did you dowload any cheat engines that could modify the game files?

Originally posted by ✪ zer0:

did you dowload any cheat engines that could modify the game files?

No, not in any way. I have never used Cheat Engine or anthing remotely similar that allows you to mod a game.

This recent catch by my AV and the ensuing clearup in my PC's perforrmance is something that strong circumstance (and past experience) points at being caused maliciously. I don't see another way it could have happened.

I'd love to hear from someone with coding and network experience that can provide details on how it would be possible for someone to escape Steam's sandbox. Is the system that porous?

I detailed my first experience with malicious behaviour from a hacker co-op partner in my post here from back in the Spring:

[http://steamcommunity.com/app/49520/discussions/0/392184342867289742/?tscn=1458600019]

This earlier instance was with someone who was using Cheat Engine (they explicitly told me in-game during chat). I am convinced that that person also had the ability to bypass Steam's sandboxing, and did just that, leaving clear signs of doing so behind.

As I understand, most users of CE here are script kiddies that download "extensions" or scripts that others have created to mod their games (run faster, create new weapons, jump higher, slow down enemies, prevent enemies from attacking, etc.). I've seen this in-game, and when I do, I bail. However, I don't know enough about the program to know whether it would allow a knowledgable but morally-bankrupt person to escape the confines of the protected and sandboxed multiplayer environment that Steam/Valve has created. Or can someone do this without CE or similar, just by virtue of being in a hosted game and knowing how to escape the sandbox through coding magic?

To me, if you want to use CE, that's your perogative for solo play. If you insist on playing co-op with a modded character, tell your partners so they have a choice to play or not. I choose not to.

-----------------

Now a rant:

Regarding modded characters: no, I'm not talking about kiddies leveling to 72 OP8 with all legedaries after only 200 hours in play. These are often easy to spot given their:

• generally poor tactical skills and teamplay
  
• their use of Sal (not to offend ALL Sal players out there, but still...)
  
• their sprinting ahead and killing all enemies themselves given their outrageously-high, non-reality-based Badass rank, super duper glitched weapons. Did i mention poor teamplay?, and
  
• dropping piles of loot where ever they go like cows with diarrhea. Perhaps Butt Stallion is a better analogy?
  
  These players are just annoying and generally avoidable. It's the real hackers that make me angry.
  
  End of rant.

ive readed a simelar thing a long time ago on the bl tps steam forums back in the days when i was playing it , a guy was hosting a game a random player joined his game the antivirus immediately detected multiple virusses and the host his character was ruined.
sad enough this community is just garbage.

Originally posted by 'MC' Gizmo:

ive readed a simelar thing a long time ago on the bl tps steam forums back in the days when i was playing it , a guy was hosting a game a random player joined his game the antivirus immediately detected multiple virusses and the host his character was ruined.
sad enough this community is just garbage.

Thanks for that, 'MC Gizmo'. I'd really like to learn how this is possible. I mean, for your antivirus to be set off because someone joined your game....what's with people?

Not everyone in the community is bad (I've "met" some definitely positive exceptions to this, even recently). Sometimes it does take a little longer to find them, though.

These exceptions are the players who inspire and make the game more fun. They help rather than hinder, share tips and strategies, and point out little things that would otherwise go unnoticed. Good, patient team play is what is fun to me in this game, otherwise, really, why bother?

Borderlands 2 is a deep game with many hidden facets. No matter how many run throughs you make, there seems to always be something new to learn if you choose to look. It's the multiplayer that gives me exposure to these facets (not just Youtube videos!) and makes me want to get better. It's just unfortunate that system safety and personal privacy can be put at risk at the same time.

I was always under the impression that only the host could hose a guest's game with CE. All guest get their data from the host is what I was told.

Originally posted by trukr:

I was always under the impression that only the host could hose a guest's game with CE. All guest get their data from the host is what I was told.

just checked a table - it appears they can also change the data when they're not the host, but it's more or less unreliable in a 4 player game.

there's also the concept of "code injection" but i can't see how they could use the unreal game engine to copy a file (or write a new file) into the
folder.

Originally posted by Bringoutyerded:

Has anyone seen virus infections in their Steam directory before?
After signs that my computer wasn't operating normally, I ran an AV scan and it found a possible infected file (SMG.Heur!gen) within my Steam bin directory:
[http://imgur.com/a/jfbHN]
...

can you tell the size of the malicious file? i can't see any details of it on the screenshots.

also, when possible (disabling your norton security, etc.temporarily) load up the file to https://virustotal.com/
and check if it's a "false positive"

Originally posted by Der Hexer:

Originally posted by trukr:

...
just checked a table - it appears they can also change the data when they're not the host, but it's more or less unreliable in a 4 player game.

there's also the concept of "code injection" but i can't see how they could use the unreal game engine to copy a file (or write a new file) into the

..steam\bin

folder.

This is interesting, Der Hexer. Thanks for your suggestion. I'm guesing that you were pondering whether code injection could be carried out via CE, or do you see reference to this specifically in CE documentation?

I had been going to ask whether sandboxing is typically a safe way to keep malware contained, and then I slapped myself. Silly me, I thought, nothing is truly safe on the internet! The first results from a quick google showed me a story from 2011 where a zero-day exploit was claimed to have been used to penetrate Chrome, allowing malware to be injected on a victim's system.

Originally posted by Der Hexer:

Originally posted by trukr:

...

Originally posted by Bringoutyerded:

Has anyone seen virus infections in their Steam directory before?
After signs that my computer wasn't operating normally, I ran an AV scan and it found a possible infected file (SMG.Heur!gen) within my Steam bin directory:
[http://imgur.com/a/jfbHN]
...

can you tell the size of the malicious file? i can't see any details of it on the screenshots.

also, when possible (disabling your norton security, etc.temporarily) load up the file to https://virustotal.com/
and check if it's a "false positive"

No, the short answer is that I didn't get the file size before I had Norton "fix" the problem. It was only after doing so that I was presented with the two screens that you see in the grabs I linked to. TBH I've never tried to see if this address info is presented before pressing the "fix" button in the past when Norton has found problems.

I'll keep this in mind though as it's a simple but good suggestion for the future. Virustotal.com is already part of my web security "toolkit" for anything that I knowingly download,false positives or not.

Originally posted by Bringoutyerded:

This is interesting, Der Hexer. Thanks for your suggestion. I'm guesing that you were pondering whether code injection could be carried out via CE, or do you see reference to this specifically in CE documentation?

I had been going to ask whether sandboxing is typically a safe way to keep malware contained, and then I slapped myself. Silly me, I thought, nothing is truly safe on the internet! The first results from a quick google showed me a story from 2011 where a zero-day exploit was claimed to have been used to penetrate Chrome, allowing malwar to be injected on a victim's system.

No, the short answer is that I didn't get the file size before I had Norton "fix" the problem. It was only after doing so that I was presented with the two screens that you see in the grabs I linked to. TBH I've never tried to see if this address info is presented before pressing the "fix" button in the past when Norton has found problems.

I'll keep this in mind though as it's a simple but good suggestion for the future. Virustotal.com is already part of my web security "toolkit" for anything that I knowingly download,false positives or not.

sorry, i'm in no way an expert in question of CE.
there's a lot of info on the web "how" they're using CE to manipulate "any" program (mostly games), multiplayer or singleplayer.
one method is to hook into the games process (finding a base adress) and from there they're finding pointers to different functions & values. now they can either manipulate them directly or by writing scripts in CE (lua script & ASM).
depending on the host process it's also possible to inject their own code. mostly to simply cheat.
there are infections via CE-made trainers (mostly *.exe files), but afaik those are only targeting the PC of the user running that stuff (to get control over the PC, etc.)
i'm not aware of cases where CE was used to get malicious files on the PC of people just connected via network to the PC of the CE-User. from my imagination i can think of at least they've tried it.

about norton "fixing" the problem:
is the file deleted by norton or is it stored in a quarantine folder? usually the files get stored in a quarantine folder so you can recover them if it's a false positive.