Trojan:Win32/Critet.BS

[4721Archer]

18 hours ago, million_lights said:

The issue has been resolved.

I'm afraid it hasn't.

It persisted on my system through 1.263.585.0 and into 1.263.598.0. It still gets picked up now.

If I restore it from quarantine, it'll only get flagged again at the next reboot (not the end of the world, but it is a bit of a pain)..

[Sufficient Anonymity]

Ditto. Currently running 1.263.598.0 and still getting mod files flagged as containing Critet.BS

[SpudGunMcGee]

I am also still having issues with windows defender, if you still want to play the game you can add the KSP install folder to the exclusions until this is fixed.

Below are some screenshots verifying that this is still the case.

Spoiler

 

[iniju]

I also have same issue, everything is up-to-date in my system, virus definitions too.

I'm not taking any chances. I think it's a very bad idea to just add this folder to exclusions. This folder has also all the files from mods, you definitely want scanning over them.

Can we mark this issue as not solved until it is actually solved?

[HLSA30]

same problem, solution?

[iniju]

With virus definitions 1.263.643.0 the problem seems to have gone away.

[million_lights]

at least its just a false positive.

Let's hope Windows gets their Definitions sorted out soon™ 

 

Quote

With virus definitions 1.263.643.0 the problem seems to have gone away.

 

Edited March 17, 2018 by million_lights

[Sufficient Anonymity]

8 hours ago, iniju said:

With virus definitions 1.263.643.0 the problem seems to have gone away.

Module manager 3.0.6 is still getting flagged on 1.263.659.0 here

[iniju]

1 minute ago, SufficientAnonymity said:

Module manager 3.0.6 is still getting flagged on 1.263.659.0 here

Just, to clarify, the problem that went away for me was the flagging of E:\Games\Steam\steamapps\downloading\220200\KSP_x64_Data\Managed\Assembly-CSharp.dll

I somehow don't get any flagging with module manager, although I have the same version (3.0.6)

[million_lights]

29 minutes ago, SufficientAnonymity said:

Module manager 3.0.6 is still getting flagged on 1.263.659.0 here

@SufficientAnonymity

Don't worry about it. 
It's a false positive and a future Windows Defender Definition update will resolve it.

It seems the latest definitions have all sorts of issues with other games in general

[LameLefty]

Add the MechJeb2.dll which is being flagged now, even as recently as this morning after manually installing the 1.263.667.0 definitions.

Good grief. 

[million_lights]

4 hours ago, iniju said:

Just, to clarify, the problem that went away for me was the flagging of E:\Games\Steam\steamapps\downloading\220200\KSP_x64_Data\Managed\Assembly-CSharp.dll

I somehow don't get any flagging with module manager, although I have the same version (3.0.6)

It fluctuates back and forth depending on the Definitions version you have.
They can update multiple times a day and something is always wrong with them.

It has been like that for 2 days now. >.<

[LameLefty]

2 hours ago, million_lights said:

It fluctuates back and forth depending on the Definitions version you have.
They can update multiple times a day and something is always wrong with them.

It has been like that for 2 days now. >.<

Within the last 15 minutes I manually updated my definitions file (to 1.263.686.0) and still both MechJeb2.dll and Chatterer.dll are marked as infected. What a PITA.

[AlternNocturn]

Got a flag on 1.263.688.0, just told Win Defender to restore the files and it hasn't complained again. Will update if I get another notification.

[Wrench Head]

Well, I am just saying, Until the new release that came with new terms and some added sponsors we never saw this did we m8S? Now this is known malware so do your self some time saving and just go back to older ver. and be safe. I wonder if any Xbox players even know about it?

 

Edited March 18, 2018 by Wrench Head

[LameLefty]

25 minutes ago, Wrench Head said:

Well, I am just saying, Until the new release that came with new terms and some added sponsors we never saw this did we m8S? Now this is known malware so do your self some time saving and just go back to older ver. and be safe. I wonder if any Xbox players even know about it?

 

That's ridiculous paranoia. It's not like Defender hasn't had plenty of false-positive results in the past. 

[million_lights]

@Wrench Head

Windows defender is finding something that isn't there. That's why its called a false-positive.

False-positive's have been around since day 1 of antivirus software.

 

It would probably also mark older versions of KSP and the EULA... don't get me started. SQUAD is still very much mod friendly and supportive. Get back to me about the EULA if they enforce it, otherwise, don't 

[NotJebediah]

It seems like the guys over Github are experiencing the same with their stuff...

@Wrench Head

I don't think that Take Two would turn our PC-s into a botnet, or just spy on us. I trust the devs at Squad, this is just an another bug in the system. A false positive, as many said before me...

At any case, you do you. If you want to revert to an older version, have fun with it, and thanks for sharing your opinion with us.

Edited March 18, 2018 by NotJebediah
Messed up the site

[MaxwellsDemon]

I was not seeing this behavior prior to the Windows update 2-3 days ago.   I think this is a Microsoft-induced problem, rather than TT/Squad/KSP.

[Next_Star_Industries]

I just lost half my .dll files I use, because of this. Some of that stuff can't be retrieved. Can't get any answers from Microsoft either. I did however let the ones I still had pass through Defender and nothing else has occurred, except now I'm opened up to that Trojan if it was to get on my system. It is a false positive though.

[Wrench Head]

FYI

[removed somewhat dodgy "fix it" site URL - mod edit]

http://www.threatexpert.com/report.aspx?md5=2598a942a152dd151e653c76081f9b79

All just take care of your data......

I got the 1st warning with new D/L of 1.4 no mods added...

 

Edited March 23, 2018 by technicalfool
I don't want to help these guys with their dodgy SEO, thanks.

[million_lights]

Also FYI:

Others started to get that with other games so its not KSP specific.

http://steamcommunity.com/app/252610/discussions/2/1697167803862324044/

I am still hesitant. all I can find about that "malware" is fake looking tutorials on how to remove it.

No reliable info about the malware itself.

[Wrench Head]

[removed somewhat dodgy "fix it" site URL - mod edit]

Or take the easy way out and let Windows Defender remove it.

 

Edited March 23, 2018 by technicalfool
Dodgy SEO tactics used by that site. No thanks.

[million_lights]

I never had any issues or events with the defender. so I don't think its part of the release itself.

maybe a spreading infection from a different source

[Wrench Head]

Wave your hand if you read the new terms and EULA complete! Now scan the new KSP 1.4 in its zip format.  Know that the Trojan:Win32/Critet.BS spreads though systems and go's on and on. I say be safe geeeees 1.3 worked fine.... Sqaud made a good game, But now we see other groups have joined them. Hmmm. Better safe than sorry M8s...  Ever had your CC hacked at Home Depot or the IRS and Equifax get hacked and someone got all your info???