Jump to content
hexaae

Rom patches

Recommended Posts

Gameboy emulator rom patches (unofficial game translation) detected as malware, attached.

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 19/11/19
Ora scansione: 11:22
File di log: 84854d60-0ab6-11ea-b7f6-0c9d92a56fd0.json

-Informazioni software-
Versione: 4.0.4.49
Versione componenti: 1.0.718
Aggiorna versione pacchetto: 1.0.15130
Licenza: Premium

-Informazioni sistema-
SO: Windows 10 (Build 18362.476)
CPU: x64
File system: NTFS
Utente: LAPTOP-DVK1QFAS\Luca

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 315814
Minacce rilevate: 3
Minacce messe in quarantena: 0
Tempo impiegato: 3 min, 8 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 3
Generic.Malware/Suspicious, C:\$RECYCLE.BIN\S-1-5-21-2197210833-2190798041-2317798482-1002\$RPWM90S\SNC-ZDX1.EXE, Nessuna azione intrapresa, 0, 392686, 1.0.15130, , shuriken, 
Generic.Malware/Suspicious, C:\$RECYCLE.BIN\S-1-5-21-2197210833-2190798041-2317798482-1002\$RBYB949\SNC-ZDX1.EXE, Nessuna azione intrapresa, 0, 392686, 1.0.15130, , shuriken, 
Generic.Malware/Suspicious, C:\USERS\LUCA\DOWNLOADS\ITPCH_ZELDA_DX_V10.ZIP, Nessuna azione intrapresa, 0, 392686, 1.0.15130, , shuriken, 

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)


(end)

itpch_zelda_dx_v10.zip

Share this post


Link to post
Share on other sites

Hi,

While this isn't malicious by itself, it's a patchtool which is always a risk as it might lower the default programs security settings.

So always be careful with these.

Share this post


Link to post
Share on other sites

A patchtool which is safe to use shouldn't be considered Suspicious: it depends on what you patch and with what kind of patch. With this principle a lot of safe tools by themselves could be incorrectly detected as potential malware, including a simple line command to hex-modify files.

Wrong approach IMHO.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.