greatday Posted June 8, 2017 ID:1134161 Share Posted June 8, 2017 This exe file are detected as a virus and I think is a false one can you check it for me? This exe is used to run a game. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/8/17 Scan Time: 9:57 PM Logfile: ss.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.2113 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: HP-PC\HP -Scan Summary- Scan Type: Custom Scan Result: Cancelled Objects Scanned: 126578 Time Elapsed: 45 min, 5 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 Trojan.Crypt, C:\USERS\HP\APPDATA\LOCAL\COMODO\CHROMODO\USER DATA\DEFAULT\FILE SYSTEM\022\T\00\00000002, No Action By User, [29], [397378],1.0.2113 Trojan.Crypt, C:\USERS\HP\DOWNLOADS\ELLINIA.EXE, No Action By User, [29], [397378],1.0.2113 Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
greatday Posted June 8, 2017 Author ID:1134186 Share Posted June 8, 2017 I cannot upload those files here so I just put a link here. https://www.mediafire.com/folder/i3193wytbhsv1/Documents Thanks. Link to post Share on other sites More sharing options...
greatday Posted June 9, 2017 Author ID:1134209 Share Posted June 9, 2017 positive false virus.rar Link to post Share on other sites More sharing options...
Staff shadowwar Posted June 9, 2017 Staff ID:1134217 Share Posted June 9, 2017 This does not seem to be a false positive. https://www.virustotal.com/en/file/3b5c26c1a1e29a6d0943a3e0b7aa5bcd2e8effcd276b9b97b79ee2a24a3e4a9a/analysis/ Also multiple versions of this are all flagged bad also: https://www.virustotal.com/en/file/59ae28d1e10f4578e32d4fc784015b20b2580a6e2b4f6d913baa5b5b89e77923/analysis/ https://www.virustotal.com/en/file/3b5c26c1a1e29a6d0943a3e0b7aa5bcd2e8effcd276b9b97b79ee2a24a3e4a9a/analysis/ Link to post Share on other sites More sharing options...
greatday Posted June 9, 2017 Author ID:1134229 Share Posted June 9, 2017 (edited) Then if this is actually a real virus then thousands of people that playing "ellinia maplestory" are exposed their sensitive information. The problem is I cannot delete this .exe file, because my brother is playing that game, and this .exe file open a launcher process to open the game itself. So in other words I'm depends on him. By thy way I do have extremely important information on my computer, is it value to over 450$ and a lot of time put on it. I just thought if you can double check it (you know looking deeply into it). If it is a real virus so I'm risking my data. Thanks if you can do. Edited June 9, 2017 by greatday Link to post Share on other sites More sharing options...
Staff miekiemoes Posted June 9, 2017 Staff ID:1134246 Share Posted June 9, 2017 Hi, This isn't a virus, but rather Riskware - as it seems this one runs a bitcoin miner with its launcher, even when the game is closed. On top, it's highly obfusticated, which triggers generic detections by most Antivirus - so my suggestion is to be careful here and always make sure the launcher is closed after you close the game. You can find more info here as well: https://ellinia.net/index.php?threads/ellinia-exe-32-cpu-usage-100.12131/ Link to post Share on other sites More sharing options...
greatday Posted June 9, 2017 Author ID:1134341 Share Posted June 9, 2017 10 hours ago, miekiemoes said: Hi, This isn't a virus, but rather Riskware - as it seems this one runs a bitcoin miner with its launcher, even when the game is closed. On top, it's highly obfusticated, which triggers generic detections by most Antivirus - so my suggestion is to be careful here and always make sure the launcher is closed after you close the game. You can find more info here as well: https://ellinia.net/index.php?threads/ellinia-exe-32-cpu-usage-100.12131/ So those greedy douche-bags staff are stealing from players thousands of them maybe even tens of thousands every day. Even they have a donations option to help their server out and refund like protections of DDOS attack, server storage, etc. I also checked it myself if they use any GPU load percent, and it seems it only take from the CPU 25 percent (worth of my power CPU) to my i5-3550 CPU 3.30 GHz, I do have 4 processors so it take entire 1 processor for this client for himself (That's a lot) to think they do it for every player it sure make them rich. The only option to prevent this and keep playing that game without the Riskware, is if I or somebody else modified this software code and delete the part of bitcoin miner. (but still let you access to the game). Thanks a lot by the way I should've find it out by myself but I wasn't looked deeply enough and was very sleepy at that time. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now