Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: Lazy Newb Pack Trojan?  (Read 6408 times)

maciginc

  • Escaped Lunatic
    • View Profile
Lazy Newb Pack Trojan?
« on: August 04, 2016, 08:09:40 pm »

I just installed the most up to date Lazy Newb Pack and unzipped it and such and such to only be met with the message that everything I just installed is a Trojan? Is this known? Is my Windows Defender going crazy? Or do I have a right to be wary?
Logged

George_Chickens

  • Bay Watcher
  • Ghosts are stored in the balls.
    • View Profile
Re: Lazy Newb Pack Trojan?
« Reply #1 on: August 04, 2016, 08:13:26 pm »

Windows Defender sucks big balls, so it's most likely a false positive. Upload that stuff to Virustotal and tell us the results.
Logged
Ghosts are stored in the balls?[/quote]
also George_Chickens quit fucking my sister

Putnam

  • Bay Watcher
  • DAT WIZARD
    • View Profile
Re: Lazy Newb Pack Trojan?
« Reply #2 on: August 05, 2016, 02:06:32 am »

It's a very well known false positive. I wouldn't bother with virustotal, it's been done multiple times.

BorkBorkGoesTheCode

  • Bay Watcher
    • View Profile
Re: Lazy Newb Pack Trojan?
« Reply #3 on: August 05, 2016, 02:07:14 am »

Link to the test?
Logged
https://en.wikipedia.org/wiki/The_Treachery_of_Images

Believe nothing you hear. Or everything. Have fun. Love when?

I frequently use PMs to contact people if I think they would miss a post in the deluge.

shadus

  • Bay Watcher
    • View Profile
Re: Lazy Newb Pack Trojan?
« Reply #4 on: September 02, 2016, 03:50:29 pm »

My system is detecting them as Win32/Rundas!Plock

I submitted it to microsoft as "likely not malware" and re-ran the tests on virustotal with the current version for both DwarfMockup-1.2.0.exe & WindowAnnouncement.exe (Both detected by Windows Defender as viruses.) 

Links to the virus total analysis here:

https://www.virustotal.com/en/file/6e126556a8560f36d7883d42bb3607b24b733e321cb35f70fe3238956c2e59ea/analysis/1472848159/  (DwarfMockup)

https://www.virustotal.com/en/file/b5a1da567ba815614067b60d8272f4f5062f389045c29b5bfeeb734c980169cd/analysis/1472848618/ (AnnouncementWindow)

If you google around for that particular detection you will see windows defender finding it as a false positive on literally dozens of different programs some by major software companies who tell users "this is why we recommend disabling anti-virus before install, disregard it, microsoft will update it soon, this is normal for new products."  Hopefully my submission directly to microsoft will get them around to removing it.  Likely this is being detected as a "behaves like a virus" because of how it's hooking another applications code in memory. 

Shrug, after reading what it accesses, seeing the majority of scanners don't see it as a virus and it's been detected as a false positive by microsoft for more than 9 months but lacking reports that it actually is a virus... and seeing it not creating files this virus type is known for creating... I'm inclined to disregard it and consider it safe. 

Ymmv.



Edit: It might be good for the author/s to contact the scanners that are giving a false positive and see if they can get removed.
Edit: Spoiler tags, because holy huge graphics batman.
« Last Edit: September 02, 2016, 04:03:37 pm by shadus »
Logged

jecowa

  • Bay Watcher
    • View Profile
Re: Lazy Newb Pack Trojan?
« Reply #5 on: September 02, 2016, 08:13:01 pm »

You can add a "width" parameter to the image tag to make it a little smaller.

Using this:
Code: [Select]
[spoiler][img width=900]http://i.imgur.com/YS9LQPn.png[/img][/spoiler]

[spoiler][img width=900]http://i.imgur.com/58CfbrV.png[/img][/spoiler]

Will give you this:
Spoiler (click to show/hide)

Spoiler (click to show/hide)
Logged