[jba]

[ QUOTE ]
All,

If this is a false positive, why are there a ton of people who play Party and use MAS but haven't seen this? Something seems v. fishy.

[/ QUOTE ]

El D. -

once upon a time, someone wrote a virus which among other things created a file called 34.tmp in your Temp directory. This maybe have been yesterday or three years ago, by a virus author that has maybe never heard of internet poker.

MAS is looking out for this virus. Anytime it finds any file in the Temp directory called 34.tmp, it says you have a virus.

meanwhile, Party Poker is [censored] random files into your Temp directory. here's some of them:

3.tmp 313.tmp 336.tmp 355.tmp 370.tmp 395.tmp 3B2.tmp 3D.tmp 3hp7DD.tmp
30.tmp 317.tmp 33E.tmp 359.tmp 376.tmp 397.tmp 3B5.tmp 3DE.tmp 3i91E9C.tmp
302.tmp 31E.tmp 34.tmp 35A.tmp 377.tmp 398.tmp 3B6.tmp 3E.tmp 3j8B5.tmp
303.tmp 32.tmp 341.tmp 35D.tmp 37E.tmp 39E.tmp 3B7.tmp 3EC.tmp 3je1E76.tmp
305.tmp 32B.tmp 343.tmp 35E.tmp 37F.tmp 39F.tmp 3BC.tmp 3F.tmp 3s71EE9.tmp
309.tmp 32E.tmp 346.tmp 35F.tmp 38.tmp 3A.tmp 3C.tmp 3F0.tmp 3sa1E98.tmp
30A.tmp 32F.tmp 348.tmp 35w1F07.tmp 388.tmp 3A5.tmp 3C4.tmp 3F8.tmp 3sv1EA7.tmp
30C.tmp 33.tmp 34B.tmp 36.tmp 38C.tmp 3A6.tmp 3C9.tmp 3F9.tmp 3wn1B65.tmp
30E.tmp 333.tmp 34D.tmp 363.tmp 38F.tmp 3AD.tmp 3CB.tmp 3FC.tmp 3wn9E2.tmp
30F.tmp 3331A71.tmp 35.tmp 36D.tmp 38r1BEC.tmp 3AE.tmp 3CD.tmp 3fp1AC0.tmp
31.tmp 334.tmp 354.tmp 37.tmp 39.tmp 3B.tmp 3CF.tmp 3gs171E.tmp


they're all the same size, and there's a bunch of different names that Party gives them. If you're not getting the alert, it's perhaps because Party hasn't gone around to [censored] specifically 34.tmp into this directory yet.