Jump to content

Windows Defender finds Malware in v.9.17.0.1 #28 (18-01-2017)


Recommended Posts

My windows 10 machine reported this malware in the middle of the install process:

 

---------8<---------

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=PWS%3aWin32%2fLineage.gen!C.dam&threatid=2147583492&enterprise=0

 

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer. 

Category: Password Stealer

Description: This program is dangerous and captures user passwords.

Recommended action: Remove this software immediately.

Items: 
file:C:\Games\World_of_Tanks\res_mods\configs\xvm\Aslain\is-QI3PV.tmp

Get more information about this item online.

--------------8<------------

 

Anyone else notice? Recommendations?

 

Thanks,

 

Gefion

 

Link to comment

Well, aside from the windows haters and folks that suggest that because a program that never had a virus before cannot have one which is sadly an argument that provides no assurance whatsoever, it looks like Norton has the same issue so there is likely some code in one of the mods that is part of a signature of a virus, even if it is not the virus itself. I will go grab a couple of other anti-malware programs and see if I can replicate these findings. I have definitely seen before where a bad signature was chosen that brings in all kinds of false positives.

 

If someone actually knows the code involved in the module being flagged (I am no Python or Mod expert) and can show it can't possibly be a virus and instead is most likely a false positive, I would be happy to submit that to Norton and Microsoft for them to re-evaluate their choice of signatures.

Link to comment
  • Moderator
5 minutes ago, Tad said:

If someone actually knows the code involved in the module being flagged (I am no Python or Mod expert) and can show it can't possibly be a virus and instead is most likely a false positive, I would be happy to submit that to Norton and Microsoft for them to re-evaluate their choice of signatures.

It's a temporary file that gets flagged, for whatever reason. When Aslain feels better, I'm sure he'll drop by this thread and answer it.

 

We already had issues with the folder renaming tool, that got falsely reported by some anti virus as being bad, which it wasn't/isn't :)

Link to comment
1 hour ago, Tad said:

Well, aside from the windows haters and folks that suggest that because a program that never had a virus before cannot have one which is sadly an argument that provides no assurance whatsoever, it looks like Norton has the same issue so there is likely some code in one of the mods that is part of a signature of a virus, even if it is not the virus itself. I will go grab a couple of other anti-malware programs and see if I can replicate these findings. I have definitely seen before where a bad signature was chosen that brings in all kinds of false positives.

 

If someone actually knows the code involved in the module being flagged (I am no Python or Mod expert) and can show it can't possibly be a virus and instead is most likely a false positive, I would be happy to submit that to Norton and Microsoft for them to re-evaluate their choice of signatures.

No one is a windows hater, we all just have a lot of issues with it. It's been a source of problems for a lot of people who use this modpack in may ways. There is absolutely nothing wrong with this modpack and it carries no viruses. I did however suggest a way to confirm that there is no viruses with the modpack above in my first reply to your post so you can put your mind at ease on the issue. and if you read through a the forums this has been an issue that has been brought up before that has confirmed there is no issue with the modpack. Now that is of course that you only downloaded the modpack directly from this site and not somewhere else.

Link to comment

False positive for a file that re-names folders within your mod directory, AV's are right to flag this as it 'can' be used maliciously, but I can guarantee Aslain is not using it that way, it's just for installing mods.

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.