Search the Community
Showing results for tags 'gmod ransomware'.
Malwarebytes Version: 188.8.131.529 Component Package Version: 1.0.103 Update Package Version: 1.0.1793 I use Malwarebytes premium. So, as you may or may not know Garry's Mod is a sandbox game on steam. I am having an issue where when I join servers sometimes the game will crash in the loading screen and Malwarebytes will mark the file as ransomware. Sometimes it states that it is chrome.exe and sometimes it states that it is the HL2.exe process itself located in the Garry's Mod folder. (Which makes sense as many Media player addons use a chromium base as far as I am aware.) I think the anti ransomware component in the Malwarebytes client may be seeing the file encryption system the addons use as malicious, though I am not an expert. For some reason, after being "detected" none of these files actually end up in a quarantine: this is one of the reasons I believe this is a false positive. Also, I have been playing this game for a really really long time and never had any issues whatsoever so I am honestly just looking for a bit of clarity. It's hard to get the exact file path for the problematic component because as I stated none of these files ever end up in the quarantine zone. The one time I fully caught the detection, it stated it was detected as "malware.ransom.agent.generic". Every time I scan after this happens nothing EVER comes up as a detection, this only happens in real time when joining servers. EDIT - Also, after this happens the game exe switches icons to the default exe icon from the game one and refuses to be edited (deleted or anything) so I have to revalidate the file through steam to set it back to normal. I think malwarebytes may be damaging the exe when it force stops it. *Just to clarify, all addons were acquired through the steam workshop or in game FastDL, I do not download from untrusted sources and am usually very careful about downloading ANYTHING. I posted here because I am kinda paranoid and want to know whether it's time for me to format and accept this as a real issue or getting the peace of mind that this is genuinely a false positive. If there are any formatting issues feel free to let me know as I don't post here very much although I do use this product frequently.