Uninstalled due to Virus Detection in Updates :: DCS World Steam Edition General Discussions

Store Page

DCS World Steam Edition

All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

DCS World Steam Edition > General Discussions > Topic Details

That Goth Guy has DCS World Steam Edition

Feb 22, 2024 @ 7:40am

Uninstalled due to Virus Detection in Updates

ESET states that Flight.dll and Scripting.dll contain a variant of Win64/Packed.VMProtect.AC
This is preventing the game from updating!
I have therefore uninstalled the game!

A little research shows this happens if a file is protected with VMProtect and has an invalid digital signature so I'm sure it's something the Developers can and should fix.

< >

Showing 1-15 of 30 comments

Troll Norris has DCS World Steam Edition

Feb 22, 2024 @ 7:45am

Most often it is false positive. There is not possible to detect any virus because all data are encrypted. So the antivirus software can not see what is inside because it can not decrypt those.

SSerponi76 has DCS World Steam Edition

Feb 22, 2024 @ 7:46am

100% false positive.
Add an exception to your Anti-virus for DCS

That Goth Guy has DCS World Steam Edition

Feb 22, 2024 @ 8:05am

I agree it's probably a false positive but it's caused by an incorrectly signed .dll file and I'm not making an exception when it shouldn't happen.

Tom

Feb 22, 2024 @ 8:28am

I have seen two dlls so far, the edCore.dll and the flight.dll

bignewy [developer] Feb 22, 2024 @ 12:05pm

They are most likely false positives but I suggest you submit the files to your security provider for checking.

Roadrunner has DCS World Steam Edition

Feb 22, 2024 @ 1:08pm

i uninstalled due to virus detection in update file. Hidden on an external disk. steamapps\downloading\223750\bin-mt\edCore.dll.file: Trojan:Win32/Wacatac.B!ml. could be coincidence? its a particularly nasty virus. Might be worth checking all the same.

Last edited by Roadrunner; Feb 22, 2024 @ 1:09pm

Franz Makamele has DCS World Steam Edition

Feb 22, 2024 @ 1:30pm

On the beta branch those files are detected as malware:
bin-mt\WorldGeneral.dll
bin\WorldGeneral.dll
bin-mt\edterrain4.dll
bin-mt\Scripting.dll
bin\Flight.dll

I'm not taking a risk and cancelling update until devs will sign those files again.

Edit:

I see that there was similar story with bin\WorldGeneral.dll on previous update (December)

Last edited by Franz Makamele; Feb 22, 2024 @ 1:33pm

bignewy [developer] Feb 22, 2024 @ 1:30pm

Originally posted by davidrobertson00:
i uninstalled due to virus detection in update file. Hidden on an external disk. steamapps\downloading\223750\bin-mt\edCore.dll.file: Trojan:Win32/Wacatac.B!ml. could be coincidence? its a particularly nasty virus. Might be worth checking all the same.

you need to supply the quarantined file to your provider for checking, we are not getting it with our antivirus checks. It is most likely a false positive due to encryption

Last edited by bignewy; Feb 22, 2024 @ 1:31pm

Troll Norris has DCS World Steam Edition

Feb 22, 2024 @ 1:33pm

I have no virus warning. MS defender, windows 11

Franz Makamele has DCS World Steam Edition

Feb 22, 2024 @ 1:34pm

Originally posted by bignewy:
Originally posted by davidrobertson00:
i uninstalled due to virus detection in update file. Hidden on an external disk. steamapps\downloading\223750\bin-mt\edCore.dll.file: Trojan:Win32/Wacatac.B!ml. could be coincidence? its a particularly nasty virus. Might be worth checking all the same.

you need to supply the quarantined file to your provider for checking, we are not getting it with our antivirus checks. It is most likely a false positive due to encryption

Could you provide hashes for those files from your side for double checking if something wasn't edited in the middle?

#10

Troll Norris has DCS World Steam Edition

Feb 22, 2024 @ 1:40pm

I forced fast test by Defender (Note, my CPU AIO cooler went full power. :D) 338449 files in 2 minutes and 35 seconds. No threat found.

Last edited by Troll Norris; Feb 22, 2024 @ 1:48pm

#11

APOSTATE

Feb 22, 2024 @ 1:40pm

False positives. There's no such thing as a risk from developers behind big games like this. Ignore it.

#12

bignewy [developer] Feb 22, 2024 @ 1:49pm

Originally posted by Franz Makamele:
Originally posted by bignewy:

you need to supply the quarantined file to your provider for checking, we are not getting it with our antivirus checks. It is most likely a false positive due to encryption

Could you provide hashes for those files from your side for double checking if something wasn't edited in the middle?

Nothing can be edited between, the update either comes straight from the steam servers if steam or for stand alone our CDN in Europe.

Last edited by bignewy; Feb 22, 2024 @ 1:49pm

#13

Franz Makamele has DCS World Steam Edition

Feb 22, 2024 @ 1:55pm

Originally posted by bignewy:
Originally posted by Franz Makamele:

Could you provide hashes for those files from your side for double checking if something wasn't edited in the middle?

Nothing can be edited between, the update either comes straight from the steam servers if steam or for stand alone our CDN in Europe.

Well, your statement is not true. During specific attacks, it's possible to stick malware to the files during upload/download to/from servers. So I kindly ask again - provide hashes for those files from devs, please.

#14