Castlevania Lords of Shadow Ultimate Edition Update 1-WaLMaR View previous topic :: View next topic  


NFOHump.com Forum Index - PC Game Dox
Page 1 of 1
rax369




Posts: 39
PostPosted: Mon, 2nd Sep 2013 01:38    Post subject: Castlevania Lords of Shadow Ultimate Edition Update 1-WaLMaR
Could anyone else confirm, this:

Update: Castlevania.Lords.of.Shadow.Ultimate.Edition.Update.1-WaLMaRT
File: steam_api.dll
Infected with: a variant of Win32/Packed.VMProtect.ABD trojan
AV: NOD v4.0.437

If that's true that game update would be useless! Evil or Very Mad

"tR@Nce is nOT JusT mUsIK, iTs A wAy oF lIFe... ITWT"
________
R@x
Back to top
[sYn]
[Moderator] Elitist



Posts: 8374
PostPosted: Mon, 2nd Sep 2013 01:54    Post subject:
I *believe* this is fine. Despite a lack of real information online I think the AV is picking up that the DLL is packed using VMProtect so it can't be reverse engineered.
Back to top
sabin1981
Mostly Cursed



Posts: 87805
PostPosted: Mon, 2nd Sep 2013 01:55    Post subject:
It's clean here on MSE and here is the VT result;

https://www.virustotal.com/en/file/bcbb4726948ec88bacedb29b4603f3c9b86f8b6a2d2ab27c6b2730d2923b52e4/analysis/1378079684/

False positives that come from standard heuristic scans due to compression.
Back to top
rax369




Posts: 39
PostPosted: Mon, 2nd Sep 2013 02:52    Post subject:
I don't know much about that site (virustotal.com) however in the analysis results the file was even found "infected" by some AVs, as stated:

AntiVir = TR/Black.Gen2
Comodo = UnclassifiedMalware
ESET-NOD32 = a variant of Win32/Packed.VMProtect.ABD
Fortinet = W32/Generic
Kaspersky = HEUR:Trojan.Win32.Generic
McAfee = Artemis!
McAfee-GW-Edition = Artemis!
Sophos = Mal/Generic-S

Do you think that even so, that could still be considered safe ??? Scratch Head

"tR@Nce is nOT JusT mUsIK, iTs A wAy oF lIFe... ITWT"
________
R@x
Back to top
sabin1981
Mostly Cursed



Posts: 87805
PostPosted: Mon, 2nd Sep 2013 02:57    Post subject:
They're all false positives, that's why some of them are "unclassified" and "generic" --- look, the site tests all the major AV suites and that's forty-six of them, with only eight "generic" flags you can feel fairly confident. Trust me, it's a false positive. NOD32 picks it up because it's a packed and encrypted file, done by the cracking group to prevent others stealing the crack and presenting it as their own. Most groups do that these days, which is why you read about "allowing the file in your antivirus" in the NFO files, well this kind of obfuscation can trigger false positives in scanners.
Back to top
rax369




Posts: 39
PostPosted: Mon, 2nd Sep 2013 03:42    Post subject:
sabin1981 wrote:
NOD32 picks it up because it's a packed and encrypted file, done by the cracking group to prevent others stealing the crack and presenting it as their own. Most groups do that these days, which is why you read about "allowing the file in your antivirus" in the NFO files, well this kind of obfuscation can trigger false positives in scanners.
Alright, fair enough.

Thanks for the clarification.

"tR@Nce is nOT JusT mUsIK, iTs A wAy oF lIFe... ITWT"
________
R@x
Back to top
sabin1981
Mostly Cursed



Posts: 87805
PostPosted: Mon, 2nd Sep 2013 04:09    Post subject:
No worries Smile
Back to top
Page 1 of 1 All times are GMT + 1 Hour
NFOHump.com Forum Index - PC Game Dox
Signature/Avatar nuking: none (can be changed in your profile)  


Display posts from previous:   

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group