AGEOD Forums

Hello guys. Perhaps someone can elucidate and/or help me.
I just made a clean install of AACW and patch 1.15, and while I was launching the game my firewall (AVG 8.5) popped up telling me that AACW.exe was trying to connect to the Internet. The path was the correct one of my installation. I can not remember ever seeing this, but then I recalled a similar request by the Great Invasions game (GI.exe) weeks ago. Then I reinstalled NCP with the latest patch, and again, NCP.exe tried to connect to the internet. I blocked them all, and the games seem to run fine, as always.
I suspect some trojan or similar nasty bug in my PC. Yet, I have AVG Internet security (not the free version), spybot (with tea-timer) and malwarebytes anti-malware installed and functioning. Quick scans revealed nothing (including of the whole Ageod subdirectory)

Any thoughts ?

Regards

Well, no feedback ?

Is it normal - ie, do the exe files of Ageod games try to connect to the internet on the first time after install to validate the serial number and somehow I did not notice that behaviour previously ? apy: (maybe my firewall was updated recently with some new routines ??)

Or is it a trojan in my PC ??

Any help and/or insight (Pocus ? Nikel? :love would be much appreciated

Franciscus wrote:Well, no feedback ?

Is it normal - ie, do the exe files of Ageod games try to connect to the internet on the first time after install to validate the serial number and somehow I did not notice that behaviour previously ? apy: (maybe my firewall was updated recently with some new routines ??)

Or is it a trojan in my PC ??

Any help and/or insight (Pocus ? Nikel? :love would be much appreciated

Me?! Thanks Franciscus, but you overstimate me


Assuming Pocus did not touch that topic... The problem perhaps is in your AV/firewall. With updates they can do strange things. Have you tried to update again your AV and recheck?

Only happens with AGEod games? Anyway GI is not related with NCP, AACW,...

Any strange program running? Check the task manager.

A complete scan of your system (not fast)

AFAIK, the check is not precisely to check your serial online... every "blacklisted serial" is added on every new patch, so there is no "check serial online process" needed (that's why pirates cannot update their games, they can only play with very old versions).

So, probably the game wanted to connect online for MP games? ... and you just didn't allowed it. Not much of a problem if you don't expect to play online with other people...

That would be my bet...

Thanks guys.

In fact, I am fairly certain (as certain as one can be these days, that is) that my PC is "clean", as I frequently do a complete scan with all my "artillery", and did one a couple of weeks ago (but I will do it again later just to be "sure" ).

But if I understood correctly Generalisimo, it is OK for the exe files of Ageod games (in my case, AACW, NCP, GI, and even Pax Romana and WIA. Will reinstall WW1 when gold edition comes around) to be connected to the internet ?. Amazing how I never noticed it with AACW - although to be fair it's been a couple of months since my last complete new reinstall of AACW, but unless I am becoming demented apy: I could swear that my firewall never before warned me about AACW.exe...(and I certainly did my share of re-installs during the last 2 years :wacko
As to other games, the last ones I installed were Sword of the Stars, Takeda 3 and Sango 2 - and the gamersgate downloader did ask for permission, as expected - but no exe file...

Oh well...

Franciscus, the last versions of NCP and AACW are not trying to connect to the internet here, or at least it is not detected by my firewall

Nikel wrote:Franciscus, the last versions of NCP and AACW are not trying to connect to the internet here, or at least it is not detected by my firewall

Well, that's weird... which firewall are you using? (just in case to compare with Franciscus)

Franciscus wrote:Thanks guys.

In fact, I am fairly certain (as certain as one can be these days, that is) that my PC is "clean", as I frequently do a complete scan with all my "artillery", and did one a couple of weeks ago (but I will do it again later just to be "sure" ).

But if I understood correctly Generalisimo, it is OK for the exe files of Ageod games (in my case, AACW, NCP, GI, and even Pax Romana and WIA. Will reinstall WW1 when gold edition comes around) to be connected to the internet ?. Amazing how I never noticed it with AACW - although to be fair it's been a couple of months since my last complete new reinstall of AACW, but unless I am becoming demented apy: I could swear that my firewall never before warned me about AACW.exe...(and I certainly did my share of re-installs during the last 2 years :wacko
As to other games, the last ones I installed were Sword of the Stars, Takeda 3 and Sango 2 - and the gamersgate downloader did ask for permission, as expected - but no exe file...

Oh well...

Well, I was thinking about something related to the Ares system of PBEM... so, something from ROP/VGN could have been introduced into the code of old games... but if you add to that list GI and/or Pax Romana... then that doesn't have sense.

Kaspersky.

But you only have installed VGN beta 1803?

Nikel wrote:Kaspersky.

But you only have installed VGN beta 1803?

Right now, I have installed VGN, ROP and NCP...

Lucky you

And what happens there, did you try the updated NCP.exe?

No "call home" here with NCP or AACW or WIA latest versions.

Vista with it's inherent firewall, Avast AV, Spybot TeaTimer

Some feedback to clarify (or not) the situation.

Full scan with AVG (now 9.0), and Malwarebytes, and Spybot: clean

Reinstall WIA, patch 1.06.
Launch WIA: WIA.exe tries to connect to the Internet (see attached screen image - the path of WIA.exe is legit. The remote address - 212.113.163.19.80 - is always the same).
If I block the connection, game runs fine but updater says it is impossible to connect to the Internet. If I allow the connection, game runs fine, updater works and tries to update WIA to 1.05.1

So, it really seems that at least WIA.exe tries to connect to the internet because of the updater. How about the others (AACW, NCP). And GI ??

Maybe Pocus could shed some light ?

I don't know what's happening here. This is strange than the updater behave like that now, whereas we did not change the code. IF this is the updater, but I have doubts.

So this would mean my work computer was infected, but why others players with up to date protections don't get anything?

For your information:

you can know more details on the IP which is trying to be reached with that:
http://www.ip-db.com/212.113.163.19

You'll see that the IP is located in Portugal. It seems to be Franciscus that you are also form there?

So I would say it is more on your end that in our...

IP Address: 212.113.163.19Hostname: a212-113-163-19.netcabo.pt Location Information City: LisbonRegion: LisboaCountry: PortugalLat/Long: 38.7167 -9.1333 ISP Registry Information Designation: RIPE NCCCountry: PortugalIP Range: 212.113.160.0 - 212.113.191.255Allocated: 1999-08-06 BGP Routing Information Network: 212.113.160.0/19Origin: AS12542Organization: TVCABO Autonomous System

Pocus wrote:I don't know what's happening here. This is strange than the updater behave like that now, whereas we did not change the code. IF this is the updater, but I have doubts.

So this would mean my work computer was infected, but why others players with up to date protections don't get anything?

For your information:

you can know more details on the IP which is trying to be reached with that:
http://www.ip-db.com/212.113.163.19

You'll see that the IP is located in Portugal. It seems to be Franciscus that you are also form there?

So I would say it is more on your end that in our...

IP Address: 212.113.163.19Hostname: a212-113-163-19.netcabo.pt Location Information City: LisbonRegion: LisboaCountry: PortugalLat/Long: 38.7167 -9.1333 ISP Registry Information Designation: RIPE NCCCountry: PortugalIP Range: 212.113.160.0 - 212.113.191.255Allocated: 1999-08-06 BGP Routing Information Network: 212.113.160.0/19Origin: AS12542Organization: TVCABO Autonomous System

Very strange indeed...
That IP, if legit, is simply of my own broadband provider (TV Cabo, that is), which I use for more than 10 years now. This other site http://www.nirsoft.net/countryip/pt.html also confirms that that IP address is indeed legit

The only thing I can say is that if I do not allow WIA.exe to connect at game launch, the updater is unable to connect to the internet. If that IP is my Internet provider, this seems logical, no ? ( I am effectively blocking WIA to connect to my broadband provider, if I understand correctly :confused That does not explain however why AACW, NCP, etc, want to connect to the Internet...

Nevertheless, I am going to block all these EXE files to access Internet for the time being, just in case.

(PS: anyhow, WIA updater is outdated - it still downloads 1.05.1)

Just a further thought (yes I am a pain in... I mean, a very persistent fellow ).
Even if their firewall does not give warnings, maybe some WIA players (lodi ? arsan ? ) could check in their firewalls/computers if WIA.exe is connected to the net after the game is launched.

Later I will reinstall my original WIA version - and not apply any patch - to check if the ancien exe file exhibits the same behavior on my PC...

I would really like to understand what's the deal here...

deleted

Gray_Lensman wrote:Probably has to do with the automatic error reporting part of the code that was introduced in the later versions. How else are the games supposed to send error reports back to AGEod when the box pops up?

Yes, that makes perfect sense ... ...but only if with other players AACW.exe (or the other games) do indeed connect to the internet, even if their firewalls do not give any warning. Any way you could check if that's indeed your case, Gray ? (or others ? )

Sorry, folks, but I will not rest until I am completely elucidated

Some testing gave me interesting results:

- AACW 1.00 does not try to connect to the Internet
- AACW 1.15 tries to connect to the internet

- NCP 1.01 does not try to connect to the Internet
- NCP 1.06 tries to connect to the Internet

- WIA 1.00 does not try to connect to the Internet
- ...and you guessed it, WIA 1.06 does try to connect to the Internet

Everytime the attempted connection is to a legit IP of my broadband provider (ie, the exe files are simply logging in to the net).

So, I am afraid the problem, if there is one, is NOT on my end, but somehow the latest versions of the AGEOD engines have some routines that connects them to the net - maybe the automatic error reporting ?

I do not know why other user's firewalls do not report anything. Windows stock firewall, IIRC, does not monitor outgoing connections, and I think that most free ones also do not. Maybe it has something to do how in my case my broadband provider and/or router works, I do not know (and I do not really care)

The fact is: ancient ageod engine exe files do not connect to the net, while the latest ones DO.

Please note that I am perfectly happy if this is WAD. But I have to know if it really is WAD. I am a bit paranoid about Internet security and my PC stability, these are top items on my list.

Any feedback would be greatly appreciated...Pocus ?

(BTW, I think that GI and Pax are different. Probably from the beginning, as they were designed as MP ready games - like WW1 - , they connect to the net to be able to start a MP session if needed, IMHO)

Franciscus wrote:Sorry, folks, but I will not rest until I am completely elucidated
(...)

Any feedback would be greatly appreciated...Pocus ?

Yes, a shameless bump.

I don't get any warning with the new WIA patch... but as i only use the Windows firewall this doesn't mean much.
My bets are that its caused by the autoupdater or the error reporting system or mayeb even some new module added to the game engine, developed for future games (something multiplayer related maybe??)
Give poor Pocus until monday to answer

Cheers

But why the updater or the different .exe files would try to connect to that server. In any case they should connect to Ageod servers, not that one in Portugal of your provider.

This is very strange

I do not understand that much about internet, but I presume that to connect to the internet my pc has to do it through an IP of my provider. Is that not the way cable broadband works ? Or am I saying a big nonsense ??.
Anyhow, I have relutance in believing a problem on my side, because other exe files, including ancient ageod ones, do not try to connect, only the latest versions.
Anyhow, it is fine to me if ageod games automatically connect to the net. But this should be clearly stated somewhere, if true.

Hmm, yes you are right. But I guess that what the firewall should display is the final destination, not the intermediate servers, though perhaps your firewall works this way


I remember some tool that displayed the tracing nicely in a map, do not remember the name right now. This could be enough thogh

http://www.yougetsignal.com/tools/visual-tracert/


We can see here that http://www.ageod-forum.com server is located in Texas. But http://www.ageod.com is in France

Sorry, folks, but I do not want this to be forgotten

To make matters short, in my PC, the latest versions of the exe files of AACW, NCP and WIA try to connect to the net upon game launching. This never happened with AACW, I am pretty sure that also did not happen with NCP, but I think happened with WIA with 1.05 (not sure, as I never really played it much ). It DOES not happen with the 1.00 versions of said games, that's for sure

This can be due to several reasons:

1. It is not real, and I am crazy and halucinating or I am trying to create a non-existing problem to AGEOD. Although the first option can come true some day , I hope you "know" me better than that to believe the 2nd

2. I have an incredible "trojan" or similar bug in my computer that only uses the latest Ageod exe files to connect the internet, but not the oldest ones, or other exes - possible, but highly unlikely

3. Inadvertently the latest ageod exe files have some unwanted routines (bugs ?) that try to connect to the internet - if that's so, this should be corrected ASAP

4. It is WAD, due to some new functionalities and/or the auto error reporting - if so, fine ...but this should be clearly stated. I can live with it. - I can live with Steam, after all - but would very much like to be dully informed when an application that I use connects to the net and why.

Please, feedback on this is important. IMHO.

I believe we are falling into option 3, possibly. I also know that we won't be able to correct the problem, if this is one, before some significant time, as the developer in charge of the updater and VGN MP module (which can have parts added in the common code base, possibly again) is not available right now and for at least several weeks.

Thanks Pocus, I will wait

In the meantime, they are all blocked, of course...

Franciscus wrote:Sorry, folks, but I do not want this to be forgotten

To make matters short, in my PC, the latest versions of the exe files of AACW, NCP and WIA try to connect to the net upon game launching. This never happened with AACW, I am pretty sure that also did not happen with NCP, but I think happened with WIA with 1.05 (not sure, as I never really played it much ). It DOES not happen with the 1.00 versions of said games, that's for sure
(...)

Any update on this, Pocus ?

Oh NO!!! Luca is doing this? t

deleted