M2000 DLL tagged as trojan with DCS 2.9.5.55918?

[ataribaby]

I got this file tagged as trojan during DCS 2.9.5.55918 install. Using default latest W10 MS antivirus.

 

Edited June 5, 2024 by ataribaby

[Esac_mirmidon]

False positive

[ataribaby]

Ok thanks.

[finger]

Hi,the same case,but with MiG-21.

[lvl4f]

The same thing happens to me with the Harrier module, I wrote a post in the Razbam section, but the problem is that only casual people who have nothing to do with the software development in question answered me, saying the same thing, which is a false positive.

 How do they know that? They have no idea, but they still assume it's a false positive.

 To make matters worse in my case, I uninstalled the module, and it still shows me the active virus, I no longer know what to do to fix that problem, here is a screenshot.

[Rudel_chw]

4 minutes ago, lvl4f said:

only casual people who have nothing to do with the software development in question answered me, saying the same thing, which is a false positive.

Promise to myself: never again answer antivirus  questions, not worth it 

[razo+r]

12 minutes ago, lvl4f said:

The same thing happens to me with the Harrier module, I wrote a post in the Razbam section, but the problem is that only casual people who have nothing to do with the software development in question answered me, saying the same thing, which is a false positive.

 How do they know that? They have no idea, but they still assume it's a false positive.

 To make matters worse in my case, I uninstalled the module, and it still shows me the active virus, I no longer know what to do to fix that problem, here is a screenshot.

Look, if you already don't trust the casual people, why do you keep posting in every single topic you find on a forum full of casual people the same thing over and over again? 

At this point you should just contact the customer support if you don't trust anyone but the developers... 

[AdrianL]

10 minutes ago, lvl4f said:

I uninstalled the module, and it still shows me the active virus,

First of all, it is not a virus. It is just because the file is encrypted but not signed. Defender would have classified as a low severity. If Defender thought it was a actual virus the severity would have been much higher.
'Packunwan'  is a generic warning for 'potentially' unwanted packing i.e. encryption.

Secondly, you are seeing the quarantined file. It will remove itself after 30 days (default setting). The file is not on your system anymore.

[lvl4f]

1 hour ago, AdrianL said:

Secondly, you are seeing the quarantined file. It will remove itself after 30 days (default setting). The file is not on your system anymore.

No, it was not in quarantine, "it did not go to quarantine",and nor was it going to delete itself,...

 Finally, I checked the Microsoft forum and it turned out to be a bug in the Microsoft Defender alert system...

 In my case, every time I clicked on the action of eliminating the threat and restarting my computer, it was detected again, and it continued to be added to the other reports, without being deleted, and my Microsoft Defender also continued with an alert big yellow icon.

 The solution in case it happens to someone else is to restart the PC in safe mode, go to the "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service" folder, and delete everything there (they will only be able to access to this folder in safe mode), Obviously this is achieved after uninstalling the module and that library is no longer in the system.

 After that, restart the PC and use Windows Defender in full mode, to scan the entire system, after that the alert finally disappeared, it is still a problem since I cannot use a legitimately purchased module.

Edited June 5, 2024 by lvl4f

[lvl4f]

1 hour ago, razo+r said:

Look, if you already don't trust the casual people, why do you keep posting in every single topic you find on a forum full of casual people the same thing over and over again? 

At this point you should just contact the customer support if you don't trust anyone but the developers... 

What's wrong?, Are you following me all over the forum?, do you have a problem with me, I tried to ignore you the other times, but I see that it can't be done..

 

 Anyway, my only answer is going to be the following...

 First, I post in every post about this topic, so as not to generate another post about the same thing.

 Second, I do it so that it becomes relevant, and so some Razbam or ED developer deigns to answer.

 Clearly in my ONLY original post on the Razbam forum the header says this:

"I am writing to the people involved in the development of this module, hoping for a prompt response to my problem. "

 This situation has caused me too many problems, the whole day wasted looking for solutions, and on top of everything, having to read nonsense, I really don't know if it is a generational or cultural issue, but if, I don't know about something, I don't speak and I don't even write.

[Esac_mirmidon]

Just make an exception on your antivirus with that file, or not. It´s up to you,

I have the whole DCS folder like that. Still here, nothing exploded.

[silverdevil]

1 hour ago, lvl4f said:

What's wrong?, Are you following me all over the forum?, do you have a problem with me, I tried to ignore you the other times, but I see that it can't be done..

 

 Anyway, my only answer is going to be the following...

 First, I post in every post about this topic, so as not to generate another post about the same thing.

 Second, I do it so that it becomes relevant, and so some Razbam or ED developer deigns to answer.

 Clearly in my ONLY original post on the Razbam forum the header says this:

"I am writing to the people involved in the development of this module, hoping for a prompt response to my problem. "

 This situation has caused me too many problems, the whole day wasted looking for solutions, and on top of everything, having to read nonsense, I really don't know if it is a generational or cultural issue, but if, I don't know about something, I don't speak and I don't even write.

do not take it personally. @razo+r is obviously someone who knows what they are doing with over 248 forum solutions. i agree with him. just add exclusions if you are comfortable with it. i personally have exclusions for my AV. it will also improve load times of the sim. buena suerte!

[Czar66]

2 hours ago, lvl4f said:

This situation has caused me too many problems, the whole day wasted looking for solutions, and on top of everything, having to read nonsense, I really don't know if it is a generational or cultural issue, but if, I don't know about something, I don't speak and I don't even write.

Some people here are not that clueless that a false positive in their AV wasted their whole day and instead are trying to help. Make an exception on the whole DCS root folder and make a DCS repair to recover the DLL file and the issue will be gone.

AV issues spans more than a decade with authentication files.
 

3 hours ago, Rudel_chw said:

Promise to myself: never again answer antivirus  questions, not worth it 

I'm afraid I'm on the same road. Be well. It is really not worth it.

Edited June 5, 2024 by Czar66

[Flappie]

22 hours ago, lvl4f said:

To make matters worse in my case, I uninstalled the module, and it still shows me the active virus, I no longer know what to do to fix that problem, here is a screenshot.

It still shows because it is present in the "_downloads" folder, which is used by the DCS updater as a cache folder. Simple: delete the while "_downloads" folder. It will be recreated the next time DCS gets updated.

[lvl4f]

1 hour ago, Flappie said:

It still shows because it is present in the "_downloads" folder, which is used by the DCS updater as a cache folder. Simple: delete the while "_downloads" folder. It will be recreated the next time DCS gets updated.

Thank you for your advice, finally the detection problem was resolved, I would like to take this opportunity to ask if you have any idea if they are going to solve this problem with the antivirus, so I can use the harrier module, thank you very much.

[Flappie]

I don't know much about the subject, but since these antivirus claims appear to be false positives, there's not much that ED can do, I guess.

See some pieces of advice from Steam: https://help.steampowered.com/en/faqs/view/5F3D-1477-AFF9-C4F3

Many users have already reported the issue here. Now maybe it's time for some of them to contact their antivirus providers too.

[lvl4f]

7 hours ago, Flappie said:

I don't know much about the subject, but since these antivirus claims appear to be false positives, there's not much that ED can do, I guess.

See some pieces of advice from Steam: https://help.steampowered.com/en/faqs/view/5F3D-1477-AFF9-C4F3

Many users have already reported the issue here. Now maybe it's time for some of them to contact their antivirus providers too.

Thanks again, I will have to wait for a solution, although seeing the situation with Razbam, (which I was completely unaware of), I think that asking for a refund and trying to exchange for another module is the best situation,... anyway, thank you.

[lvl4f]

On 6/5/2024 at 4:44 PM, Rudel_chw said:

Promise to myself: never again answer antivirus  questions, not worth it 

The promise to yourself that you must remember is not to get involved in what you are not invited to, or better yet, not to give an opinion on anything that you have not been asked for an opinion on.

 

P.D.: Cualquier otra cosita la seguimos por privado, así dejás de hacer circo por acá, ok?.

[silverdevil]

14 hours ago, lvl4f said:

Cualquier otra cosita la seguimos por privado, así dejás de hacer circo por acá, ok?.

ha! El circo es que pones tu pregunta aquí y solo quieres ver lo que quieres escuchar.

i did not realize these forums were invite only. if you want help you need to be a little more open minded on the answers.  its not even your thread.

buena suerte por tu cuenta.

[Ithronwise]

On 6/6/2024 at 9:52 PM, Flappie said:

I don't know much about the subject, but since these antivirus claims appear to be false positives, there's not much that ED can do, I guess.

ED could contact Microsoft and find out why these files are suddenly being recognized as PUAs. If it's a bug in Windows Defender, Microsoft should fix it soon, if it's because these encrypted files don't have trusted certificates, ED (or Razbam) should create certificates for them. It's not the customers' job to do these things, and it's highly dangerous to just say “don't worry, it's a false positive”. Next time it may not be a false positive, but then no one will take it seriously (you know the story about the boy who kept shouting “wolves!”?).

[silverdevil]

35 minutes ago, Ithronwise said:

ED could contact Microsoft and find out why these files are suddenly being recognized as PUAs. If it's a bug in Windows Defender, Microsoft should fix it soon, if it's because these encrypted files don't have trusted certificates, ED (or Razbam) should create certificates for them. It's not the customers' job to do these things, and it's highly dangerous to just say “don't worry, it's a false positive”. Next time it may not be a false positive, but then no one will take it seriously (you know the story about the boy who kept shouting “wolves!”?).

there are two sides to this discussion. maybe ED should submit their files sure. but historically all good AV vendors have a way to submit a file for review by an end user. that way its not ED saying "we do not have viruses in our code. trust us." the AV vendor responsibility is to the end user that pays for the AV software. not to ED in this case.

ED EULA is quite clear.

Quote

10.1 The Licensor will not be liable or responsible for any failure to perform, or delay in performance of, any of his obligations under this Licence that is caused by an event outside its reasonable control.

how can they be responsible for AV or anything else on an end user's computer?

[Ithronwise]

8 minutes ago, silverdevil said:

how can they be responsible for AV or anything else on an end user's computer?

Can we be sure it is just a bug in the Windows Defender? In this special case it is highly probable a false positive, but it still has a bad taste and you always should remain skeptical.
In my job, I always tell people: “When you are on the internet, receiving emails or chat messages, always be paranoid. If you have a bad feeling, don't open the website, don't click on the link, don't start the download, don't open the file, because in most cases your feeling is right."

[BJ55]

All good recommendations, but if you rely on Defender and Win firewall expect the worst.

[lvl4f]

3 hours ago, silverdevil said:

ha! El circo es que pones tu pregunta aquí y solo quieres ver lo que quieres escuchar.

i did not realize these forums were invite only. if you want help you need to be a little more open minded on the answers.  its not even your thread.

buena suerte por tu cuenta.

And who wrote to you? Nobody called you, it seems that you have a lot of free time to continue writing meaningless things.

 It is also dangerous for the normal user of the forum, for you to give "advice", also when THEY ARE NOT REQUESTED on topics that you have no idea about.

 Maybe I think ED should control this dangerous situation, because in your desire to "harvest hearts" from the threads, you are capable of answering things from total ignorance, so stop distorting the post, buy yourself a life.

Here is the original post, it is clearly seen that it is not aimed at CASUALS:

 

[maxTRX]

1 hour ago, BJ55 said:

All good recommendations, but if you rely on Defender and Win firewall expect the worst.

It takes a bit more effort to configure properly, I think...   BTW, few days ago my Defender almost gave me a heart attack.  I left a copy of Kali Linux ISO in my D/L folder and forgot about it. When the Defender scanned my rig it went bonkers...  around 50 severe/critical threats detected, lights flashing, sirens going off! .   All these pen testing goodies...