The link doesn't work but it's almost certainly a false flag, happens all the time when we push out new updates. Usually it happens in the Steam "downloading" directory where Steam places partially downloaded files. Check the directory / file where the issue happened.

Originally posted by Tim:

The link doesn't work but it's almost certainly a false flag, happens all the time when we push out new updates. Usually it happens in the Steam "downloading" directory where Steam places partially downloaded files. Check the directory / file where the issue happened.

Please explain:

Update contacting URL with Russian writing.
latest update flagged:

HERE IS THE URL CONTACTED, WITH RUSSIAN TRANSLATION:


hxxps://xn-----ilcebthf8ahacnjknd1gwd.xn--p1ai/4635129fe4fe43y
xn-----ilcebthf8ahacnjknd1gwd.xn--p1ai (проект-чистый-город.рф)

( removed tt )

3 detection as malicious.

The Russian writing roughly translates to "project-clean-city.rf"

Now will the Dev explain the russian portion?

thank you.

In addition:

.RF = Cyrillic country code top-level domain for the Russian Federation

Why is your software referencing a server in russia?

I am also getting this false flag even with bitdefender turned off, I found that running it in 64 bit / using the wallpaper64.exe will let me launch it but it is annoying none the less.
I hope this helps.

Here are the logs:
Usually this means your anti-virus deleted Wallpaper Engine files by mistake. Configure your anti-virus to ignore the directory and reinstall Wallpaper Engine2024-06-03T18:29:05Z, 26116: InstallDistribution: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\distribution\wallpaper32.exe -> C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe fs::copy error The operation completed successfully.
2024-06-03T18:29:05Z, 26116: VerifyFileHashes dst file not found: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2024-06-03T18:29:19Z, 22436: Launcher cannot find wallpaper32.exe/wallpaper64.exe at path: C:/Program Files (x86)/Steam/steamapps/common/wallpaper_engine/wallpaper32.exe.

Usually this means your anti-virus deleted Wallpaper Engine files by mistake. Configure your anti-virus to ignore the directory and reinstall Wallpaper Engine2024-06-03T18:29:51Z, 10084: InstallDistribution: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\distribution\wallpaper32.exe -> C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe fs::copy error The operation completed successfully.
2024-06-03T18:29:51Z, 10084: VerifyFileHashes dst file not found: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2024-06-03T18:30:11Z, 9432: InstallDistribution: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\distribution\wallpaper32.exe -> C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe fs::copy error The operation completed successfully.
2024-06-03T18:30:11Z, 9432: VerifyFileHashes dst file not found: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2024-06-03T18:30:16Z, 14556: Launcher cannot find wallpaper32.exe/wallpaper64.exe at path: C:/Program Files (x86)/Steam/steamapps/common/wallpaper_engine/wallpaper32.exe.

Originally posted by CrazyForU:

I am also getting this false flag even with bitdefender turned off, I found that running it in 64 bit / using the wallpaper64.exe will let me launch it but it is annoying none the less.
I hope this helps.

Here are the logs:
Usually this means your anti-virus deleted Wallpaper Engine files by mistake. Configure your anti-virus to ignore the directory and reinstall Wallpaper Engine2024-06-03T18:29:05Z, 26116: InstallDistribution: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\distribution\wallpaper32.exe -> C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe fs::copy error The operation completed successfully.
2024-06-03T18:29:05Z, 26116: VerifyFileHashes dst file not found: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2024-06-03T18:29:19Z, 22436: Launcher cannot find wallpaper32.exe/wallpaper64.exe at path: C:/Program Files (x86)/Steam/steamapps/common/wallpaper_engine/wallpaper32.exe.

Usually this means your anti-virus deleted Wallpaper Engine files by mistake. Configure your anti-virus to ignore the directory and reinstall Wallpaper Engine2024-06-03T18:29:51Z, 10084: InstallDistribution: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\distribution\wallpaper32.exe -> C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe fs::copy error The operation completed successfully.
2024-06-03T18:29:51Z, 10084: VerifyFileHashes dst file not found: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2024-06-03T18:30:11Z, 9432: InstallDistribution: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\distribution\wallpaper32.exe -> C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe fs::copy error The operation completed successfully.
2024-06-03T18:30:11Z, 9432: VerifyFileHashes dst file not found: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2024-06-03T18:30:16Z, 14556: Launcher cannot find wallpaper32.exe/wallpaper64.exe at path: C:/Program Files (x86)/Steam/steamapps/common/wallpaper_engine/wallpaper32.exe.

Negative.

I have the proof it is calling out to a russian URL.

Now the question is WHY?

Assuming this is a false flag.

To stop bitdefender from deleting/stopping Wallpaper Engine, simply go into the settings of BitDefender, go into the protection tab, click on antivirus -> settings -> quarantined threats and remove wallpaper engine .exe from the list.

Originally posted by Moe Epsilon:

Assuming this is a false flag.

To stop bitdefender from deleting/stopping Wallpaper Engine, simply go into the settings of BitDefender, go into the protection tab, click on antivirus -> settings -> quarantined threats and remove wallpaper engine .exe from the list.

No you do not assume.

The update is calling out to russian servers. ( with an encoded url which i have translated for the non cybersec community. )

My Bitdefender says the following:

"The file C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe is infected with Trojan.GenericKD.72992858 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean."

This does not sound likeit's a false flag

Originally posted by Spaced_Cow:

Negative.

I have the proof it is calling out to a russian URL.

Now the question is WHY?

It's not calling out any Russian URL. Share your proof then.

Originally posted by Tim:

Originally posted by Spaced_Cow:

Negative.

I have the proof it is calling out to a russian URL.

Now the question is WHY?

It's not calling out any Russian URL. Share your proof then.

Where do i post the screenshots please?

Originally posted by Tim:

Originally posted by Spaced_Cow:

Negative.

I have the proof it is calling out to a russian URL.

Now the question is WHY?

It's not calling out any Russian URL. Share your proof then.

Originally posted by KJ:

My Bitdefender says the following:

"The file C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe is infected with Trojan.GenericKD.72992858 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean."

This does not sound likeit's a false flag

It is a false flag, it happens every time we release an update. As explained in the other thread that's active right now, the "Generic" detection flag occurs when BitDefender catches what it perceives to be a suspicious pattern which can occur randomly and is out of our control. We verify all our releases with all the major antivirus software before we push it out to Steam and we sign all of our code, ensuring it cannot be modified by a third-party but still, some antivirus apps like BitDefender, keep falling for false-positives. The best thing you can do is to mark the directory as ignored and do a clean reinstallation of the app.

Originally posted by Tim:

Originally posted by Tim:

It's not calling out any Russian URL. Share your proof then.

Where do i share the forensics?

Just upload it somewhere? You "work in cyber security" but you cannot share a file on the internet?

Originally posted by Tim:

Just upload it somewhere? You "work in cyber security" but you cannot share a file on the internet?

Give me a few minutes to post the screenshots.