After manually downloading the newest update today, avast has auto blocked greymagic.dll every time, yes I know how to tell it to allow it. However, googling a few other things about this file, it has been linked it virsues. Avast report: win32:Evo-gen [Susp] Greymagic.dll Now you may hate Avast so let me throw another program out there, MalwareBytes also has it pinned down. Still not happy? How about the all mighty Spybot Search and Destroy? it too has this file flagged. Not saying it is a malicious virus by you guys, just wondering why all of a sudden your program contains a file that is being flagged by these 3 programs. An answer from someone who is actually relevant in the RnD of HB and not some forum pigeon would be much appreciated. Thanks a bunch, Adam
I'm afraid that I'm not a part of the team, and thereby most likely qualify as a forum pigeon, but I'll try to give an answer anyway, as it might be quite some time until you'll get an answer from the devs. GreyMagic is a memory manipulating code library written by one of the core HB devs, Apoc. It features some very clever code, and does things that is normally associated with malware. (Which, given that HB does things to WoW that blizzard does not desire, is rather unexpected) Now, this file has been with the release for some time, ever since Apoc wrote it I'd guess. As to why it has just now started flagging as malware, I have no idea, perhaps the library was used in some malware somewhere, and thus got flagged. (Or there are just some changes to it that closely resembles other known malware) There is some technical jargon that could be used to explain why this is most likely a false positive, but from your post I figure that isn't the answer you want anyway. To recap: GreyMagic is code written by the HB devs, needed for HB to interact with WoW, and is thus most likely not a bad thing. Hopefully you'll get an official response in here as well
The HB zip just passed VirusTotal with 0/45 programs detecting any issues. I run Avast on one machine, Security Essentials on another, and have Malware Bytes on both. None of them detect any issues. A quick search on Google shows win32:Evo-gen [Susp] is often linked to false positives. The HB devs might be able to tell you why you're getting them, but there's no virus in the current ZIP file. You can easily test files before you use them by uploading them here: https://www.virustotal.com/en/
