Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
1 
Report this post
Steam > Settings > Download > Clear download cache.
Somene suggested:
"Just wanted to share. Had same "Disk Write Error" on my Steam for all my downloaded games. Had my games saved in another hard drive in my computer. Going to Settings -> Storage -> selecting the download folder -> choosing "Repair Folder" worked for me."
Another suggested:
"Open Run (Windows + R)
Type diskpart and hit enter
Select Yes if/when prompted
Type list disk
Hit enter
Type select disk n (n being the number of the disk your steam library is on e.g. select disk 1)
Hit enter
Type attributes disk clear readonly
Hit enter
Once completed the terminal should read 'disk attributes cleared successfully.'
Try to download/update your games again."
Another had this to say:
"I just had the same issue. The issue for me, was that steam was not applying a client update, so all the game updates had disk write issues. The fix was to right click the steam.exe and run it as administrator. Then it finally was able to apply the client update and gave me no more disk write issues on game updates. Of course it's something so simple and weird."
But now I have a new problem, the game doesn't open
I got these two error messages after trying to open the game
'An error occurred while launching this game : missing executable - C:\Program Files (x86)\Steam\steamapps\common\SecretsOfGrindea\SecretOfGrindea.exe'
and
'Failed to start process for this game : "Operation did not complete successfully because the file contains a virus or potentially unwanted software." (0xE1)'
also I tried to install the game back on the first drive (one that have the problem on the top) using the fixes, none of them worked for me
After install the game, windows defender noticed me that a threat was found
It's named 'PUAMiner:Win32/RedbyrepMiner' with severe threat level
It was shown for a few second, then gone (I assume, deleted) along with the .exe game file
Yeah, that's a false positive.
Add the folder to your anti virus exclusions and it should stop eating the game's executable like Pac-Man eats pellets.
This is concerning. I was about to buy this game, but I saw a review by another user reporting the exact same detection:
https://steamcommunity.com/profiles/76561198018006230/recommended/269770/
(this was posted just yesterday)
...so I then got on the forums and searched, and found this thread where another use is reporting this infection.
How can you tell someone it's a false positive? Are you the game dev? Unless the answer is yes, telling someone blindly that something is a false positive and to whitelist it is an incredibly negligent thing to do. Vendors of software that are used in important industries are regularly compromised by bad actors that inject viruses in distributed binaries without the vendor's awareness, so it's often not even the case that the devs themselves are necessarily the guilty party when infected software is spread, or even aware of it. And that's security-oriented software used in industry, even. Game binaries are much less likely to have rigorous security measures protecting them. (not saying that is the case for this game - just in general)
It *might* be a false positive of course, and I hope so, but blithely telling people to "just whitelist" is always the wrong response to an unexpected virus detection. Always. That's like telling someone who's sick "just take immunosuppressant drugs" when they complain their runny nose and fever is annoying.
@Teddy (game dev):
"What antivirus are you running?"
That's a good question, so you could contact the AV company and hopefully get your binary whitelisted with them if it is a false positive. The review mentioning this same virus (linked above) said it was Windows Defender. Most AV vendors use specific names for a given virus instead of a common one shared among all vendors. Searching that virus name online shows only Defender.
"add the .exe to your antivirus as a trusted file/exception"
...that's not the right response however. If you want to reassure people (for example, people like me who were about to buy the game but are now leery of it), I'd suggest posting a link to a virustotal results page for the binary of your current launcher. If it shows all clear, great. If it shows Defender reporting this virus, then be upfront with people that you believe it is a false positive and that you are working with Microsoft to get it properly reviewed and whitelisted as such so they can trust that it is safe.
FWIW it looks like players of Noita also got hit with this a few months back:
https://steamcommunity.com/app/881100/discussions/0/4036978233549018645/
https://steamcommunity.com/app/881100/discussions/1/4035853189469099573/
It's possible it's a worm that's spreading to other executables and didn't originate with noita or this game's binaries as one person blindly speculates on those threads, but I doubt that as all of google only finds references to this virus regarding this game and Noita, and in both cases multiple players have reported it... ie, it seems less likely this is originating from elsewhere and only incidentally also causing issues with these 2 games.
(Again, just to be clear - I'm not saying this game dev is intentionally distributing an embedded miner. I very much doubt it in fact (why potentially ruin over a decade of hard development work after all!). I'm just saying that legitimate software regularly ends up infected without vendor awareness due to hackers, and it's not impossible that might be the case here.)
I can tell because I've had the game installed for nearly 10 years now and have not had a single bad thing happen to me, and because I also understand how virus scanning software works. I am of course hardly the only one who has installed the game - there has been no reports of the game having a crypto miner in them, or connecting them to some suspicious connection when it shouldn't, or destroying their computer, etc.
Virus scanning software aren't psychic mind readers. They don't detect what something *will* do, they detect what something *is* and based on that, what it *can* do.
To put it in Layman's terms, they are pieces of software designed to detect potentially malicious software/malware and to prevent them from running - to which, sometimes they can fail to do that (these are known as "zero day attacks") until the people who own those detecting software manually update those detection systems with a black list.
If it's not on the blacklist, then most anti viruses now-a-days scan in real time what is running on the system and what it is doing. A program, like an exe, which can change files on the system, fits exactly what a virus does. The difference between a virus, and something like a game, is the intention behind it. Nothing else. A virus may try to sneakily run this exe without you knowing, though. That exe could connect you to somewhere sus, start making you download things without you knowing (this game has the ability to connect to others through peer-to-peer), and several other things. If a program isn't whitelisted, like Microsoft products, or digitally signed, then most antiviruses worth their salt are going to take the cautious approach and flag it as potentially malicious because that's what they are designed to do.
This is why the exclusion option exists in anti viruses. If it's something you trust, and know IS NOT a virus and a malicious piece of software, then you can tell the anti virus to ignore it.
If you play ANY online game, then you put yourself at infinitely more risk than a game like this. Play GTA V on PC? People can read your IP, where you are, and even down to your longitude and latitude. They can do this, even if you are playing single player mode because the game always connects to Rockstar servers even when in single player; that's how advanced the modding for that game has become.
How about an online game with anti cheat? You are letting a big company install a piece of software on your computer that can control and read your computer at the kernal or even root level, which can cause another opening for attackers to get into your system - even though these are not viruses, they still weaken the security of your computer. These companies for all you know could also be using these anti cheats to farm and harvest your data.
I suspect the reason SoG is flagging a false positive is because it can add, change and alter files on your system - this is something viruses and malware can do. However, those creation of files and altering them for SoG are things like saving the game, using its auto save systems, and the creation/altering save files to make back up saves.
Obviously creating files to make a save of your characters is hardly malicious behavior. The game probably isn't digitally signed, either, so since it is not on a whitelist, it must be done so manually by the user so it is not flagged as potentially malicious.
Quite frankly, if you are going to be this scared, then you shouldn't be using the internet, period. Or at the bare minimum, you should be putting things inside a sandbox using a virtual machine. This game however is more safe than going outside to cross the street, because I've had more incidents of being nearly hit by cars in the near 10 years I've had this game, going to get some bread and milk and having those drivers not paying any attention to what's in front of them, then anything this game has done maliciously to my PC.
You yourself advised someone to whitelist the executable, so if you ever followed your own advice, you wouldn't know if you had. Also, something can be fine for 9.9 years and then, with any particular update, binaries can be infected - that's the whole point of what I was saying regarding distributed binaries being infected. This sort of thing happens. The juiciest target to go after is a software vendor, because you can then potentially compromise a huge number of target computers and networks in one fell swoop.
I work in security - I don't need an explanation of how antivirus software works. An explanation of antivirus software doesn't contribute to this discussion - of whether there is potentially a problem with *this game's current binaries*. Multiple users have reported having their AV flag the game. You told one of them to disregard that, and you do not have proof positive that there is NOT an issue.
There was one by another user reporting the same detection **just yesterday** and I linked to it in my comment. Did you miss that?
I **write software myself** and I work in the security industry. I'm quite aware of the concept of unprofiled software being more likely to be detected and be a false positive - my own software has been detected by Windows Defender for exactly that reason (though, my software does quite a bit more system modification than most games do, so I'm honestly more surprised when my own new compiles are NOT flagged). That still **does not change the fact that detections may nonetheless *not* be a false positive**. Also, heuristic detections generally have their own detection names and don't show up as something specific like a particular crypto-miner like this did in my experience.
Still, is it nevertheless possible it's a false positive? Yes.
Do YOU *know* that it is? No you do not.
Is it wise to just YOLO and advise people to run something anyway, not knowing? No it is not. You can roll the dice with your own systems, but you shouldn't tell other people to take risks while reassuring them that it will be fine when you don't know that.
........
Seriously? THAT is your suspected reason? Practically ***all software*** writes files. And *literally* all software *can* do that. Is it your suggestion that 99.999% of all non-whitelisted software would be detected by Windows Defender?
Again, as someone who actually writes software I can tell you that is most assuredly not the case.
Sorry, I guess you heard this somewhere or someone told you this, and that's why you're thinking about antivirus the way you are... I can understand why you'd be telling someone what you were, though, thinking this to be true.
Go write Hello World in C#, use csc.exe on your PC (you don't even need to download VS), and run the resulting binary. It almost definitely will not be detected by your antivirus.
Neither is my software, and it's often not flagged. Again, you're simply wrong in your thinking that it is always or almost always the case that non-profiled software is just "automatically" flagged as a virus.
We all have different risk profiles, but you shouldn't just tell others to not worry about internet security.
Again though, now I realize that you were operating under a misconception about how (re likelihood of false positives for unprofiled binaries) AV works, so I can understand your thinking better.
I do in fact often do that.
Since you aren't the game dev and didn't compile it from source yourself, and it's being detected by people's antivirus clients, and you likely have it excluded on your own, you actually can't say that.
Look, my only criticism of you is that you were advising people to take risks, inferring everything would be alright, when you literally have no way of accurately making that assurance. That's just an objective fact, and that's not alright. It sounds like you had some misunderstandings about how antivirus works (frequency of false positives for anything unprofiled by AV companies), so I understand you meant well if that's where you were coming from. In the future just keep this in mind - you telling someone to do this sort of thing will likely be fine 95% of the time. The 5% however could really end up screwing someone over.
Actually, no, the game isn't added to my exclusions. And I also know that Windows Defender is not exactly the most accurate anti virus. It works fine for most people but it does have those false positives. It has those false positives quite frequently. It's better to have false positives though than missing something potentially malicious. It makes sense.
I'm telling people it's safe, because I know it's safe. This isn't something I think, it's something I know
I'm not telling people to take "unnecessary risks". I'm telling them it's a false positive, because it's a false positive. It's not rocket science - it's 2 + 2 = 4.
I don't need to be a dev to know if the code is malicious or not just like I don't need to be a chef to spot burnt toast from toast that's not burnt.
All your credentials and stuff really don't matter. One doesn't need to be a game developer or a software engineer to understand if an anti-virus is giving a false positive or not, just like someone doesn't need to be a chef to spot if their's a hair in their soup or if their toast is burnt. All of your knowledge doesn't change a false positive just being a false positive and the anti-virus being wrong. If anything, you should know this happens a lot. Very often. It's not a bad thing that it happens - if anything it means the anti-virus is doing its job as intended.
I didn't tell OP to do this every single time there's a flag. I said it's a false positive in this instance, because that's exactly what it is. There's no reason to speculate. The devs already acknowledged the problem and are working to fix it. What more do you want? Trying to frame it as me giving OP incredibly bad life advice though is really disingenuous because I am accurately telling him what the problem is, why it happened, and steps on how to fix it so they can play the game they purchased.
Uh, yes, you do need to put in work to understand that. You have no idea what software might be doing unless you've 1.) read the source code and for good measure compiled it yourself or 2.) used GDB/procmon/firewall monitoring/etc extensively to monitor something behaviorally. The latter doesn't necessarily require coding knowledge, but it is hard work.
Short of that, you're doing absolutely nothing more than assuming.
And that's OK. I of course use some closed source applications myself, but I'm aware it's a risk when I do and take into account how long the binaries have been released (I check "first seen" for the hash populated in databases like virustotal), along with other steps. I wouldn't for one second claim that there is ZERO risk and that I don't need to do any of the above to "understand if an anti-virus is giving a false positive" through some magical insight if my AV did trigger for one of the applications I use. Short of the above, if you get a detection, you're just rolling the dice. And like I said previously, 95% in some contexts (games on steam, commercial software you paid money for, etc) that's probably the case. Until the 5% comes along.
Agreed. IF it's a false positive, it's a false positive.
Sure, it does.
Where? If they had I wouldn't have posted anything about it.
No, you're telling them what you think the problem LIKELY is, without framing it with that nuance. You do not KNOW anything. You're assuming. And you're *probably right* by sheer virtue of probability that it is a false positive. But, again, I have seen major software vendors distribute virus-infected binaries inadvertently because of hackers in the course of my job. You don't see that and continue on in life believing that it's impossible for that to occur in your personal life (games etc).
(on the note of knowing - if you uninstall this game, and reinstall it, and take the main game .exe and submit it to virustotal.com and post the link here, then you'll have actually contributed something and can then say you know... just having the game installed doesn't necessarily tell us anything (I'm not familiar with the intricacies of valve's hosting of game binaries and the update process... it might or might not be the case that a copy of the game you downloaded a month or two ago might not have been infected and a current copy on whatever CDN is used might be) ... the culprit could still be some DLL rather than the main exe, but at least this would be a good start)
Let's break this down here:
...But apparently I am just assuming? Despite every piece of evidence supporting that the game doesn't infect peoples PCs and does anything malicious - and because I am not a software engineer or the developers, I apparently lack the capabilities to make a judgement call using the powers of common sense and deduction and the burden of evidence, that what is happening, is a false positive?
This is so, so incredibly pretentious of you right now.
But look, I really don't hate you and I don't care for arguments and just want to get the facts straight that the game is not malicious and it's just a false positive, so here, let's do it how you want:
Here's the virus total scan you asked for. This is the .exe that Windows Defender kept eating from the OP: https://i.imgur.com/iAJ7mb6.png
Additionally, here is my Windows Defender scan of the game's folder, the same anti-virus that was flagging for OP: https://i.imgur.com/FneaCTG.png
Notice how my Windows Defender isn't eating the .exe like it was for OP. Granted, the game could have been updated in the past 3 weeks to fix the problem but I never had any issues anyway even during that time.
Here is a MalwareBytes scan, just to get a second opinion of a scanner: https://i.imgur.com/VT1Mzyg.png
Are there any other specific files within the game you would want me to scan for you in VirusTotal so we can put this thread to rest? Here's a picture of the game's folder: https://i.imgur.com/Sg4l1ym.png
98% of the game is in the content folder and it's things like dialogue, sprites, sounds, more sprites, music, maps, effects, palettes, hairstyles... etc. Every single one of them are .xnb files (I checked just to make sure) and it makes up those 20k+ files -- Now, I'm willing to scan files for you into VirusTotal, but obviously not that many, so I don't think there's any merit in scanning anything in there personally, but just in case here is the folder structure of the "content" folder anyway: https://i.imgur.com/RDO5NpP.png
You don't have statistics on the number who *haven't* had it crop up. Two people have reported it. Even if you all had the same binaries, it's not necessarily the case that a miner, if present, would decrypt itself and register on all systems.
Viruses don't display skulls floating around your screen to let you know they're doing something like in a hollywood movie you know. Especially not a crypto-miner.
This "for years it was fine" argument was already responded to earlier. I've never alleged the game dev intentionally put a virus in the game. If that was the implication, then the 9+ years would mean something.
Thank you, this is a much more productive direction for this thread.
Note in the scan it said "Last Modification Date" was 1 day ago. That means that the binary you scanned isn't the same one that someone had on Saturday. Again, not saying that means that that one was NOT a false positive - just pointing the obvious out. Regardless, it's good to have a scan done for people to see the state of the current game executable.
And I responded to that - that's not a great response to give to people, because the issue isn't just whether we trust the game dev themselves to not have intentionally put a virus in place, but rather that they may not even be aware if it was done. Again, you're absolutely ignoring what I've been telling you - I've personally dealt with major software vendors that have had their binaries infected by hackers. The way to reassure customers in the face of AV detections is what I explained to the software dev above in this thread. In a professional setting, telling your customers to "just whitelist it, it's fine, trust us" would not fly. You can say the standards should be lower for a game I guess though, if you want. That's subjective.
Yes. I already told you - you're probably right that it's a false positive. I said that from the very beginning. However, I also said you can't KNOW FOR SURE. You keep desperately avoiding acknowledging that to be true. I understand all us humans want absolute and total certainty in our lives, but can you please stop and reflect for a moment on the fact that you cannot have ABSOLUTE CERTAINTY about this? You do NOT have the source code to this game so you CANNOT be absolutely certain. This isn't rocket science. If you want to acknowledge that and say you're personally okay with the risk of just always whitelisting any detection for games from steam because of your own personal risk profile then that's cool, no arguments from me, but you shouldn't make that decision for others.
Again : LIKELY FALSE POSITIVE. But to state that with CERTAINTY is IMPOSSIBLE without more information than you (or I) have.
Me not wanting someone to confidently tell people to roll the dice with a possibility (no matter how small) of an infection on their PC is "incredibly pretentious"? Gotcha. I know, I know, I'm the awful terrible no-good person here for being cautious in the face of multiple reports of virus detections.
Likewise, and thanks, that's helpful.
Again, I don't know how Valve operates with CDNs and how the game update process works. Your copy of the game might not have had the same binaries as the people who got the detection did, depending on the timing if something actually had happened to the binaries. Or it's possible a miner might only decrypt itself and execute if someone has a particular GPU, etc. There are a lot of possibilities, and in the face of those unknowns I lean towards caution personally.
DLLs also contain executable code and thus could be infected, but it can be burdensome to submit all of them to things like virustotal, and the main launcher exe is typically the most likely to be infected. Zipping all the DLLs up and submitting the zip is one option, but more than I'd expect someone who isn't the game dev to do. You did a scan of the folder with Defender, which scanned all the DLLs, so that's some reassurance for everything else. Thanks though!
Right, those are all going to be fine.
Thanks again, those scans are helpful.
No, but if a game has had a crypto miner in it, I am—
—...overwhelming statistically sure that there would be a lot more noise than just two reports and only microsoft defender would be the one detecting it, and only after a very specific update on March 1st.
Of course not, but they're not invisible, either.
The only thing I don't trust Teddy to do is to properly put the correct values for the drop rate for the Solem card and make me kill a whopping 439 of them and still didn't obtain the card before I dinged him on the game's Discord going "pls halp, i need card": https://i.imgur.com/lwL69yO.png
...Anyone who has made it to the desert area in this game will understand the mortal pain, suffering and grief such an expensive mistake has caused me. But at least with my suffering, no one else (after me) had to suffer again. Salvation was had that day.
I'm just going to have to agree to disagree on this by this point, but here is my point on it:
I don't know for sure if my chair will break when I sit on it next time, but I sit on it regardless. And unlike this, situation, it's a matter of 'when', the chair will break, not 'if' it will break.
Of course, I am minorly inconvenienced when it does eventually break; but never sitting in a chair is far more inconvenient, than sitting in one and experiencing the one time it does eventually break.
Thus, instead of never sitting down ever, I just have contingency plans. In this case, the small carpet under my chair will make a better cushion for my ass than the hard tiled floor should the chair no longer support my weight.
All of that said, I do understand in some small part, even if I disagree with it. I will never fly on a plane, despite them being statistically safer than driving. I am also afraid of heights. Very much. Not a way I would like to go down if it can be avoided.
The game updated 5 days ago. The version I have is from the 20th. You can also see this from my earlier screen shot of the game folder: https://steamdb.info/depot/269771/history/
In terms of the exe itself, there was a +8.50 kb file change from the update when the game released on Feburary 29th to March 20th. March 20th is the 1.01 Bug fix update.
I should note though, with Steam, it does, can, and will corrupt download files. It's not a matter of 'if', but 'when'. Unless you clear your download cache.
This is why my initial post was suggesting OP to clear their download cache and to try verifying the game files to attempt it again. Clearing the download cache and verifying files guarantees you are getting a clean installation of a game as you would if you were downloading the game fresh (assuming nothing went wrong with the initial download).
Also additionally, there is a way to download older versions of games via Steam's console. I could use that to download the 1.00 version of the game, and then scan that exe (and whatever else), which would be the same .exe variant OP had.
Unfortunately, whether Steam lets you download these depots and manifests are hit and miss, as I'm getting a server error. Sometimes with retrying it over and over, it will just eventually work. However, after over three hours of attempts now, I have stopped trying.
Maybe it'll work later, maybe it'll work never. We'll see. ¯\_(ツ)_/¯
There's only three DLLs in the entire game's folder structure. Two of which are Steam's DRM and API - but I put them all in a zip and scanned them anyway. However a small chunk of scanners could not detect the zip file though: https://i.imgur.com/mKomUfb.png
So I did them all individually anyway.
Lidgren.Network from the game: https://i.imgur.com/6LepaVe.png
And then the two other DLLs from Steam:
https://i.imgur.com/htfqtnD.png
https://i.imgur.com/vI5LrRn.png
I'm not a dev, but I'm also not normie. I'm however occasionally a goose, just like Teddy.