Steamをインストール
ログイン
|
言語
简体中文(簡体字中国語)
繁體中文(繁体字中国語)
한국어 (韓国語)
ไทย (タイ語)
български (ブルガリア語)
Čeština(チェコ語)
Dansk (デンマーク語)
Deutsch (ドイツ語)
English (英語)
Español - España (スペイン語 - スペイン)
Español - Latinoamérica (スペイン語 - ラテンアメリカ)
Ελληνικά (ギリシャ語)
Français (フランス語)
Italiano (イタリア語)
Bahasa Indonesia(インドネシア語)
Magyar(ハンガリー語)
Nederlands (オランダ語)
Norsk (ノルウェー語)
Polski (ポーランド語)
Português(ポルトガル語-ポルトガル)
Português - Brasil (ポルトガル語 - ブラジル)
Română(ルーマニア語)
Русский (ロシア語)
Suomi (フィンランド語)
Svenska (スウェーデン語)
Türkçe (トルコ語)
Tiếng Việt (ベトナム語)
Українська (ウクライナ語)
翻訳の問題を報告
ルールとガイドライン
この投稿を報告する
You may have misunderstood what I wrote earlier. Let me rephrase that: The issue arises when other processes are triggered when the game tries to start, and Kaspersky notices the suspicious behaviour during the execution of certain processes apparently, which makes whitelisting the file useless since this is an executable.
I've never seen any reliable news report where Kaspersky might have been caught creating their own viruses and pretend they caught it first. With those hundreds or even thousands of threats on a daily basis, that would simply be a waste of time and totally pointless. In this case, it's more credible that you've been naive.
Once again, I do not appreciate your attitude, nor your tone, and I'm definitely not a low educated moron who is unable to know how to handle an antivirus. Put your pebcak accusations where they belong. I won't waste any more time on your comments.
Someone on the official forum managed to whitelist the game easily. Here's the link if it can help : https://www.hitmanforum.com/t/after-last-update-kaspersky-av-delete-launcher-exe-with-reason-uds-trojan-win32-fsysna/45320/9?u=hardware
I think that's why Kapersky flags it. The signature matches a program that has the same activity as a bug tracker, with data transmission and process injection. A false positive is the most likely cause, but you can wait what Kapersky or IOI team says about that. I'm sure it'll be fixed in the next few hours/days.
AegisLab = Trojan.Win32.Fsysna.4!c
Kaspersky = Trojan.Win32.Fsysna.glsm
Rising = Trojan.Fsysna!8.5F2 (CLOUD)
ZoneAlarm = Trojan.Win32.Fsysna.glsm
All the same type of trojan detected, so it's clearly doing something that ransomware trojan commonly does, such as:
- Executable code extraction
- Injection (inter-process)
- Injection (Process Hollowing)
- Creates RWX memory
- Reads data out of its own binary image
- A process created a hidden window
- Executed a process and injected code into it, probably while unpacking
- Installs itself for autorun at Windows startup
- Collects information about installed applications (most likely)
- Creates a hidden or system file
- Network activity detected but not expressed in API logs (most likely)
- Creates a copy of itself
- Anomalous binary characteristics
- Ciphering the records found on the victim’s hard drive so the victim can no longer use the data
- Preventing normal access to the victim’s PC
It isn't a problem with having quality security anti-virus software, but rather the written code acting in a certain way.
ps: The game developer who wrote the code should be forwarding the EXE to those anti-virus companies to get it checked and then white-listed. The user SHOULD NOT be disabling their anti-virus security software and forcing a white-list upon an entire folder structure. Legit software in the past such as CCleaner even had a trojan injected into it's an old 32 bit version which made it pass the digital signing. It can happen to even the best companies. Sure, it's most likely a false positive, but still consider protection
It does exactly what some virus do, it captures data and reports it.
With a virus, this is a problem because you don't know what it's capturing or why.
With a crash reporter from a trusted source, you know exactly what it is doing and why.
So yes, it is an issue of white listing it; since this specific file is new to the world, no antivirus companies have examined it to put it on their default white list yet
You can wait for that to happen or manually add it yourself to your own.
Any AV that monitors suspicious behavior is going to flag it for the same reason it will flag any file that it hasn't seen before if it's doing any kind of data capture or reporting.
Most games that would have crash reporting typically send the files to popular AV companies before the game is launched in the hopes that they get white listed before the game is even launched, this is just an odd situation since it's being added so late post release and no AV companies have caught up to examine it yet.
Everyone is acting like false positives are not a common occurrence, I've seen this so many times I've lost count. I had to white list at least 4 games just in the past few months, countless more before that.
Honestly I might just white list the entire steam sub folder and never have to think about it again.
retail\steam_appid.txt
retail/steam_appid.txt
gamerelease\steam_appid.txt
gamerelease/steam_appid.txt
release\steam_appid.txt
release/steam_appid.txt
debug\steam_appid.txt
debug/steam_appid.txt
steam_appid.txt
./steam_appid.txt
C:\Windows\system32\rpcss.dll
C:\Windows\system32\windowscodecs.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll
C:\Windows\WindowsShell.Manifest
C:\Windows\Fonts\staticcache.dat
retail\hitman2.exe
retail\hitmansa.exe
retail\hitman.exe
retail\engine.exe
gamerelease\hitman2.exe
gamerelease\hitmansa.exe
gamerelease\hitman.exe
gamerelease\engine.exe
release\hitman2.exe
release\hitmansa.exe
release\hitman.exe
release\engine.exe
debug\hitman2.exe
debug\hitmansa.exe
debug\hitman.exe
debug\engine.exe
.\hitman2.exe
.\hitmansa.exe
.\hitman.exe
.\engine.exe
C:\Windows\system32\DINPUT.DLL
C:\Windows\system32\HID.DLL
C:\Windows\system32\en-US\SETUPAPI.DLL.mui
C:\Windows\system32\ntmarta.dll
hid#vid_80ee&pid_0021#6&e993e07&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
?\hid#vid_80ee&pid_0021#6&e993e07&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
C:\Users\<USER>\Downloads\Launcher.exe <--- Why this? This maybe considered a possible trojan drop activity?
So no wonder why Kaspersky won't let you run it still after white-listing the original Launcher.exe, as it's possibly dropping and/or accessing another EXE in another folder.
ps: The real deal of "Trojan.Win32.Fsysna" is Monero-based cryptojacking malware. Not only mining Monero in the background but is designed to take a hold of the entire network once it infects one machine. The creator of the trojan has enough skills and tends to target large organizations for mass spreading across the companies network. The reason why detection is difficult because the very code that mines Monero does not come with the trojan itself, but downloaded on-the-fly during the infection stage. Unless the actual game developer claims it's clean (and their own work PCs and network isn't infected) or those anti-virus companies suggest it's clean, I personally won't be running it.
https://thethreatreport.com/how-monero-mining-malware-trojan-win32-fsysna-works/
Did you even read the article you linked?
"The highlight of this variant is the use of legitimate IT administration tools, "
So yea, your AV is flagging anything that accesses even legitimate IT administration tools because it "might" be a virus.
The majority of the list of files being accessed are either game files, steam files or crash dump reporting tools. Your AV is freaking out that a new program is looking at crash dumps.
Re-read the entire sentence, rather than just being a selective reader and crying fake news like your so-called king:
"The highlight of this variant is the use of legitimate IT administration tools, Windows system tools and previously disclosed Windows vulnerabilities in order to infect an entire network of PCs."
You miss the point however, I'm not suggesting that IO Interactive would inject a trojan on purpose into their game, that would be silly. I'm just being careful and verifying one or more of their work computers used to write the program code wasn't infected or similar.
In the past, even an old version of CCleaner (32-bit version) was infected with a Trojan that managed to get pass a digital signature signing of the EXE and released into the public. I fully trust CCleaner and their creators, they are legit, yet hackers still managed to get hijacked their build environment.
https://www.kaspersky.com/resource-center/threats/ccleaner-malware
Most likely it's a false positive, due to just the way the crash log is read/accessed, but I'm double checking. Since I have yet to hear back from those anti-virus companies or the game developer themselves.
And I'm sure iOi reps are lurking around in these forums but their ignorance of silence shows its deceitful head once again.
Confirmed, Kaspersky and ZoneAlarm with updated definitions has cleared it.
It's just AegisLab and Rising now who still have the false positive.