Guild Wars 2

This program doesn’t install properly, it has no uninstall option, and I am having to click to accept it every time I start Windows.

It runs as a process, not an application.

Both AVG and AdAware consider it malware, and I cannot access exceptions for it.

And now I cannot access either the forums or the game on my main account, I am having to use my second account to post this.

Not best chuffed atm.

That’s because you don’t install it.
“1.Download the zip file and extract its contents. There is nothing to install and only one file that you can run immediately.”
https://winauth.com/download/

I did subsequently extract the file to its own directory. I run it, it goes back to the initial authentication process and it will not give me another secret code.

AVG still considers it malware.

Nope, Bitdefender likes it.

When it ran through its auto setup, AVG AntiVirus flagged it as a suspicious program.

My Kaspersky says its fine as well as virustotal
What exactly is the problem?

I went through the 2-step authentication as the forum frontpage said. I don’t have a dumbphone so I went for desktop authentication.

Program installed, AVG popped up as a suspicious file detected, I clicked Ignore and went through anyway.

I got the whole authentication page, Add, clicked GW2, and did the secret number thing. Everything went fine and I played GW2, logging in and out several times to game and forum, and had no issue.

When I started my PC this morning, it asked me to verify WinAuth from an ‘Unknown publisher’ (I think) window. I tried to start GW2 and come to the forum, it keeps asking for a 6 digit code but I get no popup or email with that code in.

I am massively concerned that WinAuth runs as a Process not an Application and does not have an entry on the Programs and Features panel in Control Panel. This makes the program unfixable, and uninstallable.

At this point, even if I use Hijack This! to remove this invasive software from my config, it still will not allow me access to GW2 or the forum on my main account because they think WinAuth is still running.

And what happens when you start WinAuth?

It asks for access as soon as my PC starts but doesn’t ‘open’.

When I run it manually, it goes through as if I am setting up authentication for the first time, and asks for the secret code, but of course I cannot log into GW2’s website to get any secret code… because I need WinAuth to log in.

Looks like WinAuth was not allowed to save it’s configuration due to some program/process on your machine not allowing it. If you did not write down the secret key anywhere it is lost and you will need to write to support to get it unlinked.

WinAuth is not malware, it works just fine.

edit: If you want to check if it’s just not workind now but actually saved the data, check if the following folder exists and has a file inside:
“c:\Users\<username>\AppData\Roaming\WinAuth”

I have contacted support. I also expect any daily rewards that I lose through this to be refunded to me. I did what I was told to do, and it obviously worked since I was able to play until i restarted my PC.

I consider it malware and will be removing its waste from my PC asap.

Bohantopa.5729:

Looks like WinAuth was not allowed to save it’s configuration due to some program/process on your machine not allowing it. If you did not write down the secret key anywhere it is lost and you will need to write to support to get it unlinked.

WinAuth is not malware, it works just fine.

Probably this.
Check whether c:\Users\<username>\AppData\Roaming\WinAuth\winauth.xml exists.
If it does you can import the file in WinAuth.

I downloaded and used the WinAuth myself yesterday and had no issues.

Have you got a mobile phone (doesn’t have to be a smart phone) at all ? The reason I ask is that it’s a better option to just choose them to send you a text message, slightly safer and easier to set up. After reading the blog info today myself, I quickly changed to the text option. I would advise the same for anyone else, especially those having issues with WinAuth.

I did that, ran WinAuth, found the file, and when I click Open it just goes back to the Add prompt.

Still does not allow access to the game.

I appreciate the advice you have offered so far

Looks like I need a new secret code, and then to purge any trace of WinAuth from my PC.

Paulytnz.7619:

I downloaded and used the WinAuth myself yesterday and had no issues.

Have you got a mobile phone (doesn’t have to be a smart phone) at all ? The reason I ask is that it’s a better option to just choose them to send you a text message, slightly safer and easier to set up. After reading the blog info today myself, I quickly changed to the text option. I would advise the same for anyone else, especially those having issues with WinAuth.

Worth noting, if you are one of those that don’t have the unlimited text message, go review your cell phone plan to see if the charge for both incoming as well as outgoing SMS.

I guess I could use my phone authentication, but WinAuth doesn’t have the option on where to send the check code to. If I tried to install the mobile authenticator, will it still attempt to send one to the desktop authenticator?

I’d rather remove the garbage altogether, but I have to wait for another secret code I guess.

Very very poorly implemented change, but it isn’t really Anet’s fault this time. They didn’t write WinAuth.

starlinvf.1358:

Paulytnz.7619:

I downloaded and used the WinAuth myself yesterday and had no issues.

Have you got a mobile phone (doesn’t have to be a smart phone) at all ? The reason I ask is that it’s a better option to just choose them to send you a text message, slightly safer and easier to set up. After reading the blog info today myself, I quickly changed to the text option. I would advise the same for anyone else, especially those having issues with WinAuth.

Worth noting, if you are one of those that don’t have the unlimited text message, go review your cell phone plan to see if the charge for both incoming as well as outgoing SMS.

Thanks for that info as I wasn’t aware this could be an issue for people on “paid systems”. I use a prepaid phone which does not cost me anything to receive calls or texts. Tbh I only ever put $20 credit on it once a year and it suits me perfectly lol…

Yes I know the “average” person probably spends a LOT more than this, but still, if you are on any kind of a plan that charges YOU to receive texts I would have to say you are getting ripped off.

GuzziHero.5104:

I have contacted support. I also expect any daily rewards that I lose through this to be refunded to me.

Chill.. I got a new phone recently and yesterday got round to asking support to unlink the authenticator, figured it may take a few days but who cares, wasn’t causing me any problems..

Couple of hours later, it was unlinked, I was emailed and I’d reinstalled it on my phone.
Hopefully you’ll get sorted just as quick.

GuzziHero.5104:

I guess I could use my phone authentication, but WinAuth doesn’t have the option on where to send the check code to. If I tried to install the mobile authenticator, will it still attempt to send one to the desktop authenticator?

I’d rather remove the garbage altogether, but I have to wait for another secret code I guess.

Very very poorly implemented change, but it isn’t really Anet’s fault this time. They didn’t write WinAuth.

I wouldn’t even use the mobile app authenticator. Just choose the option for them to send you a text message, no need to add another pointless app to your phone when getting a text is just as easy. Unless of course you are one of these people who gets charged for getting texts sent to them….

TrendMicro has no issues with it either. We don’t use this for GW2, but we have used it for other things. Honestly, I hate AVG. It used to be a decent virus protection, but it has gone to kitten over the past several years, especially if you’re using AVG Free. If you’re using a paid version of AVG, OP, I might recommend looking at using that money on a better option.

Almost definitely going to have to contact support.

But lets stop for a second.

You failed to store your secret key in a safe but accessible location.
You have no one to blame for this but you.

Now, a great many people use WinAuth just fine.
Possible explanations:
You downloaded the program from somewhere other than the official source, and that unofficial copy has been modified to include malware designed to steal your information. With the surge in people looking to use it now is a ripe opportunity for such a modified program to show up.

Alternatively, you got a legit copy, but another program blocked it from doing some function (such as saving its configuration files), the most likely culprit being AVG, being that it was showing the application as a false positive (going on the assumption its a legit copy). It’s not AVGs or WinAuths fault if you don’t know how to use them properly.
I consider this far more likely.

Given that we don’t know for sure whether this is just a borked setup (it doesn’t actually install though, thus no uninstall is normal) or a trojan horse/keylogger I suggest contacting support ASAP.
IF the app stole your info (including a secret key) then even with 2 factor authentication someone else may have access.

Winauth states you need to write down the code.

if you do not you do not have a backup.
Which ALSO can cause poroblems when migrating to WIN 10…

starlinvf.1358:

Paulytnz.7619:

I downloaded and used the WinAuth myself yesterday and had no issues.

Have you got a mobile phone (doesn’t have to be a smart phone) at all ? The reason I ask is that it’s a better option to just choose them to send you a text message, slightly safer and easier to set up. After reading the blog info today myself, I quickly changed to the text option. I would advise the same for anyone else, especially those having issues with WinAuth.

Worth noting, if you are one of those that don’t have the unlimited text message, go review your cell phone plan to see if the charge for both incoming as well as outgoing SMS.

10 cents a message, in or out. Since I don’t text I only get messages and at one point a dozen SMS spams one month. I also know that pay as you go plans like TracFone also “charge” for SMS messages at the cost of 10 equals one minute of paid time. May no sound like a lot but still not “free”. It’s the presumption that “everybody” gets free SMS so they all think SMS 2-party authorization is a harmless way of doing this.

Behellagh.1468:

starlinvf.1358:

Paulytnz.7619:

I downloaded and used the WinAuth myself yesterday and had no issues.

Have you got a mobile phone (doesn’t have to be a smart phone) at all ? The reason I ask is that it’s a better option to just choose them to send you a text message, slightly safer and easier to set up. After reading the blog info today myself, I quickly changed to the text option. I would advise the same for anyone else, especially those having issues with WinAuth.

Worth noting, if you are one of those that don’t have the unlimited text message, go review your cell phone plan to see if the charge for both incoming as well as outgoing SMS.

10 cents a message, in or out. Since I don’t text I only get messages and at one point a dozen SMS spams one month. I also know that pay as you go plans like TracFone also “charge” for SMS messages at the cost of 10 equals one minute of paid time. May no sound like a lot but still not “free”. It’s the presumption that “everybody” gets free SMS so they all think SMS 2-party authorization is a harmless way of doing this.

Get a google voice account, send sms to that.
Should be able to get those messages for free
Only concern would be is it fast enough, I haven’t used it for that so I’m not sure.

I never use texting. I refuse to pay for incoming text, especially when it is spam texting, which was the large majority. So I had my phone company turn texting off. Is there another way to authenticate without texting? If not, I won’t use the double authenticator system.

See my above post about Google Voice for receiving SMS for free.

GuzziHero.5104:

I guess I could use my phone authentication, but WinAuth doesn’t have the option on where to send the check code to. If I tried to install the mobile authenticator, will it still attempt to send one to the desktop authenticator?

I’d rather remove the garbage altogether, but I have to wait for another secret code I guess.

Very very poorly implemented change, but it isn’t really Anet’s fault this time. They didn’t write WinAuth.

Those codes don’t get “sent”. It uses a combination of the time (on a fixed schedule), the secret key, and usually a PIN, to generate 2 identical codes on 2 different systems (one being a server), and compares them to validate an authentication attempt.

As long as you have the seed, you can sync up any code generator using the same algorithm.

Hotmail/Windows uses something slightly different, where the auth client polls the server for outstanding authentication calls, and you manually compare 2 codes (one on the auth client, and one on the login interface) and approve or deny a login attempt. On the plus side, you’re notified during any attempts. But on the down side, if you don’t pay attention you start just approving everything.

ScribeTheMad.7614:

See my above post about Google Voice for receiving SMS for free.

https://www.guildwars2.com/en/news/a-new-way-to-protect-your-account/

We require a legitimate cell phone or landline phone number, not something like Google Voice, and we verify the phone number.

Khisanth.2948:

ScribeTheMad.7614:

See my above post about Google Voice for receiving SMS for free.

https://www.guildwars2.com/en/news/a-new-way-to-protect-your-account/

We require a legitimate cell phone or landline phone number, not something like Google Voice, and we verify the phone number.

Aw, I missed that, that sucks :/

Behellagh.1468:

starlinvf.1358:

Paulytnz.7619:

I downloaded and used the WinAuth myself yesterday and had no issues.

Have you got a mobile phone (doesn’t have to be a smart phone) at all ? The reason I ask is that it’s a better option to just choose them to send you a text message, slightly safer and easier to set up. After reading the blog info today myself, I quickly changed to the text option. I would advise the same for anyone else, especially those having issues with WinAuth.

Worth noting, if you are one of those that don’t have the unlimited text message, go review your cell phone plan to see if the charge for both incoming as well as outgoing SMS.

10 cents a message, in or out. Since I don’t text I only get messages and at one point a dozen SMS spams one month. I also know that pay as you go plans like TracFone also “charge” for SMS messages at the cost of 10 equals one minute of paid time. May no sound like a lot but still not “free”. It’s the presumption that “everybody” gets free SMS so they all think SMS 2-party authorization is a harmless way of doing this.

Well that’s just crazy, here in New Zealand we don’t have such systems in place (charged for getting calls/texts). I used to work for the biggest phone company here too so I know all of the plans and how they all work. All other phone companies here are the same. I guess other parts of the world are not so lucky. But for us we get ripped off just for internet in general where as most of you stateside have it far better than us…I guess the grass really is greener on the other side of the fence and all that huh lol?

I’m back!

Many thanks to GM Zero and the Anet support team for speedily rectifying the issue! They removed the 2-step authentication for me.

I think I will try a mobile authenticator next time.

WinAuth is garbage and false positives as malware on AVG, Avira, BitDefender, and Kapersky. I suggest NOT using it until WinAuth gets their CRAP together to fix this.

Instead I suggest downloading either Bluestacks, or Andy, and install the Android platform Authenticator in there instead. This does the same as WinAuth, but it wont be broken by the AV Engines that flag it as an infection.

Paulytnz.7619:

Behellagh.1468:

starlinvf.1358:

Paulytnz.7619:

I downloaded and used the WinAuth myself yesterday and had no issues.

Have you got a mobile phone (doesn’t have to be a smart phone) at all ? The reason I ask is that it’s a better option to just choose them to send you a text message, slightly safer and easier to set up. After reading the blog info today myself, I quickly changed to the text option. I would advise the same for anyone else, especially those having issues with WinAuth.

Worth noting, if you are one of those that don’t have the unlimited text message, go review your cell phone plan to see if the charge for both incoming as well as outgoing SMS.

10 cents a message, in or out. Since I don’t text I only get messages and at one point a dozen SMS spams one month. I also know that pay as you go plans like TracFone also “charge” for SMS messages at the cost of 10 equals one minute of paid time. May no sound like a lot but still not “free”. It’s the presumption that “everybody” gets free SMS so they all think SMS 2-party authorization is a harmless way of doing this.

Well that’s just crazy, here in New Zealand we don’t have such systems in place (charged for getting calls/texts). I used to work for the biggest phone company here too so I know all of the plans and how they all work. All other phone companies here are the same. I guess other parts of the world are not so lucky. But for us we get ripped off just for internet in general where as most of you stateside have it far better than us…I guess the grass really is greener on the other side of the fence and all that huh lol?

It really depends on the state of the networks, and the local laws. If the carriers find it financially beneficial to do cheap peering with each other, then they’ll do it. Otherwise…. well, its not good when they don’t have incentive.

sirsquishy.8531:

WinAuth is garbage and false positives as malware on AVG, Avira, BitDefender, and Kapersky. I suggest NOT using it until WinAuth gets their CRAP together to fix this.

Instead I suggest downloading either Bluestacks, or Andy, and install the Android platform Authenticator in there instead. This does the same as WinAuth, but it wont be broken by the AV Engines that flag it as an infection.

BS, I put WinAuth on yesterday (3.18) and I have BitDefender. No issue, works fine.

GuzziHero.5104:

I have contacted support. I also expect any daily rewards that I lose through this to be refunded to me. I did what I was told to do, and it obviously worked since I was able to play until i restarted my PC.

I consider it malware and will be removing its waste from my PC asap.

You shouldnt expect anything. If anything, take up your issue over loss rewards with the maker of your AVS, as THAT is going to be the culprit behind something not working correctly. Especially since you said it flagged WinAuth, but didnt bother looking into that.

doesnt it warn you that when you install this program, you are supposed to disable antivirus progs? as an AVP would likely prevent it from extracting or saving properly?

Maybe you should consider avg to be the trash it is...

GuzziHero.5104:

This program doesn’t install properly, it has no uninstall option, and I am having to click to accept it every time I start Windows.

It runs as a process, not an application.

Both AVG and AdAware consider it malware, and I cannot access exceptions for it.

And now I cannot access either the forums or the game on my main account, I am having to use my second account to post this.

Not best chuffed atm.

after reading your post i found your problem fully. and i will point it out to you . and give you a good recommendation for the easy fix . your frist and second problems are both one and the same AVG and AdAware that is your problems all together. i hate to say but they both have been fully well proven to be very useless and let back door viruses in as well as money hack virus too. the easy fix part is this go to amazon or the company,s direct site. and pay for the latest version of Trend micro . at lest you will be more then covered all the way around. and it updates at lest 3 a day . and it will not let you get any kind of virus if you use the recommend setting,s . in doing that you will be able to get back in game and forums too and much more.

I was going to say… both Malwarebytes and Webroot are fine with it and I’m not seeing any processes running in task manager. I haven’t run AVG in years, heard it had gone to crap, so I agree that OP needs to get some better protection going.

I uninstalled every system that had any Lavasoft product (AdAware) when Lavasoft was bought by a malware company back in 2011.

If you got the Beta version of WinAuth that could be your problem as well. Try the older version.