Jump to content

SONAR.ProcHijack!g45 found in homecoming.exe


Thalnus

Recommended Posts

So after Tequila updated and I went to play the game just after the little loading screen popped up my computer screen went black for about 30 sec and then my anti-virus program (Norton 360) stated to me that homecoming.exe was found to have SONAR.ProcHijack!g45.  I looked this up online and it tells me this is a Trojan virus. So my anti-virus program took care of it and my computer had to be restarted.  So can anyone tell me what the issue is here and how can we get this fixed. Will I need to re-download Tequila, is there another site to get it from that doesn't give this virus, looking for some help here.

Link to comment
Share on other sites

I have uploaded my homecoming.exe to virustotal for a check and it found nothing.

 

https://www.virustotal.com/gui/file/4aeaf028b3a7e51d518f189178593ef9ee0948fc7f2fee10cedf0e77157145a8/detection

 

You can upload yours and have it checked too. It likely a false positive.

 

The update changes a few things.  From the game folder, you need to rename the score folder to homecoming.  Then update, this avoid redownloading all the files makes the update quicker.

 

The update then creates a homecoming.exe which will be replacing the score.exe.

 

That means if you have score.exe in your anti virus exception you now need to add homecoming to it as well, unless you had the whole game folder added as an exception.

 

You will have to redo any display scaling fixes to the homecoming.exe like you previously did to score.exe, also compatibility mode and possibly run as admin.

 

If you are worried about that .exe delete it. delete the tequila.xml and use rerun tequila and let it update again.

 

 

Link to comment
Share on other sites

Did as you advised. renamed score folder to homecoming and then update.  System still says that the homecoming.exe is bad.

 

It also says the shaders in the COX file are bad as well. Did the update add a folder? I found the COX folder in an NCSOFT folder.

 

Lastly I got a Warning - detected crash.  Current system requirements are NVidia GeForce 2 or better, ATI Radeon 8500 or better, or an Intel GMA 900 or better. I have a GeForce GTX 1050Ti and my drivers are up to date.

Link to comment
Share on other sites

I looked this up online and it tells me this is a Trojan virus.

Just to be clear, this is not what the alert is telling you.

 

SONAR.ProcHijack!g45 is an alert that triggers based on behavior, not as a result of a specific virus or trojan signature. Basically, Symantec (aka Norton) is saying that homecoming.exe behaved in a way that could be considered suspicious. In other words, it performed an action that a virus or trojan might also perform. However, Symantec doesn't actually know if homecoming.exe's behavior is malicious.

 

That's why the guidance (link) asks you to submit the file that triggered the alert to Symantec. In fact, it might be a good idea for people seeing this alert to go through Symantec's submission process.

 

You can read more about Symantec's SONAR component and it's "zero-day" detection capability here; LINK.

Link to comment
Share on other sites

Please go read my guide, see link in my siggy, particularly my post on page 6 about how the game is suppose to be set up.  The OP in my guide also has information if you have windows 8 or above as they are more fussy with install location.

 

Would nee more details  that what you're giving to be able to help you. 

 

Like what OS do you have?

Where did you install the game?

What method did you use to install it?

Are you playing on the homecoming servers or one of the other servers?

Was the game running for you BEFORE the server migration?

 

 

Norton is being particularly fussy because homecoming.exe is new and it can take a good while before enough people report in to them and say this file is legit and they whitelist it.

 

This is what is called a false positive and this happens quite often in games.

 

This is why I suggest you add an exclusion to the city of hereos or coh folder, dunno how you named it.

Link to comment
Share on other sites

Like what OS do you have?  Windows 7 Professional 64 bit

Where did you install the game? The game installed under AppData > Local (would like to gather up game files under a [City of Heores] folder in my Games folder)

What method did you use to install it? I used Tequila and had no problems with it.

Are you playing on the homecoming servers or one of the other servers? Playing on the Homecoming servers.

Was the game running for you BEFORE the server migration? Yes it was running fine before the migration.

 

I am currently trying to manually submit homecoming.exe to Symantec for false positive and working on exclusioning the files/folders in question.

 

 

Link to comment
Share on other sites

Like what OS do you have?  Windows 7 Professional 64 bit

Where did you install the game? The game installed under AppData > Local (would like to gather up game files under a [City of Heores] folder in my Games folder)

What method did you use to install it? I used Tequila and had no problems with it.

Are you playing on the homecoming servers or one of the other servers? Playing on the Homecoming servers.

Was the game running for you BEFORE the server migration? Yes it was running fine before the migration.

 

I am currently trying to manually submit homecoming.exe to Symantec for false positive and working on exclusioning the files/folders in question.

 

Look it's not that hard to do. Put all the game files in one folder and then open norton, click settings, look for something like antivrus and sonor or real time exclusions.

 

This here:

UqrofzZ.png

 

Click add folder and in the window that opens up browse to and choose the folder you made that contains all your game files. apply, save, ok.

 

All done problem taken care of.

 

 

You don't need to ask symantec to look into it and wait for them to whitelist it...that can take months.....

 

Dunno why your game is installed in appdata  especially since you are on windows 7? 

Link to comment
Share on other sites

Link:

 

Use this one for now, it is seeded and should be fast:

magnet:?xt=urn:btih:FD5ADD155E5FD01D6013B026A8766E56C2841E3D&dn=City%20of%20Heroes

 

 

You need a bitclient to download via torrents so you need something like utorrent or qbits.

 

You can skip the above as you have the game files and tequila files..mostly.

 

 

If this isn't a first time install but you want to install from scratch you will have to delete the tequila key in the registry. 

 

Below is basically how people should install the game.

 

You can delete the Tequila registry key with Start -> Find/Run -> REG DELETE HKEY_CURRENT_USER\Software\Tequila

 

You can navigate there manually by going to start box type in regedit hit enter. This will open the registry so you can manually navigate to the above location.

 

If this is a first time install or first time using tequila ignore the registry key deletion bit above.

 

NOTE:  Due to the server migration some of the files will need to update. Namely before doing anything you need to rename the "SCORE" folder to "homecoming".  Then when you update it should make a homecoming.exe application. If the score.exe is still there you can delete it as the homecoming.exe replaces it.

 

For a first time install

 

Step one

 

Download the torrent..you can simply paste the whole magnet link into your browser address bar which will open up your bitclient and ask if you want to download the torrent, obviously say yes. ;)

 

While that is downloading.

 

 

Step Two

 

Get your install path ready. Make a folder on your C:/ drive called Games.  You can make sure your anti virus has an exception for the whole Games folder.  (Some people are afraid of doing this and prefer to only add an exception to score.exe (now after migration will be the homecoming.exe) and Tequila.exe in the City of Heroes folder you are downloading via the torrent).  I also run tequila.exe as admin but you shouldn't have to.

 

 

Step Three

 

Once the torrent is done you will have a "City of Heroes" folder in your torrent download location.  Move the whole "City of Heroes" folder, via copy and paste, to C:/Games.

 

Since we are using the old torrent for now you need to delete the "tequila.xml", the "tequilalog.xml", the "TequilaActivityLog.txt", and the "THIRDPARTYSOFTWAREREADME.txt". Rename the score folder to homecming (due to the server migration).

 

 

Step Four

 

Start the Tequila launcher via the tequila.exe in the "City of Heroes" folder from C:/Games/City of Heroes. This should open a window asking you for the install path.  Point it to C:/Games/City of Heroes.  This will let it see you have all the games files and all the score files (homecoming now due to server migration).

 

Let Tequila update/validate.  Make sure "Homecoming" is highlighted in the Tequila launcher and hit play.

 

You should see this:

 

AKhdCAw.png

 

Enjoy the game, kill skulls!

 

If there any issues my OP will have fixes for those.

 

 

 

 

Link to comment
Share on other sites

Start the Tequila launcher via the tequila.exe in the "City of Heroes" folder from C:/Games/City of Heroes.

 

Didn't I read something that said it's a bad idea to use a folder with spaces in the name? Or is that just for binds maybe?

 

Either way, mine is in C:/Games/COX/Tequilla and all other content is either in the root folder or installed in C:/Games/COX if not needed in the root folder. Also, I found that the game is quite portable in that (so long as the paths stay the same) you can literally copy the COX folder onto another location and play as if nothing changed. Mind you, if the rez or basic hardware is different, then you'll likely have to change some UI settings.

OG Server: Pinnacle  <||>  Current Primary Server: Torchbearer  ||  Also found on the others if desired  <||> Generally Inactive


Installing CoX:  Windows  ||  MacOS  ||  MacOS for M1  <||>  Migrating Data from an Older Installation


Clubs: Mid's Hero Designer  ||  PC Builders  ||  HC Wiki  ||  Jerk Hackers


Old Forums  <||>  Titan Network  <||>  Heroica! (by @Shenanigunner)

 

Link to comment
Share on other sites

Start the Tequila launcher via the tequila.exe in the "City of Heroes" folder from C:/Games/City of Heroes.

 

Didn't I read something that said it's a bad idea to use a folder with spaces in the name? Or is that just for binds maybe?

 

Either way, mine is in C:/Games/COX/Tequilla and all other content is either in the root folder or installed in C:/Games/COX if not needed in the root folder. Also, I found that the game is quite portable in that (so long as the paths stay the same) you can literally copy the COX folder onto another location and play as if nothing changed. Mind you, if the rez or basic hardware is different, then you'll likely have to change some UI settings.

 

Mine is installed in g:/Games/City of Heroes    and has no isses on w7 but just take the spaces out is okay too.

 

Note your files should all be in the same place, namely in the COX folder, you have all the game files, all the tequila files etc... you shouldn't have them spread out like you say you do.

 

C:/games has various games you play and their respective folders, in the COX folder you should have all your files needed to play city of heroes and they should only be in there. 

 

You're asking for trouble otherwise.

Link to comment
Share on other sites

SONAR.ProcHijack!g45 is an alert that triggers based on behavior, not as a result of a specific virus or trojan signature. Basically, Symantec (aka Norton) is saying that homecoming.exe behaved in a way that could be considered suspicious.

 

In other words, Symantec is saying "the people who build this program didn't pay us $500 ransom money for a code signing certificate so we will continue to trigger false positives on their files".

 

Homecoming Servers LLC will probably need to put that as an item the next time donations open up, just to get Norton and other AVs to cut it out.

Link to comment
Share on other sites

Note your files should all be in the same place, namely in the COX folder, you have all the game files, all the tequila files etc... you shouldn't have them spread out like you say you do.

 

C:/games has various games you play and their respective folders, in the COX folder you should have all your files needed to play city of heroes and they should only be in there. 

 

You're asking for trouble otherwise.

 

To clarify, the functionality files are in the Tequilla folder and things that don't affect gameplay/settings are in the COX folder (within their own subfolder). Keeps it cleaner that way and OG worked that way as well.

 

IE: One could put a Binds folder under "C:/Games/COX/Binds" without issue.

OG Server: Pinnacle  <||>  Current Primary Server: Torchbearer  ||  Also found on the others if desired  <||> Generally Inactive


Installing CoX:  Windows  ||  MacOS  ||  MacOS for M1  <||>  Migrating Data from an Older Installation


Clubs: Mid's Hero Designer  ||  PC Builders  ||  HC Wiki  ||  Jerk Hackers


Old Forums  <||>  Titan Network  <||>  Heroica! (by @Shenanigunner)

 

Link to comment
Share on other sites

Note your files should all be in the same place, namely in the COX folder, you have all the game files, all the tequila files etc... you shouldn't have them spread out like you say you do.

 

C:/games has various games you play and their respective folders, in the COX folder you should have all your files needed to play city of heroes and they should only be in there. 

 

You're asking for trouble otherwise.

 

Yes that is fine as the bind folder is in the cox folder...what I am saying is you shouldn't say have the tequila folder and files in say the games folder likewise the binds folder should not be in the game folce or  in c.

 

Everything to play and run the game files and folders should be in cox.

 

Anyways this is far off field and it likely to confuse the OP....

 

To clarify, the functionality files are in the Tequilla folder and things that don't affect gameplay/settings are in the COX folder (within their own subfolder). Keeps it cleaner that way and OG worked that way as well.

 

IE: One could put a Binds folder under "C:/Games/COX/Binds" without issue.

 

 

Yes that is fine as the bind folder is in the cox folder...what I am saying is you shouldn't say have the tequila folder and files in say the games folder likewise the binds folder should not be in the games or in c.

 

Everything to play and run the game files and folders should be in cox.

 

Anyways this is far off field and it likely to confuse the OP....

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...