovered: July 10, 2006"

Now, when did you buy your copy of KoH? Before that date?
Have you asked yourself how this virus (which seems to be pretty new) could be able to infect a device that is read-only? Well, the answer is: It's not possible.

And a more precise answer is:
Your game discs are not infected.
We did not put a virus on the discs.
Paradox did not, and BSS did not.

What you (and White Knight) probably experience here are virus scanners that interpret valid code as virus code, although there are no viruses on our game discs. KoH was created in 2004 (US version in 2005), and the virus candelarius describes was first discovered in 2006! I wonder if virus programmers use time machines to get their new malware on old CD-ROMs, but I'm pretty sure they don't.

Having said that, you can be sure there is no virus on your legal copies of KoH. Unless you use a pirated copy: There's always a good chance of a bad guy infecting such a copy with viruses, but you should NOT expect us to help you with that!

EDIT: Just for the record: It *is* possible that your systems are infected with a virus / rootkit / trojan horse, but NOT from installing and running KoH or from any updates connected with it. Period.

Some people in here seem to have a kind of naive view on their virus scanners. Don't get me wrong, you should definitely use one, not having a decent antivirus program these days is stupid and dangerous.
But you should always question what it tells you, don't let a program overrule your own judgement. It should be obvious that a 2006 virus can't be on a 2004 CD. The false positive comes from the virus scanner looking for a pattern in a file and finding it in a file which isn't a virus but happens to look like it. Looking up the virus in an online virus database is a wise step here. You guys actually did it and yet didn't draw the right conclusions.
Just because a virus scanner reports a virus doesn't mean it's really there... just like the scanner reporting no virus doesn't mean your system is clean.

Notice how everybody is saying Norton, Geez, why don't they get a real antivirus program. Norton is nothing but trouble with a capital "T".

Aside for the sarcasm and the unnecessary jabs at Norton (which is a very good virus protection program and has saved my a$$ many times over the years), I really appreciate the feedback. To be honest, I didn't notice the time stamps of the virus and this program, so, it never occured to me my virus protection software could be reading the CD incorrectly. Sorry for the unintended slander against this company.

(BTW, I do have a valid copy of the game. For example, in the manual the first word on page 6 is "still" and the last word on page 43 is "activities", and, the province of Normandy is at grid square "A8" on the foldout world map!)

reguardless what antiviral software finds it.. that's not the point.

the point is..

1) that it is indeed a virus.
2) that it comes included with the RETAIL copy on disk 2.
3) the ethics of the company are UN TRUSTWORTHY now that they
who made the choice to include it when YOU THE CUSTOMER that purchased it LAGIT copy.

I dont really care if they fix it or not @ this point..
some of you must not really care if they want to purposely
spy or trojan your pc.. to something you purchased that then
feeds them to do more & get away with it!!

as far as I am concerned.. they lost a customer for life to:

sunflowers, paradox, & black sea studios.

Period.

It's too bad really.. I was very impressed with the developers
of the koh game up to this point.

After i install NORTON Antivirus software , i become many updates. One day one update think KOH have a virus. Some days later news update from Norton i havent this proplem not more.
KOH have not a virus. Believe me.:biggrin:

I don't think I can possibly help you, White Knight.
I could tell you that there is no malicious software contained in the KoH disk and that no malicious software is installed on your system. But you wouldn't believe me because your A/V-software trips off a false alarm and you seem to believe it more than anything else. So I can't really help, because you propably won't listen to what I say anyway.

Angryminer

I, for one, have Norton (SystemWorks and Firewall) and have had for some time. NEVER has this come up for me. I also have others I run as well to verify anything Norton might have missed. So, I won't go along with what's being said here. Most likely you ended up infected in your registry and unless you WIPE KoH out of it, it WILL return, if it has not spread further by now.

If it was, in fact (but will have to be proven), on the CD, yours is the first to have it actually on the CD itself, TMK.


Sincerely,
Phil

I can now see who are on the company books. Dobber, you tried to help me when I had the problem with Spyware Doctor not allowing KoH to run. Your advice was to disable SD. Then you advised that the new patch would take care of that problem.

Why did SD not let the game run?

How did you know that the new patch would fix the problem that SD detected and 'hooked'?

SD stopped the game because it detected the virus, that is my belief. That means it was on the disc or connected to an infection.

Stop backing off this issue and face the truth.

SD was the cause but did not stop the game.(Nero also causes the same thing.)
The "game" stopped the game startup process because it detected a program probing it's copy protection. It interpreted that probing as a program trying to disable the copy protection, thus disabling the startup.

I knew that the new patch fixed the issue, because it removed the need for the disc in the drive, meaning the copy protection had been disabled.

I am nobody's payroll, I am a volunteer offering my assistance here, even to ungrateful people like you, gamcfall1!

candelarius:"the province of Normandy is at grid square "A8" on the foldout world map!"

You mean, there's a fold out map!!!!!??? I didn t get one of those with my KoH in 2005 (bona fide copy from well-reputed shop in the UK).

Where can i get my hands on one??