Jump to content

3d game engine client - false positive


Go to solution Solved by thisisu,

Recommended Posts

Just now, Yakov5776 said:

The issue persists on other people's machines. (I can't make them disable custom heuristics !)

It will get whitelisted soon by staff. I was not aware this is your game and not just something on your computer.

Link to post
Share on other sites

On 7/29/2022 at 1:26 PM, thisisu said:

Hello,

This has been fixed. Thank you for reporting

This has not been fixed.

 

I just scanned the same file (SHA256: 9431744BA3F513459848A78BDAD00A2659C6BF2B3548C38E32901169FA0EFC60) and the detection persists.

I have reuploaded the zip with all the misc dlls required for runtime. (although it's only the exe which yields the detection)

rat16.zip

Link to post
Share on other sites

  • Staff

Hi,

There might be a caching issue. Can you perform the following steps please and see if that helps? The same file is still whitelisted.

  1. Totally exit/shutdown Malwarebytes.
  2. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService
  3. Delete the following file only: hubblecache
  4. Then you can restart MBAM and the cache file will rebuild on the next scan.
Link to post
Share on other sites

5 minutes ago, thisisu said:

The same file is still whitelisted.

It is still detected even deleting the hubble cache.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/5/22
Scan Time: 4:37 PM
Log File: dfdc53ae-1506-11ed-9040-4439c43a4aa3.json

-Software Information-
Version: 4.5.13.208
Components Version: 1.0.1740
Update Package Version: 1.0.58227
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1826)
CPU: x64
File System: NTFS
User: I7-PC\SAPC

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 847
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 14 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Heuristic.1001, C:\MALWARE TEST NO WD\RAT16\RAT16.EXE, No Action By User, 1000001, 0, 1.0.58227, 0000000000000000000003E9, dds, 01890424, 22CB9A0BA38870622C4B5D5AB7D7262D, 9431744BA3F513459848A78BDAD00A2659C6BF2B3548C38E32901169FA0EFC60

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Staff
4 minutes ago, Yakov5776 said:

I've performed a cache purge and tried analyzing it with VirusTotal but the detections still persist.

Are you having an issue with it being detected locally as well? Or are you only referring to VirusTotal?

Sorry for this issue, I'm not sure what's going on yet. I've been unable to reproduce further detections

Link to post
Share on other sites

4 minutes ago, thisisu said:

Are you having an issue with it being detected locally as well? Or are you only referring to VirusTotal?

Sorry for this issue, I'm not sure what's going on yet. I've been unable to reproduce further detections

Both. I have deleted HubbleCache and I still receive the false positive.

-Log Details-
Scan Date: 8/5/22
Scan Time: 6:08 PM
Log File: 194eb6dc-150b-11ed-9746-00ff511798ea.json

-Software Information-
Version: 4.5.12.204
Components Version: 1.0.1725
Update Package Version: 1.0.58227
License: Trial

-System Information-
OS: Windows 11 (Build 22000.795)
CPU: x64
File System: NTFS
User: YakovPC\

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 1
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 21 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Heuristic.1001, C:\USERS\YAKOVPC\APPDATA\LOCAL\RAT16\RAT16.EXE, No Action By User, 1000001, 0, 1.0.58227, 0000000000000000000003E9, dds, 01890424, 22CB9A0BA38870622C4B5D5AB7D7262D, 9431744BA3F513459848A78BDAD00A2659C6BF2B3548C38E32901169FA0EFC60

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

1 minute ago, thisisu said:

Hi, by any chance do you have the "Use expert system algorithms to identify malicious files" toggled on?

image.png.78443823cc26c4c3ab1488c708f49807.png

If so, this may have been a Shuriken detection instead. I've tried fixing(whitelisting) it within this engine too. Can you let me know if that helps?

Yes it was enabled. the false positive is no longer present, Thank you !!! :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.