Question

Posted (edited)

Hi!

Yesterday I bought the Making History EXPack, and KSP also updated itself for 1.4.1. I had fun with it for a while then today I got a warning from the Win. Defender.
It found "Trojan:Win32/Critet.BS" in one of the files under KSP:  "E:\Games\Steam\steamapps\downloading\220200\KSP_x64_Data\Managed\Assembly-CSharp.dll"

Have any of you experienced something similar? I got the game from Steam, deleted all the mods prior the intall, but it seems like the "trojan" came with the game.

I know what a trojan is supposed to do, but I don't really believe what the Defender says at this point...

Edited by NotJebediah
Typo
  • Like 1

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0
6 minutes ago, Erik Grischuk said:

Hello!
I have something like this just happened :(

My win defender reports :
Affected items: 
file: C:\KSP\Kerbal Space Program v1.4.1.2089\GameData\ModuleManager.3.0.6.dll
containerfile: C:\Users\Erik Grischuk\Downloads\ModuleManager-3.0.6.zip
file: C:\Users\Erik Grischuk\Downloads\ModuleManager-3.0.6.zip->ModuleManager.3.0.6.dll
webfile: https://ksp.sarbian.com/jenkins/job/ModuleManager/141/artifact/ModuleManager-3.0.6.zip
pid:11108,ProcessStart:131656143255802189

Can you upload that file to https://www.virustotal.com/ to see if it comes up with any hits? As @million_lights says, it's a file used by (quite a lot of) mods.

Share this post


Link to post
Share on other sites
  • 0

I am also still having issues with windows defender, if you still want to play the game you can add the KSP install folder to the exclusions until this is fixed.

Below are some screenshots verifying that this is still the case.

Spoiler

hNYjePs.pngNl7ijPa.png

 

Share this post


Link to post
Share on other sites
  • 0

With virus definitions 1.263.643.0 the problem seems to have gone away.

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)

at least its just a false positive.

Let's hope Windows gets their Definitions sorted out soon™ :mad:

 

Quote

With virus definitions 1.263.643.0 the problem seems to have gone away.

 

Edited by million_lights

Share this post


Link to post
Share on other sites
  • 0
8 hours ago, iniju said:

With virus definitions 1.263.643.0 the problem seems to have gone away.

Module manager 3.0.6 is still getting flagged on 1.263.659.0 here :/

Share this post


Link to post
Share on other sites
  • 0
1 minute ago, SufficientAnonymity said:

Module manager 3.0.6 is still getting flagged on 1.263.659.0 here :/

Just, to clarify, the problem that went away for me was the flagging of E:\Games\Steam\steamapps\downloading\220200\KSP_x64_Data\Managed\Assembly-CSharp.dll

I somehow don't get any flagging with module manager, although I have the same version (3.0.6)

Share this post


Link to post
Share on other sites
  • 0
29 minutes ago, SufficientAnonymity said:

Module manager 3.0.6 is still getting flagged on 1.263.659.0 here :/

@SufficientAnonymity

Don't worry about it. 
It's a false positive and a future Windows Defender Definition update will resolve it.

It seems the latest definitions have all sorts of issues with other games in general

Share this post


Link to post
Share on other sites
  • 0

Add the MechJeb2.dll which is being flagged now, even as recently as this morning after manually installing the 1.263.667.0 definitions.

Good grief. 

Share this post


Link to post
Share on other sites
  • 0
4 hours ago, iniju said:

Just, to clarify, the problem that went away for me was the flagging of E:\Games\Steam\steamapps\downloading\220200\KSP_x64_Data\Managed\Assembly-CSharp.dll

I somehow don't get any flagging with module manager, although I have the same version (3.0.6)

It fluctuates back and forth depending on the Definitions version you have.
They can update multiple times a day and something is always wrong with them.

It has been like that for 2 days now. >.<

Share this post


Link to post
Share on other sites
  • 0
2 hours ago, million_lights said:

It fluctuates back and forth depending on the Definitions version you have.
They can update multiple times a day and something is always wrong with them.

It has been like that for 2 days now. >.<

Within the last 15 minutes I manually updated my definitions file (to 1.263.686.0) and still both MechJeb2.dll and Chatterer.dll are marked as infected. What a PITA.

Share this post


Link to post
Share on other sites
  • 0

Got a flag on 1.263.688.0, just told Win Defender to restore the files and it hasn't complained again. Will update if I get another notification.

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)

Well, I am just saying, Until the new release that came with new terms and some added sponsors we never saw this did we m8S? Now this is known malware so do your self some time saving and just go back to older ver. and be safe. I wonder if any Xbox players even know about it?

 

Edited by Wrench Head

Share this post


Link to post
Share on other sites
  • 0
25 minutes ago, Wrench Head said:

Well, I am just saying, Until the new release that came with new terms and some added sponsors we never saw this did we m8S? Now this is known malware so do your self some time saving and just go back to older ver. and be safe. I wonder if any Xbox players even know about it?

 

That's ridiculous paranoia. It's not like Defender hasn't had plenty of false-positive results in the past

Share this post


Link to post
Share on other sites
  • 0

@Wrench Head

Windows defender is finding something that isn't there. That's why its called a false-positive.

False-positive's have been around since day 1 of antivirus software.

 

It would probably also mark older versions of KSP and the EULA... don't get me started. SQUAD is still very much mod friendly and supportive. Get back to me about the EULA if they enforce it, otherwise, don't :)

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)

It seems like the guys over Github are experiencing the same with their stuff...

@Wrench Head

I don't think that Take Two would turn our PC-s into a botnet, or just spy on us. I trust the devs at Squad, this is just an another bug in the system. A false positive, as many said before me...

At any case, you do you. If you want to revert to an older version, have fun with it, and thanks for sharing your opinion with us.

Edited by NotJebediah
Messed up the site
  • Like 1

Share this post


Link to post
Share on other sites
  • 0

I was not seeing this behavior prior to the Windows update 2-3 days ago.   I think this is a Microsoft-induced problem, rather than TT/Squad/KSP.

Share this post


Link to post
Share on other sites
  • 0

I just lost half my .dll files I use, because of this. Some of that stuff can't be retrieved. Can't get any answers from Microsoft either. I did however let the ones I still had pass through Defender and nothing else has occurred, except now I'm opened up to that Trojan if it was to get on my system. It is a false positive though.

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)

[removed somewhat dodgy "fix it" site URL - mod edit]

Or take the easy way out and let Windows Defender remove it.

 

Edited by technicalfool
Dodgy SEO tactics used by that site. No thanks.

Share this post


Link to post
Share on other sites
  • 0

I never had any issues or events with the defender. so I don't think its part of the release itself.

maybe a spreading infection from a different source

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now