I can try malwarebytes scan if it helps. I have installed the mod.

I don't think doing virus scans will help, because this is probably running undetected to most AV.

Part of the virustotal process tree says it does this;
3556 - C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\attachment.dll"
4004 - C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5892 -s 356
2980 - %windir%\system32\wbem\wmiprvse.exe
3468 - C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\attachment.dll,gluBeginSurface

It's possible that the .dll included with the mod is injecting malware into werfault (windows error reporting service), the process is described here - https://resources.infosecinstitute.com/topic/fileless-windows-error-reporting-wer-malware-attack-technical-overview-and-walkthrough/

idk, i don’t think that this devs are scammers or something

glu32.dll is related to opengl (lives in C:\windows\system32) and has nothing to do with Last Year and isn't required for the mod to run, but comes with the mod. I got banned for asking why it was included and encrypted in their Discord. It sounds like a scam to me.

I'd recommend anyone running this mod to delete that file from their Last Year folder, then open Command Prompt as Administrator and execute the command;

sfc /scannow

and then restart their computer to make sure no Windows files were compromised.

It’s sus

When I asked what the the file did they replied with "We can't go into detail because it's confidential information." Like bro my antivirus is picking it up and the game seemingly works without it so tf does it do. If it is actually a Trojan or something then that is scummy. Especially since I and many others were looking forward to playing Last Year again.

Originally posted by I throw shack pallet:

When I asked what the the file did they replied with "We can't go into detail because it's confidential information." Like bro my antivirus is picking it up and the game seemingly works without it so tf does it do. If it is actually a Trojan or something then that is scummy. Especially since I and many others were looking forward to playing Last Year again.

So should i delete that file and play without it?

Originally posted by Dejwosk CZ:

Originally posted by I throw shack pallet:

When I asked what the the file did they replied with "We can't go into detail because it's confidential information." Like bro my antivirus is picking it up and the game seemingly works without it so tf does it do. If it is actually a Trojan or something then that is scummy. Especially since I and many others were looking forward to playing Last Year again.

So should i delete that file and play without it?

No clue.

glu32.dll can be a false positive when it comes to virus scanners. OpenGL is a part of the UnrealEngine which is what the game is made with. OpenGL DOES have something to do with Last Year but only because UnrealEngine and OpenGL are packaged together.

You forgot to mention how you made it a point that they were being malicious because they were Russian in the server, and that's a big reason you got banned. Not all Russian coders are evil.

glu32.dll can be a false positive when it comes to virus scanners. OpenGL is a part of the UnrealEngine which is what the game is made with. OpenGL DOES have something to do with Last Year but only because UnrealEngine and OpenGL are packaged together.

This file does not natively come with Last Year and does not actually appear to be related to glu32.dll functionality and it appears to be named such as a red herring. The real glu32.dll does not scan as a false positive from any scanner, it is a file that is in your operating system's system32 folder by default.

The reason the unofficial mod glu32.dll shows up as a hit on certain antiviruses is likely because of how they are encrypting it (so what it is doing can remain a mystery), but the file has nothing to do with a legitimate glu32.dll. The fact that they had to lie about what the file is makes what it could be doing that much more concerning.

Before the release of the mod, I asked the developers if the .PAK files they were distributing would be encrypted and they ensured me they would be to prevent cheating (oddly, they are actually not encrypted and contain the new menus and textures and some game scripts).

However, the devs/moderators made no mention of including a .dll file with the package, likely because they know it would raise suspicions. This .dll file seemingly has nothing to do with any of the textures or menus that come with the mod because those live in the .PAK file -- the mod seemingly works without the .dll file and the game simply throws an easyanticheat failure warning without it, so what is the purpose?

Originally posted by Dirty Daniel:

You forgot to mention how you made it a point that they were being malicious because they were Russian in the server, and that's a big reason you got banned. Not all Russian coders are evil.

I didn't imply that being Russian means they are malicious. I was asked if I have a problem with Russians or Ukrainians and I said no, I have a problem running closed source binaries on my computer that appear as threats from multiple malware scanners. After that I was banned from the Last Year Resurrected Discord.

One of the moderators in the Discord said he had to contract someone else to make the mod, which is all fine and dandy, but I don't know these people and neither does most of the Last Year community that are going to be running these files -- these people have no online presence and little in the way of public credentials (no legitimate public facing github account, etc). The files are closed source and could be doing anything to the end user's computer.

Having little to no internet presence outside of their Discord handles and distributing closed binaries while living in Russia does mean that if they were to distribute crypted malware or infringe on copyrighted material originating from the United States, however, they likely would not face repercussion by law and have little to worry about.

If not malicious, it is possible they are infringing on some kind of code (Steam API, EasyAntiCheat, Last Year's code, etc) by keeping the code obfuscated and under wraps.

Originally posted by Tony Soprano:

Got banned from their Discord for asking why the mod comes with a closed source and encrypted .dll file. The weird thing is, the game seems to play fine and connect to the other servers when you don't have the .dll file present in the folder, so I'm not sure what the purpose is.

https://www.virustotal.com/gui/file/cea12510563f69ce1cbd23efcd4f5ef49cc076452abc2d51edc94c2833e5c4ed

This is the results of a scan of the file. No clue what it is doing, but the file is definitely capable of some system level stuff outside of the game - it pops up with a Windows message box saying who made the mod and a link to their discord when you launch it. They claimed the virustotal link is a false positive, but there's no way to really know for sure.

@dude asks a reasonable question providing proofs
@his tred gets a steam clown reward

those 300 IQ forum boys...
Though I don't think it is really malicious or something; there is no point of doing so. It is just irrational

You're entire argument is based of a single false virus scan. We, the people who have been working on the project, tried explaining why this is a false claim but you are too ignorant to understand and listen. Thats why you were banned, you keep spreading false info and making users afraid to try out the mod.

Originally posted by Craft_Pig:

You're entire argument is based of a single false virus scan. We, the people who have been working on the project, tried explaining why this is a false claim but you are too ignorant to understand and listen. Thats why you were banned, you keep spreading false info and making users afraid to try out the mod.

You haven't explained at all. You said "false positive", which itself is not an explanation.

Not explained:
- Why the file is a false positive (the file is not the true openGL dll is it named to be, so saying it is due to openGL is not an answer)
- Why the file is encrypted with something that hides from disassemblers and VMs
- Why you chose to name the file the same as a legitimate file which it is not? Anyone that is actually looking to cheat will look in all files contained in the mod, so it can't be to counteract cheaters
- Why the mod seemingly works fine without the dll

Instead of getting those answers and putting my mind and the community's mind at rest, I was told like the other person in this topic was told; "We can't go into detail because it's confidential information.". I was banned when I asked more questions.

The team's entire argument is based off of one what someone who spreads malware would say ("don't worry, it's a false positive" and "it's a secret") and they have nothing else - and that is why I will not endorse this mod. Saying it's a false positive is not proof in itself - that statement effectively means nothing.

Having a burden of proof is something you want when you're trying to bring back a game which was delisted from Steam and already has a finite amount of players which are interested. Especially when the game is region locked to certain download servers on Steam, limiting lobby visibility -- people already have a hard time finding games due to the region lock if the game was in a functional state. Instead of releasing open source tools to make the game playable again, you release something that is coming up as potentially malicious and then telling users not to worry about it, despite it being made by developers with no credible or public facing programmer digital footprint or reputation.

If this was about anti-cheat, it would be so much easier to build a tool that finds who is connecting to a user's peer to peer game and block them from connecting in WIndows firewall or the HOSTs file. So is this really about a bad anti-cheat implementation? If so, what is the point when the mod works without the DLL?

So that leaves two probabilities in my mind; malware or something else the developers don't want the public knowing (theft of code, an exploitation of Steam API to make the game work online again in a peer to peer fashion, etc).

Either way, dishonesty doesn't go very far and there's been multiple examples of dishonesty coming from the mod team.

Originally posted by Craft_Pig:

You're entire argument is based of a single false virus scan. We, the people who have been working on the project, tried explaining why this is a false claim but you are too ignorant to understand and listen. Thats why you were banned, you keep spreading false info and making users afraid to try out the mod.

It’s true that some virus scans are false, especially in mods or something