Orion Star God Feb 2, 2013 @ 7:38am
Community Pach Warning!
Recently noticed some performance issues, so ran Malwarebytes (full scan, not quick) and it identified the sacred 2 community patch updater as ADWARE.KRADDARE, a korean malware program that inserts ads as internet popups and can cause data theft. Also, the uninstall for the community patch doesn't work, just gives a missing file error message.
Last edited by Orion Star God; Feb 2, 2013 @ 5:32pm
Showing 1-15 of 26 comments
< >
Orion Star God Feb 2, 2013 @ 7:41am 
This is in regards to the community patch linked here on the forums (from the deep silver rep). This could be a false positive, but with the uninstaller not working, I don't think so.
JJ4prez Feb 2, 2013 @ 11:54am 
I remember installing this on disk back in the day when it first came out. I uninstalled it and got rid of the spyware? Why on earth does Steam sell something that has this in it?
Elgar Feb 2, 2013 @ 12:35pm 
Originally posted by JJ:
I remember installing this on disk back in the day when it first came out. I uninstalled it and got rid of the spyware? Why on earth does Steam sell something that has this in it?

Did you read the second post? Read it again, please. ;)
Siddha Feb 2, 2013 @ 1:41pm 
I have the community patch installed; and no pop-ups or suspicious activity.....so?
ysne58 Feb 2, 2013 @ 8:57pm 
The people over at Dark Matters are trying to look into this issue. Orion, could you please post the link where you found the patch? So far every link they have checked is checking out fine.
Nidhoggr Feb 2, 2013 @ 9:01pm 
Well I can say that the uninstaller works for me. I do recall a missing file prompt when installing and I may have gotten that when I uninstalled it as well. I haven't noticed any performance issues with it installed.
Orion Star God Feb 2, 2013 @ 9:05pm 
http://xmas.ancaria.net/patches/cm-patch0140hf.zip
in professor pew's posting http://steamcommunity.com/app/225640/discussions/0/846941710563752357/

I had to uninstall manually, as it gave me a missing file prompt and failed to initialize. This may have been because malwarebytes quarentined(sp?) the file, but that was only the updater, so I don't see how that would stop the uninstaller from even starting.
As I said earlier, it could be a false positive, but there is some information about this on a russian site stating the same problems I was having, with the same results.
Last edited by Orion Star God; Feb 2, 2013 @ 9:11pm
ysne58 Feb 2, 2013 @ 9:12pm 
I'lve posted that info over on the Dark Matters forums. The best place to get that patch is the link in the first post in this thread.

http://darkmatters.org/forums/index.php?/topic/20458-the-new-sacred-2-cm-patch-now-available-for-ice-blood/
Orion Star God Feb 2, 2013 @ 9:15pm 
Thanks ysne58. Not trying to stir up any problems, just wanted to give people a heads up.
ysne58 Feb 3, 2013 @ 6:48am 
I don't know where/how you got the virus, but it wasn't from within the downloaded content of the patch. You can see the discussion on this over at Dark Matters in this thread:

http://darkmatters.org/forums/index.php?/topic/20943-virus-in-the-140-version-of-community-patch/
TitaniumExile Feb 3, 2013 @ 7:16am 
I got S2 gold + 140 w/o malware. I've thinking about it and the problem could be that he had malware on his pc w/o knowing (it happens all the time) and it infected the patch (while dl'ing or something) and it detected it when it got infected.

Just my idea about the problem though
Nidhoggr Feb 3, 2013 @ 8:04am 
Okay, so I just tried to install the 140hf which I did not have before, I only had the 130 community patch. Upon installing, my Avast! Antivirus detected the file "diff_000126.dif" as WIN32:Malware-gen. I did not have any malware, viruses, spyware or anything on my PC, so I believe that there is something within the 140hf that is triggering this.
Orion Star God Feb 3, 2013 @ 9:25am 
Yeah, no malware before, none after. It was from the patch (updater). And it is not a virus issue. Its malware (adware or spyware) to be exact. The Kraddare ware can cause system instability and data theft, but can not infect other files as some virus do. Whatever it was started and ended with the community patch.
That is If it was even there at all. Could be a false positive. Malwarebytes is one of the best detection programs though. THe thing with mods and such is that there is a lot of detection software that sees them as an intrusion.
Last edited by Orion Star God; Feb 3, 2013 @ 11:29am
Nidhoggr Feb 3, 2013 @ 10:08am 
Just tried to install the 140hf again. Same result, same file flagged as malware. However, I'm going to give it the benefit of the doubt and report it as a false positive. It would not be the first time I've seen Avast! act up in this manner for a false positive. Hence why they provide an action to report one. If I notice anything weird I'll report back.
Nidhoggr Feb 3, 2013 @ 10:23am 
I extracted the file and ran it through a meta scanner. Here are the results. Only 5 obscure scanners detected it as a threat...

https://www.metascan-online.com/en/scanresult/file/5164c9e329814dee8659824724c959a2
Showing 1-15 of 26 comments
< >
Per page: 15 30 50
Date Posted: Feb 2, 2013 @ 7:38am
Posts: 26