Jump to content

[FALSE POSITIVE]DCS World 2.6 trojan? worldgeneral.dll


NaOH1

Recommended Posts

  • Replies 164
  • Created
  • Last Reply

Top Posters In This Topic

I don't think it's a virus neither, but still this is a problem.

 

Update ran fine, but upon wanting to start DCS, Malwarebytes Premium popped up, quarantined immediately and prompted a restart.

 

It's flagged as "Ransomware" however rather than "Trojan" here.

 

Screenshot is out of MWB detection history.

 

EDIT: DCS Version is 2.5.6.43503

mwbdcs.png.25807b664e264b5b6b236b38cc89c4ad.png


Edited by theIRIEone
Link to comment
Share on other sites

Just uninstall these **** antivir programs, youre way safer without. The only thing they give you is false positives and a false feeling of safety.

 

Or, you could allow exceptions in your AV and "feel" much safer as well.

 

Either way, that shouldn't be the point to be discussed here, rather that it's acknowledged that certain AVs red-flag parts of DCS (the .exe itself in MWB, and apparently a different file in Kaspersky?).

 

I don't know if it's the AVs or DCS, but something is wrong and that needs to be addressed.

Link to comment
Share on other sites

McAfee reports virus in DCS.exe???

 

Having just finally finished the download and installation of the new update, I was greeted with the following from my anti-virus program.

 

"A virus tried to attack your PC, but we took care of it

 

What we found: Suspect!8d59ae9868aa

 

Where we found it: G:\DCS World\bin\DCS.exe"

 

I expect that it is probably a false positive, but it would be good to know this for sure and how i am supposed to get round it. Malwarebytes reports it as clean, but I will be sending a report to McAfee to hopefully get them to stop Total Protection from being overly cautious.

Link to comment
Share on other sites

Just uninstall these **** antivir programs, youre way safer without. The only thing they give you is false positives and a false feeling of safety.

 

Riiight! And I'll bet you don't vaccinate your kids either.

 

Both are GREAT suggestions! :cry:

<smh>

"Pride is a poor substitute for intelligence."

RAMBO

Link to comment
Share on other sites

Riiight! And I'll bet you don't vaccinate your kids either.

 

Both are GREAT suggestions! :cry:

<smh>

 

.....great response :doh:

 

Some anti-virus programs that are better than others...I think he obviously wasn't suggesting that you leave the computer unprotected, just get a better program and delete the crap one.

Modules owned:

 

FC3, M-2000C, Mig-21bis, F-5E, AJS-37 Viggen, F/A-18C, KA-50, Mi-8, F-14A&B, JF-17

Link to comment
Share on other sites

IDK, DCS will peg your CPU to 100% and not let your computer do anything else... Maybe Mcaffe is right ;)

New hotness: I7 9700k 4.8ghz, 32gb ddr4, 2080ti, :joystick: TM Warthog. TrackIR, HP Reverb (formermly CV1)

Old-N-busted: i7 4720HQ ~3.5GHZ, +32GB DDR3 + Nvidia GTX980m (4GB VRAM) :joystick: TM Warthog. TrackIR, Rift CV1 (yes really).

Link to comment
Share on other sites

I don't think it's a virus neither, but still this is a problem.

 

Update ran fine, but upon wanting to start DCS, Malwarebytes Premium popped up, quarantined immediately and prompted a restart.

 

It's flagged as "Ransomware" however rather than "Trojan" here.

 

Screenshot is out of MWB detection history.

 

EDIT: DCS Version is 2.5.6.43503

 

hmmmm, maybe 2020 heralds a new business model for ED?? ;)

 

Seriously though, it will be a false positive, caused by the AV being overly cautious

Link to comment
Share on other sites

Riiight! And I'll bet you don't vaccinate your kids either.

 

Both are GREAT suggestions! cry.gif

<smh>

 

Anti-Virus programs cant and wont magically protect you from threats out there, they can just protect you from threats that have been detected, analysed and defined by the antivir company. Depending on the threat and company this can take from a few hours and days to weeks or even month with threats being not spread widely. They naturally hang back for quite some time and in the meantime you are 100% vulnerable to this threat and by believing you are "protected" and surfing the web like being in god mode is the easiest way to catch something bad. You can click that link, you are "protected", arent you?

 

I actually suggest to leave the computer "unprotected" as Mobi call it (Windows Defender is all you need) and act accordingly, think twice before you download this "free" thingy or click this link in that email you just received. Antivir programs wont save you from anything if you act stupid and if you act clever youll never need one.

 

To use your analogy: using antivir programs is like being vacced against a certain flu variant and then bravely walking through a Corona-hospital because "you are safe". You are, right? Because the vac you received 2 month ago already knew how next month flu virus variant would look like, youre also automagically immune to other virus types like corona and it also cures cancer and athletes foot, right?

 

I bet your kids are vacced and you let them smoke 2 packs a day because... well, they are protected, right?

 

:thumbup::pilotfly:

Gone for good.

Link to comment
Share on other sites

Update ran fine, but upon wanting to start DCS, Malwarebytes Premium popped up, quarantined immediately and prompted a restart.

 

+1, same with Malwarebytes.

Intel i9-13900K : ASUS TUF RTX 4080 : 32GB G.Skill RipjawsV 4000 : TM HOTAS Warthog : HP Reverb G2

Link to comment
Share on other sites

Riiight! And I'll bet you don't vaccinate your kids either.

 

Both are GREAT suggestions! :cry:

<smh>

 

I don't run AV software and never have. I also haven't been infected in I don't know how many years (I install on rare occasions just to check). Safe browsing habits work wonders. AV software is like training wheels, attempting to idiot proof the internet for people who don't know wtf they're doing.

 

Protip: AV software won't protect you from getting infected if you are foolish

 

Edit - The last time I got infected was after clicking on something that I LITERALLY said to myself ''I shouldn't click this''. Miraculously I've been fine ever since. The overwhelming majority of infections are self inflicted FACT. Including the ''hacks'' you see on the news. Convincing some moron server employee to cough up his password is not ''hacking'', it is exploiting stupidity.


Edited by zhukov032186

Де вороги, знайдуться козаки їх перемогти.

5800x3d * 3090 * 64gb * Reverb G2

Link to comment
Share on other sites

Warning Beware.

 

Just downloaded the new update and it will not even run now. However i have had my Kaspersky inform me that its detected this, Malicious tool detected, VHO:Hacktool.Win32.Inject.gen. It now needs to disinfect and restart my PC. The location G:\DCS World OpenBeta\bin\WorldGeneral.dll Don't know if any one else has experienced this but thought i'd just bring to peoples attention. Now i'm going to let Kaspersky do its thing.

Link to comment
Share on other sites

I use AVAST and told that Dcs want to modify a protected folder...and I accepted...no problems here and DCS works fine...some times just some strange cursor movements, chrome opening and bank account showing random wire transfers to Nigeria but other than that everything seems Ok.

 

 

Dream Commodore 64C, 1530 datasette, 1541 floppy disk drive, DCS cartridge, competition pro joystick, 14” Tv with VCR.

Arturo "Chaco" Gonzalez Thomas

Link to comment
Share on other sites

I run Kaspersky Total Security and had the same problem. I've attached the Kaspersky log.

 

1. DCS would not start after 2.5.6 install due to WorldGeneral.dll being deleted by Kaspersky during the install.

 

2. I shut down Kaspersky and repaired the install.

 

3. Rebooted PC and DCS started without error. (Kaspersky is now running again.)

 

4. Ran a full antivirus scan. Kaspersky again deleted World General.dll

 

5. Turned off Kaspersky and repaired the install again.

 

6. Restarted Kaspersky.

 

7. Opened the settings for File Antivirus and excluded the WorldGeneral.dll file from scanning.

 

8. Ran an object scan against the DCS bin file - this time WorldGeneral.dll was not flagged and deleted.

 

For some reason, Kaspersky thinks that file is a threat as you described. See the attached log for details.

 

Edit: I can't upload the Kaspersky log because it says I already uploaded it in another thread, which I did, so now I can't upload it again even though I renamed it.

 

The log file is available here: https://forums.eagle.ru/showthread.php?t=263450


Edited by GeneralDynamics

System Specs:

Win 10 x64 Pro, ASUS Maximus X Formula, i9-9900K @ 4.7 GHz, 32GB Corsair Dominator Platinum 3200 MHz, NZXT Kraken X73 AIO Cooler, Titan X Pascal GPU, EVGA Supernova 1000W P2 PSU, C: 1TB Samsung 960 Pro m.2 PCIe SSD, D: 1TB Samsung 850 Pro SATA SSD, HT Omega Claro PCIe 7.1 Sound, Denon AVR-1709 7.1 Receiver, 46" Sharp Aquos Quattron Main Screen, 27" Acer T272HL TouchScreen + Helios, TrackIR 5, ThrustMaster HOTAS Warthog, Crosswinds pedals, SimShaker

Link to comment
Share on other sites

I got the same from Malwarebytes Premium as well... which auto quarantined it... I unquarantined it and did a DCS repair, tried to quarantine it again so I disabled Malwarebytes! That'll teach em! :D

My YT Channel (DCS World, War Thunder and World of Warships)

 

Too Many Modules to List

--Unapologetically In Love With the F-14-- Anytime Baby! --

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...