Unless you plan on installing Acrobat Reader 4 in french, why should you care?

I never said I cared, but that just seems odd to have such a violent virus on an OFFICIAL cd ...

Well maybe it's a virus that got discovered later than the game's release date. Just uploaded it to virustotal and indeed, 27 out of 50 AVs say it's infected or suspicious.

What's weirder though IMHO is that the version on Adobe's FTP server ( here : ftp:/ftp.adobe.com/pub/adobe/acrobatreader/win/4.x/ar40fra.exe ) is the exact same size and has many null bytes where the version from the CD does not (you can check that by performing a binary comparison between the two files).

Publicado originalmente por Pokepokemans:

And if it detected it, it's 100% true
www.malwarebytes.org

You're saying it like Malwarebytes never gave any false positive... though it does sometimes, else they would not have a dedicated section for it on their forums.

I sent it to VirusTotal too... I got the same results. That's pretty suspicious.

Yep, I noticed that odd thing about the file bytes ... I'd rather not open it, or open it on my virtual Windows 98 SE machine

Publicado originalmente por Pokepokemans:

Well, you tried all the meh antiviruses.
Now try this:
And if it detected it, it's 100% true
www.malwarebytes.org

Malwarebytes isn't perfect either.

hmm i have this original half life cd too and it didn't give me a ar40fra.exe
weird

Your CD probably isn't the french edition then.

oh, i have the english version so yeah

I have it on my European cd, got it in the UK.

Publicado originalmente por SANTIAGO:

I never said I cared, but that just seems odd to have such a violent virus on an OFFICIAL cd ...

That's a way viruses spread back then, the extra 3rd party stuff packaged in gets done carelessly with files that "I just got it from some ftp, looks legit" or something by the publisher adjacent localisation teams and no one notices but luckily its in a spot where it didn't really matter.

Half-life did have an infection problem with the .cih virus that the devs were aware of I remember, this could be related.

Publicado originalmente por constancejill:

Well maybe it's a virus that got discovered later than the game's release date. Just uploaded it to virustotal and indeed, 27 out of 50 AVs say it's infected or suspicious.

What's weirder though IMHO is that the version on Adobe's FTP server ( here : ftp:/ftp.adobe.com/pub/adobe/acrobatreader/win/4.x/ar40fra.exe ) is the exact same size and has many null bytes where the version from the CD does not (you can check that by performing a binary comparison between the two files).

Yes that's how the cih virus works, it inserts bits of itself into the null bytes of a exe file.

Since Sierra is long dead you could contact valve directly since it is a real virus on their product even though it's from more than 20 years ago, they might give you an answer.