Jump to content
Sign in to follow this  
You need to play a total of 20 battles to post in this section.
Kamchatka_Survivor

Malware Warning

6 comments in this topic

Recommended Posts

6,696
[WORX]
Members
12,001 posts
19,508 battles
2 minutes ago, Kamchatka_Survivor said:

I went to the ASLAIN mods drop load website. ESET had malware warning. Please investigate and contact ESET.

Nothing to investigate.. Its a false positive from your malware/anti-virus

Aslain has been serving the community with his mods since beta... Rarely do we say thank you for the work he accomplishes patch after patch.

Dont take my word for it...

@Aslain

Cab you inform the OP, what I just stated ? Thanks,

  • Cool 2

Share this post


Link to post
Share on other sites
16
[-HUGS]
Members
65 posts
3,811 battles
4 hours ago, Kamchatka_Survivor said:

I sent it to ESET. THEY determined that there is malware in the mob package.

What file have you downloaded exactly? Aslains_WoWs_Modpack_Installer_v.9.11.0_02.exe? Remember to use "direct" links to download the file; the other links are in fact redirecting you to an add site currently, and there are trying to make you download some weird and necessary file (generally a bunch of digits .exe). I know I wouldn't trust these.


Otherwise, Aslains_WoWs_Modpack_Installer_v.9.11.0_02.exe looks clean according to virus total (which includes a signature check from ESET).  https://www.virustotal.com/gui/file/41332c542b41ded9b5deec830236879da8b220bf9df28a2b66f2cf909f0d7ddb/detection/f-41332c542b41ded9b5deec830236879da8b220bf9df28a2b66f2cf909f0d7ddb-1607038145

For good measures, I uploaded the file to a free sandbox analysis service, https://www.hybrid-analysis.com/. I should get results within the next 30 minutes. 

-Edit: Results are in, file is clean: https://www.hybrid-analysis.com/sample/41332c542b41ded9b5deec830236879da8b220bf9df28a2b66f2cf909f0d7ddb 

Edited by Mr_Argamas
Got Results

Share this post


Link to post
Share on other sites
16
[-HUGS]
Members
65 posts
3,811 battles
32 minutes ago, Aslain said:

Yeah.... nothing to worry, just yet another antivirus freaking out for no reason.

The real modpack installer is fine, however... I did download one of the file server by AdF.ly, following a downloading link from the forum ( http://urstoron.com/1VGP ) and it is indeed, malicious. (eg:  https://www.hybrid-analysis.com/sample/ba6e7f958a844609169f51adb054fb5ddbaaa3aa4300dc83e667054b135d2012 )  
The "Direct" links are fine though, it is really the URL shortening through adf.ly. that is pushing malicious files, at least in some instances. That's probably what happened.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×