JorgeBon

Uploaded the log. log.txt

Hi, here's another false positive I believe. Unfortunately though the file is very big since it's a game and I think these are the hashes for it. The game is 1,2 GB so I can't upload it here or on virustotal. 7D6E321386DDA9304E3D252A 2E872B008CFF6C88953BC10AC65A6586 5BDA5722E10FE0B8C56C091E00BC1E572C2873C3040B2B3B806D9B05FC8B2333 Probably not that helpful but that's the best I could find and unfortunately they took this version down from Game Jolt I believe or made it rather hard to access. https://gamejolt.com/games/OblitusCasa/356260 Otherwise I feel a little stuck on how I can provide the exe.

Hey, i can safely assume that this is a false positive? https://www.virustotal.com/gui/file/8169742b2a5e36ca064a6249441f88ed71e5522514749e42df19e9d1b2d62a0a Malwarebytes picked this up from the software and soon after it was marked on virustotal.

Definitely has helped me feel less paranoid about this, especially the submission for whitelisting.

Yeah fair enough, wasn't really sure if this would be the right place to post this or not as its speculations, I usually don't mind DRM or packers myself but it did make me a bit anxious that it seemed rather obscure and the whole fearmongering happening in the steam forums. Just wish that someone could put a proper end to the discussion if this is really harmful or not.

Hello Research Center, i was redirected to post here instead. First things first, its not confirmed if these are malicious but I thought that someone with expertise could perhaps confirm if this software does any actual harm. The Steam forums have been however very active lately about this issue, the main issue was that Capcom pushed this onto consumers with no warnings on old games, and to make matters worse, the company that made "The Enigma Protector" is sketchy as the company supposedly doesn't exist. Apparently this has been put into the exe files of the 5th and supposedly the 6th Resident Evil games. Resident Evil 5 https://www.virustotal.com/gui/file/751726f0ec8bd01c00b037af8ae64cdf0bc5cc5b9025f3f4d782ef6f66e04e26 Resident Evil 6 https://www.virustotal.com/gui/file/7d30dfd5f04b8090a41f0586e7c27d676d2bb0fbeae9c17632574bb13e1ad4f6 Now the issue why people are very paranoid about this is that there's this exe file which had the Enigma Protector and it triggered several AV engines including Malwarebytes, I however can't figure out if its tied to Capcom but it was brought up multiple times in the forums. https://www.virustotal.com/gui/file/036d4530677bfbb14f8dc7476b88038aca5a1f9079bdef01a709ca0e560fb022 This could also very well just be blown out of proportion, but I unfortunately lack the skills to do a thorough investigation myself on this matter, what triggered this news to spread was when Capcom tried to implement this in Resident Evil Revelations but screwed up and made people notice. They have reverted the update for this game, however it is still in the other games.

Hello, Can I just first ask if theres a better place to post single file detections from other programs/sites? I'm mostly concerned and only need someone who is better at this to check the file to determine if its safe. Please move this thread if its wrong and tell me so i can do so next time. I may be very paranoid this time but I just got so blown away that it even got detected in the first place, mostly these files are for a game and were always marked as clean, even bigger files than this. Its one detection on virustotal and I know, its not that concerning normally but I guess since every other file seemed fine, this just really catched me off guard, I even tried to check it myself, its actually a packed file with more stuff in it but it really only contains very basic coding, doom image files, audio and map files, at least from what I have seen but then again I lose focus a lot. https://www.virustotal.com/gui/file/a48e26f56f347ed5a11a4fc2497779623ee9e96042772501f8e0e873c763c142?nocache=1 Theres a program called "Slade" which I used to check this file, its made for doom modding so I don't know if it shows every possible file or if you can hide stuff in there. Thanks, and sorry for being paranoid. KR_RetroRacersPack_V2.0.zip

I think this is a false positive. https://www.virustotal.com/gui/file/6482ad02e3edb2cdcd8e62148e9c2959debeb10c453e9cca9228f5b8d7e9d0fb/detection It's a game called Prison Architect and one of the exe files is being flagged as "Malware.Heuristic.1003" Cheers

I believe everything is now fine, thank you for your help.

After switching to safe mode and emptying the temp files, it seems to have fixed the issue? A new file was created which was named "msedge_installer.log" or something and so far I haven't gotten any new mat-debug or db.ses files. The only temp file that keeps getting created now is StructuredQuery.log, which is probably the most normal this system has been, I've had these created for a long while now.

It seems that office is the one that creates these files, as soon as i launched it, it created a mat-debug and db.ses file. Curious on why this seems to create these files every minute interval though.

I think this is something that just writes down your session of sorts. At least it doesn't seem malicious. Just wondering about db.ses and mat-debug now, I don't know if db.ses and .ses are different files but they seem to contain the same content.

There are also posts that say that this is connected to the EdgeUpdate.exe in C:\Program Files (x86)\Microsoft. This feels very ambiguous in terms of what could cause this. Edit: Nevermind the folder is called EdgeUpdate, and not the exe. I noticed that the folder is renamed to EdgeUpdate2, which I think I did a good while ago so I will try to rename it back to its original name.

The part about the .ses file containing the ID and stuff looks exactly what I have, but I don't think this is exactly related to some exploit, especially not with edge, I barely used the browser, the only time I used it today is to get firefox back. The second post mentions about going into safe mode and emptying the temp folder, I think I did that once some ages ago, I'm not sure if I did, but I think it actually helped making it stop creating these files, all that remained were .ses files. The third post has the most closest to what my symptoms are, its exactly like that. I suppose I don't think this is some sort of malware attack. Anyway, I restarted the system after the scans we did and haven't got any files created for a while now, it might still appear though, sometimes its sorta late for some reason.

Quite surprised as you are, at least that issue got solved quick before it turned into an headache. Everything is fine now except that I'm still wondering what these mat-debug logs are, they keep getting created after this backup issue happened. Same with db.ses files getting created.