Jump to content

Getting a defender message saying Packunwan malware in the HeatblurJester.dll


Recommended Posts

Im getting a message from windows defender that there's a malware program called Packunwan  affecting DCS World OpenBeta\Mods\aircraft\F-4E\bin\HeatblurJester.dll      . I havnt got any mods on DCS other than reshade and Im not sure if somethings wrong or if this is a false positive by windows defender.  Any advice appreciated.

Link to comment
Share on other sites

AV's prefer to be cautious since threat actors are using VMprotect to obfuscate their malware. For professional reasons I have a strong protection and strict configuration, until now I didn't noticed any unwanted behaviour of ED's dlls, probably the detection is only due to expired/stolen certificates.

  • Like 1

I7-12700F, 64GB DDR4 3600 (XMP1), Asus Z670M, MSI RTX 3070, TIR 5, TM WH VPC base, Win10 Pro

Link to comment
Share on other sites

My Computer has started to show the very same condition after updating DCS this evening. 

file: D:\Steam\steamapps\downloading\223750\Mods\aircraft\M-2000C\bin\M2KC_CPT.dll      - PUA:Win32/GameHack  19/06/2024 22:30 (Active)

file: D:\Steam\steamapps\downloading\223750\Mods\aircraft\F-4E\bin\HeatblurJester.dll        - PUA:Win32/Packunwan 19/06/2024 22:30 (Active)

 


Edited by Ryansw
additional information added
Link to comment
Share on other sites

thats identical to what I am getting .  

14 hours ago, Ryansw said:

My Computer has started to show the very same condition after updating DCS this evening. 

file: D:\Steam\steamapps\downloading\223750\Mods\aircraft\M-2000C\bin\M2KC_CPT.dll      - PUA:Win32/GameHack  19/06/2024 22:30 (Active)

file: D:\Steam\steamapps\downloading\223750\Mods\aircraft\F-4E\bin\HeatblurJester.dll        - PUA:Win32/Packunwan 19/06/2024 22:30 (Active)

 

 

 

Link to comment
Share on other sites

  • 3 weeks later...

What is the fix / workaround for this issue please?  I'm using Norton AV software.  I've been using the Phantom without a problem since its release, but when I fired up DCS last night for the first time in a week it would not authorise the Phantom module and consequently disabled it.

I'm struggling to figure out how to get Norton AV to accept the HeatbluJester.dll file as non-threatening.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...