Jump to content
Tad

Windows Defender finds Malware in v.9.17.0.1 #28 (18-01-2017)

Recommended Posts

My windows 10 machine reported this malware in the middle of the install process:

 

---------8<---------

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=PWS%3aWin32%2fLineage.gen!C.dam&threatid=2147583492&enterprise=0

 

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer. 

Category: Password Stealer

Description: This program is dangerous and captures user passwords.

Recommended action: Remove this software immediately.

Items: 
file:C:\Games\World_of_Tanks\res_mods\configs\xvm\Aslain\is-QI3PV.tmp

Get more information about this item online.

--------------8<------------

 

Anyone else notice? Recommendations?

 

Thanks,

 

Gefion

 

Share this post


Link to post
Share on other sites

That's pretty bizarre as this modpack or any other from Aslain has never had a virus........ let alone a password stealer. I suggest getting and installing Malewarebytes and use that to double check as they are more reliable than windows defender

Share this post


Link to post
Share on other sites

windows defender says it all , windows defender is the problem

Share this post


Link to post
Share on other sites
2 hours ago, bubs79 said:

windows defender says it all , windows defender is the problem

Which is why I never use it......

Share this post


Link to post
Share on other sites

Well, aside from the windows haters and folks that suggest that because a program that never had a virus before cannot have one which is sadly an argument that provides no assurance whatsoever, it looks like Norton has the same issue so there is likely some code in one of the mods that is part of a signature of a virus, even if it is not the virus itself. I will go grab a couple of other anti-malware programs and see if I can replicate these findings. I have definitely seen before where a bad signature was chosen that brings in all kinds of false positives.

 

If someone actually knows the code involved in the module being flagged (I am no Python or Mod expert) and can show it can't possibly be a virus and instead is most likely a false positive, I would be happy to submit that to Norton and Microsoft for them to re-evaluate their choice of signatures.

Share this post


Link to post
Share on other sites
5 minutes ago, Tad said:

If someone actually knows the code involved in the module being flagged (I am no Python or Mod expert) and can show it can't possibly be a virus and instead is most likely a false positive, I would be happy to submit that to Norton and Microsoft for them to re-evaluate their choice of signatures.

It's a temporary file that gets flagged, for whatever reason. When Aslain feels better, I'm sure he'll drop by this thread and answer it.

 

We already had issues with the folder renaming tool, that got falsely reported by some anti virus as being bad, which it wasn't/isn't :)

Share this post


Link to post
Share on other sites
1 hour ago, Tad said:

Well, aside from the windows haters and folks that suggest that because a program that never had a virus before cannot have one which is sadly an argument that provides no assurance whatsoever, it looks like Norton has the same issue so there is likely some code in one of the mods that is part of a signature of a virus, even if it is not the virus itself. I will go grab a couple of other anti-malware programs and see if I can replicate these findings. I have definitely seen before where a bad signature was chosen that brings in all kinds of false positives.

 

If someone actually knows the code involved in the module being flagged (I am no Python or Mod expert) and can show it can't possibly be a virus and instead is most likely a false positive, I would be happy to submit that to Norton and Microsoft for them to re-evaluate their choice of signatures.

No one is a windows hater, we all just have a lot of issues with it. It's been a source of problems for a lot of people who use this modpack in may ways. There is absolutely nothing wrong with this modpack and it carries no viruses. I did however suggest a way to confirm that there is no viruses with the modpack above in my first reply to your post so you can put your mind at ease on the issue. and if you read through a the forums this has been an issue that has been brought up before that has confirmed there is no issue with the modpack. Now that is of course that you only downloaded the modpack directly from this site and not somewhere else.

Share this post


Link to post
Share on other sites

'Avira Anti Virus Pro does not report any problems with the modpack.  It was reporting that folder renaming tool falsely, but I simply added it to the safe list.  All is good.

Share this post


Link to post
Share on other sites

False positive for a file that re-names folders within your mod directory, AV's are right to flag this as it 'can' be used maliciously, but I can guarantee Aslain is not using it that way, it's just for installing mods.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.