Jump to content

IF YOU THINK THE MODPACK GOT A VIRUS


Recommended Posts

Posted

image.gif.dd676977da124815d0b53a2e4680b0bc.gif

 

If your anti-virus app flagged, quarantined or deleted the .exe file of Aslain's modpack, because it thinks it is infected with a virus, please follow the steps below to double check the file BEFORE you report it here or somewhere else. You will see it's a false positive.

 

You, like most players, are probably using only one AV app and that may make a mistake, however VirusTotal will verify the file with many AV engines: it used 62 AV engines the last time I submitted a file. So before you inadvertently start a panic by posting a well intentioned but incorrect virus warning about Aslain's modpack and make yourself look like a fool, please follow these steps:

 

  1. Go to the VirusTotal website, upload the file and wait for the results of the scan.
  2. Compare the SHA-256 hash value VirusTotal computed with the one Aslain published. If they are not the same, then the modpack you have downloaded is either damaged, corrupted or adulterated, it's not the original file Aslain published. Download the file again from HERE. If the hashes match, then
  3. check the results table:
    1. There should be no virus detection by any of the AV engines. (Alright, you have gone to VirusTotal and uploaded the file because your AV flagged it, so if it's one of the engines VirusTotal uses it may still flag it as virus detected, but don't be surprised if it does not anymore: the AV company may have cleared the file on their own, or someone already reported the false positive to them.)
    2. If one or two AV engines detected a virus in the file while the rest did not, it's really-really high probability that the few were wrong (to think it's infected) and the many were right (that it's clean).
    3. If still in doubt, submit the file to your AV app provider. I did it once, and told Bitdefender they are mistakenly flagging Aslain's modpack as infected. They acknowledged it and corrected it on all their customers' PCs worldwide in a few hours.
    4. If most or all of the AV engines on VirusTotal flag it as infected, and your AV provider comes back to you and says the file is indeed infected, by all means, go ahead quick and make that post, sound the fire alarm, ping Aslain, ring the church bells, you'll be helping many players!!!

 

p.s. For our convenience, Aslain publishes his modpack as an executable. It's a self extracting compressed file that gets very busy when you double click it: it will create a lot of directories, (some of them temporary), it will also populate them with a lot of files, (some of them also temporary) and some of those files are batch files and some are scripts. Many years ago, this was one of the ways viruses found their way onto your PC. Not anymore, viruses got much more sophisticated, yet AV apps still look at self-extracting executables, that install things, with suspicion. That's kinda justifiable. What's much less justifiable is the use of heuristics and 'reputation' scores some AV engines and even some browsers do in hopes of ID-ing malicious websites and catching malware based on zero day exploits. These are about as useful as kicking the tires on the used car you are thinking of buying, making you feel good while giving no info whatsoever, but they are prone to false positives and are a bit shady as one can buy a way around them. Reputation can be bought by paying one of the major vendors to get your file or site 'certified'. If you don't enroll, reputation can be built up over time. (like buying premium vs. grinding.) Aslain has no money or time to get his modpack certified. The modpack is updated frequently and every new version starts from scratch in building up it's reputation, so they seldom get there. For us, it's about some slightly useful, entertaining or good looking mods for an obscure shooty-boat game. For Aslain, it's his livelihood. He'll do everything he can to keep his modpack clean. And he is quite good. Cheers!

  • Upvote 2
  • Capt_Oveur changed the title to IF YOU THINK THE MODPACK GOT A VIRUS

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.