Any idea what this file is (in Starcraft)? My AV just marked it as a trojan, deleted it, and the game still runs fine. Blizz tech was no help at all.

TORRENTZ, YEZ?

We've come across this in Tech Support as well. Here's the thread. Hehe.

I'm fairly certain I used a legit CD for this install, though... Maybe not.

Another one has popped up... Odd.. Perhaps we'll need to do some research, =o.

Prolly cause AVG recently updated it as a virus...?

well i had a fresh copy of starcraft from the CD i just bought installed on my computer and cannot find that exe

just thought i'd toss that out there. ;p

I have it and I'm a proud torrenter.  ;)

Hmm... maybe I'm a victim of that elusive counterfeiting... I think I'll just use the new online installer. I like the standardized CDKeys.

Alright RR. If you don't mind, could you reply to this again and let me know if you have the file in the Digital Downloads?

Nope, doesn't exist there. Maybe the CD I used was from a torrent originally... I was fairly certain it was a direct copy of a real disc, though.

Was it SC or SC and BW?

The download was "anthology", SC/BW. The CDs were both... actually, that could be it. I'm sure the SC disc was legit, so maybe it was the brood war one that was a fake.

[quote author=Andy link=topic=17622.msg179554#msg179554 date=1220050750]
The download was "anthology", SC/BW. The CDs were both... actually, that could be it. I'm sure the SC disc was legit, so maybe it was the brood war one that was a fake.
[/quote]

Any chance you could get a clarification on that for me RR? ;).

Perhaps just exploring the CD?

I have a original cds from the store and have this.  Maybe some 3rd party program of some sort sent it to sc's folder, or it maybe by something of blizz's.

Just installed Starcraft from the ISO I have, which I made myself from a burned CD which I'm 80% sure was a direct copy from an original CD, and it has InstCC.

I just reinstalled fully from original store bought cd's, and this file is installed with the client.

That answers that. So what is it?

I don't have it from my store-bought CD's... What versions did you have?

Both my BW and SC are 1.05.

It doesn't come back if you delete it. At least as far as I can tell.

I had the same problem a month or so ago -- a friend also had the same problem.
I'm pretty sure this file was patched into the game in some patch awhile back, no?
As said in this topic, just delete it, it's not a required file.
As for what it does, well... ALL YOU'RE DATAZ AND BOTZ AND CODEZ BELONGS TO BLIZZ0RD.... erm I really dunno.
IIRC, starcraft/broodwar doesn't execute it if you're just loading the game, logging on battle.net and playing some games. (I think)

Here's an idea. Maybe it's been suggested, but maybe I'm wrong. Disassemble the file and find out what it does?

hm i normally dont comment on thoes rumour posts. but i have some facts:

1. i bought starcraft+broodwar from the store in germany (100% legal version)
2. i installed it
3. instcc.exe was there and avg detected it as trojan
4. i deleted it, everything works fine.

Yes, we're first trying to figure out where the file is coming from. I would love it if you'd include the CD version of the disk you found the file on.

I believe the file is only on the SC 1.00 disk.

Hmm... well, if anyone wants to decompile it and their anti-virus already deleted it or something, http://realityripple.com/uploads/InstCC.exe .

[quote author=Andy link=topic=17622.msg179611#msg179611 date=1220296597]
Hmm... well, if anyone wants to decompile it and their anti-virus already deleted it or something, http://realityripple.com/uploads/InstCC.exe .
[/quote]

omg its a trjn horse dnt dl it. srsly.

Hah... but seriously, it is.

[quote author=Andy link=topic=17622.msg179618#msg179618 date=1220307462]
Hah... but seriously, it is.
[/quote]

yeah I know lol

isnt this forum for b.net bot development?

Ya... I think the inner workings of the games we're trying to emulate are relevant, and it's really the only file in Starcraft that makes no sense at all to me.

It isn't a known malware:
http://www.virustotal.com/analisis/d79cc156c13f4410969657fbd5836579

Perhaps a false positive? And that's a lot of API calls for something that does nothing...

Well, Kaspersky detects it as a "PE_patch" format file, and most of the API calls seem to be related to file i/o and registry checks, so who knows?

<edit> From a quick look with Process Monitor, it looks at two interesting registry keys:
HKLM\SOFTWARE\Blizzard Entertainment\Internal\Protect Memory
HKLM\SOFTWARE\Blizzard Entertainment\Internal\Debug Memory

If "Protect Memory" is set to 1, the program ends right away. In all other cases I tested, it does a bunch of not-very-interesting stuff then exits. *shrug* it doesn't look malicious based on what it's doing, unless it's being clever about it.

Exception
Please report failure as: ErrorTime= "Sep 03 11:31:12"