Jump to content

Possible false positive in Delta Copy installed with Unreal Engine


Recommended Posts


A full scan flagged DeltaC.exe as Spyware.PasswordStealer this morning. It's part of an install of DeltaCopy which was bundled with Unreal Engine. The timestamps on the file and its neighbors are from the date of install in June of 2020. VirusTotal says this file was first scanned in 2009, and what I was able to find online says that Unreal Engine uses a very old version of DeltaCopy, so it seems as though this file has not been modified on my machine since installation, unless whatever was installed last year was replaced by this version from 2009, but it seems like that's not very likely. I did find a mention on a forum that this old version of DeltaCopy had some security vulnerabilities and other issues, and that users who were having trouble with it should consider manually installing the up to date version, but that's the only association I've found between it and malware.

As for VirusTotal, the result is here: https://www.virustotal.com/gui/file/29ec474e4171d1ce251d921ec94c732fa954a071ed65a515e6b78aefb831b5b7/detection.

One engine in VirusTotal flagged it as a generic detection. I understand that the VT and commercial versions of Malwarebytes are different, but I did note that VT's Malwarebytes didn't flag this file even on a rescan.

I've uploaded the file and the log. I think the log says no user action was taken because I saved the log before quarantining. I first made a copy of the file to a folder on my desktop, which is what I've attached. My machine froze during restart, so I powered it off and back on. The file was gone from the directory when Windows came back up and Malwarebytes now says the file is in quarantine.

In summary, it appears this executable has been on my machine, unmodified, for almost a year but only got flagged by MB this morning, despite my habit of running full scans with MB at least every week. I can't find anything online confirming whether it's malicious or not. To my knowledge I don't use the file, and since it's out of date I'm content to leave it in quarantine even if it is a false positive. That said, I'd like to confirm whether I can safely disregard the detection, or if I should start changing all my passwords.



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.