Anti-Virus picks up Trojan in ED products installer

[Crumpp]

It has never had an issue with anything from ED products until the latest update of DCS World 1.5

 

 

It is picking up a Tojan-downloader.Win64.Agent.bb.

[dooom]

I this a result of the new seeding strategy? Maybe a seeder was infected?

[c0ff]

hmm, same report on the russian side of the forum.

looks like a false positive.

 

just for you information: dcs_updater is digitally signed, and everything it downloads from our servers is digitally signed as well. so at least it gets from the servers exactly what we put there.

files which are downloaded by torrents are checked even twice - once by the torrent code (because it works this way), and the second time - when they are decompressed.

[USSR_Rik]

No viruses.

[Crumpp]

When I run the DCS repair and updater, the anti-virus picks it up again.

 

If I tell the antivirus to ignore it, the game hangs up and does not load more than 10%.

[Drach25]

When I run the DCS repair and updater, the anti-virus picks it up again.

 

If I tell the antivirus to ignore it, the game hangs up and does not load more than 10%.

 

Same

[SkateZilla]

Add DCS folder to exempt list of your virus protection suite.

 

there are several things that will trigger a false positive or depending on how strict your settings are, remove files and list them as PUP (Potentially Unwanged Program).

[Crumpp]

Add DCS folder to exempt list of your virus protection suite.

 

I have and it keeps picking it up. I am dead in the water for loading the game.

[Thasord]

Anti-Virus conflict

 

Recently my antivirus detected and deleted a dll archive ( the file is linked below). Could someone explain what happened?

[sobek]

False positive. Contact the AV manufacturer.

[QuiGon]

When I run the DCS repair and updater, the anti-virus picks it up again.

 

If I tell the antivirus to ignore it, the game hangs up and does not load more than 10%.

 

I have and it keeps picking it up. I am dead in the water for loading the game.

 

Same here :(

[ShepherdDimaloun]

Kaspersky anti virus says dcs world has a trojan virus

 

Hi,

 

I'm new to DCS World and to the forum, i already played 40 hours with it and i love it but from today(27-11) i get everytime i start the game a pop up of my Anti Virus that there is a trojan file in dcs world, even if i clean the file up with kaspersky and redownloaded it from steam it gives me the same message.

 

This is what kasperky think it is: Trojan-Downloader.Win64.Agent.bb

FileName: lua-ED_demosceneAPI.dll

 

I have 4 dlc's that i bought on steam, i dont use free mods.

 

Is this a false-positive? or is steam game database hacked?

 

Thanks

Edited November 27, 2015 by ShepherdDimaloun

[QuiGon]

Same here :(

 

Ok, it's working now after I added it to the exempt list of my virus protection software, but I don't feel really comfortable about it.

[Crumpp]

I chatted with Kaspersky Labs. They did a bunch of diagnostics and downloaded all the logs and a copy of the file.

 

It is being looked at by their techs. It will either get fixed or confirmed to be a virus/hack.

[pdrgnn]

Same here: lua-ED_demosceneAPI.dll

Start screen of DCS stop at 10%

Item deleted from Kaspersky quarantene....

Repair DCS: no success

Should I reinstall everything?

[Nedum]

That's not the problem, but this program has a functionality that could be used to infect the computer with other programs.

It looks like that it works like a trojan.

 

I've asked the Kaspersky team and have to wait for an answer, untill then I will delete DCS.

 

https://securelist.social-kaspersky.com/en/descriptions/Trojan-Downloader.Win64.Agent.bb

 

I really have to ask why this program must be masked and work exactly like the named trojan program? :huh:

There was never such a message before from this program or any other!

Why now if this is not a trojan?

 

 

Edited November 27, 2015 by Nedum

[Nedum]

When I run the DCS repair and updater, the anti-virus picks it up again.

 

If I tell the antivirus to ignore it, the game hangs up and does not load more than 10%.

 

Same for me!

 

Ok, it's working now after I added it to the exempt list of my virus protection software, but I don't feel really comfortable about it.

 

Would never do so!

So all other masked trojans could infekt your PC now. They only need to mask themself as the "lua-ED_demosceneAPI.dll" and you are done.

From my point of view it's EDs part to make it the right way.

I've reported this to Kaspersky and will wait what they will say.

Never ever would I believe what a developer will say to me. The program could be infected and the developer didn't noticed/knew this.

This is a way too hot for me.

Edited November 27, 2015 by Nedum

[Thasord]

False positive. Contact the AV manufacturer.

Ok, thanks for your help!:thumbup:

[Thasord]

Please let me know when they answer you.

Edited November 27, 2015 by Thasord

[xaoslaad]

That's not the problem, but this program has a functionality that could be used to infect the computer with other programs.

It looks like that it works like a trojan.

 

I've asked the Kaspersky team and have to wait for an answer, untill then I will delete DCS.

 

https://securelist.social-kaspersky.com/en/descriptions/Trojan-Downloader.Win64.Agent.bb

 

I really have to ask why this program must be masked and work exactly like the named trojan program? :huh:

There was never such a message before from this program or any other!

Why now if this is not a trojan?

 

 

AV's often identify legitimate programs as potential threats just because they can be used for nefarious purposes. I've seen this with eveything from vnc to nmap and in between. Could even be that the heuristics need to be tweaked.

[Crumpp]

I agree. It opens you up to attack if you just ignore it.

[Scoggs]

Getting the same as well. Kaspersky detects that file.

[GeorgeLKMT]

I think that if it was infected, there would be more AVs detecting it and not only ONE.

[grunf]

Avira says it's fine.

[pj]

ZoneAlarm also detects lua-ED_demosceneAPI.dll as a virus.