Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: windows security and dwarf hack  (Read 1154 times)

balrogkernel

  • Bay Watcher
    • View Profile
windows security and dwarf hack
« on: October 30, 2020, 07:12:32 pm »
Hi according to windows security dfhack-run.exe was a Trojan:MSIL/Stealer.RS!MTB

Wanted to check with the board to see if anybody else ran into this before and advice to keep windows from ruining dwarf hack.  Thanks.
Logged

Ziusudra

  • Bay Watcher
    • View Profile
Re: windows security and dwarf hack
« Reply #1 on: October 30, 2020, 08:56:03 pm »
It's probably a false positive due to the way in which DFHack works. Hav you tried checking the file with something like VirusTotal?
Logged
Ironblood didn't use an axe because he needed it. He used it to be kind. And right now he wasn't being kind.

delphonso

  • Bay Watcher
  • menaces with spikes of pine
    • View Profile
Re: windows security and dwarf hack
« Reply #2 on: October 30, 2020, 11:49:59 pm »
Where did you download dfhack from?
Logged

balrogkernel

  • Bay Watcher
    • View Profile
Re: windows security and dwarf hack
« Reply #3 on: October 31, 2020, 07:09:11 am »
Ran the VirusTotal on dwarf hack, 6 out out of the about 70 engines reported that dfhack-run.exe was a trojan or unsafe. Not sure what that means, got this dwarf hack from github as per usual: https://github.com/DFHack/dfhack/releases


Cylance: Unsafe

Cyren: W64/Trojan.RVOB-1875

FireEye:  Generic.mg.b30418fe73743b8e

MaxSecure:  Trojan.Malware.106546494.susgen

Microsoft:  Trojan:MSIL/Stealer.RS!MTB

TrendMicro-HouseCall: TROJ_GEN.R002H01JC20
Logged

Quietust

  • Bay Watcher
  • Does not suffer fools gladly
    • View Profile
    • QMT Productions
Re: windows security and dwarf hack
« Reply #4 on: October 31, 2020, 08:20:19 am »
Most users don't actually need "dfhack-run", since all of the "real" logic of DFHack lives inside SDL.dll (and all of the plugin DLLs and Lua/Ruby scripts) - "dfhack-run" is just for invoking DFHack commands from outside of the game (e.g. from a batch file or a scheduled task), so antivirus scanners probably flag it because they think it's acting like some sort of botnet control tool.
« Last Edit: October 31, 2020, 08:27:46 am by Quietust »
Logged
P.S. If you don't get this note, let me know and I'll write you another.
Quote from: Lord Dakoth on September 17, 2009, 10:47:58 pm
It's amazing how dwarves can make a stack of bones completely waterproof and magmaproof.
Quote from: Neruz on September 18, 2009, 06:58:26 am
It's amazing how they can make an entire floodgate out of the bones of 2 cats.

Ziusudra

  • Bay Watcher
    • View Profile
Re: windows security and dwarf hack
« Reply #5 on: October 31, 2020, 04:37:02 pm »
Quote from: balrogkernel on October 31, 2020, 07:09:11 am
6 out out of the about 70 engines reported that dfhack-run.exe was a trojan or unsafe
With only 5 more detections, none of them being major engines (like kaspersky, bitdefender, sophos, etc), and 3 labeling it as "generic", it looks like a false positive.

I get different results for the 0.47.04-r3 windows versions of dfhack-run.exe - both of which I'm sure are false positives. Are you using an older version of DFHack? What does VirusTotal show as the hash for the file?

Code: [Select]
dfhack-0.47.04-r3-Windows-64bit/dfhack-run.exe
dad24b00f4913b9de8c48c491f5fd9912077c86c065a20c2bc44edc9e3cc4e6c
FireEye Generic.mg.907125258484539e

Code: [Select]
dfhack-0.47.04-r3-Windows-32bit/dfhack-run.exe
cb7049e27e117f9b0846de07f1efc71b1ae91c857c0279f3053031f5ae93611f
Bkav W32.AIDetectVM.malware2
FireEye Generic.mg.1080f82feb4f0da5
Logged
Ironblood didn't use an axe because he needed it. He used it to be kind. And right now he wasn't being kind.