Jump to content

Virus on ET.exe ?

Lenovo

By Lenovo
in ET Support

 Share
Go to solution Solved by Xernicus,

Recommended Posts

Xernicus Newbie

Xernicus

Posted
Posted

1/70 is definitely not a sign of a virus. With a detection ratio like that, that's a false positive. For that matter, I've never even heard of Cylance, which is the AV that detected it.
Are you using the Client Security Patch? That has come up as flagged once or twice. 

Lenovo Newbie

Lenovo

Posted
  • Author
Posted

I'm using the patch

I installed glasswire on the advice of doubledragon, and found this, I do not know, I also tried to delete et.exe and download it again, but it always finds the same report

  • Solution
Xernicus Newbie

Xernicus

Posted
  • Solution
Posted (edited)

Glasswire is good software, and virustotal is a great service- definitely not going to knock either.
As for the result that came up- it was flagged by Cylance, and I've never seen their software in use. Their security software is odd, It doesn't use any of the traditional ways of detecting viruses- instead they use machine learning and datamining to find malicious software. For a game like ET, where it's not installed on many machines... this could explain the result. And after doing some research, I have found that Cylance is notoriously bad with false detection.

Here's some reading material:
https://arstechnica.com/information-technology/2017/04/the-mystery-of-the-malware-that-wasnt/
https://www.theregister.co.uk/2017/04/05/cylance_restructuring/
https://www.reddit.com/r/antivirus/comments/6r09o0/cylance_false_positives/

 

Now if this is the new version of ET with the redirect fix, daredevil explained the situation perfectly:

On 5/29/2018 at 9:08 AM, daredevil said:

Virus detection is because md5 sum might be different from original ET md5 checksum. Norton, Windows Defender, McAfee, etc. didn't give my any virus trigger.  It might give you Heuristic 1 detection which is nothing but 'new' file based on 'md5 checksum' since only players would have it. 

 

PB is not the case here. I believe ETPRO checks are mostly causing the kick. We will check and get back to you ASAP. 

But this doesn't look to be the case after looking at the results: 

Compilation timestamp 2006-05-08 14:37:04


TL;DR: trust the "big names" and trusted companies. For example it was marked safe by Bitdefender, Comodo, NOD32, FProt, and Sophos (my personal favorite). All are leaders in the security industry.

Edited by Xernicus
Fixed spacing
  • Like 1
Lenovo Newbie

Lenovo

Posted
  • Author
Posted

by downloading the instraller from splashdamage, and scanning it, it does not detect anything

 

220665639_viruset2.thumb.jpg.ff67124777158cb22b4b074d162e8490.jpg

DoubleDragon Newbie

DoubleDragon

Posted
Posted

You'll find more 1/70 no threat thats like saying it got a tracking cookie

Don't forget you can add some not all to the hosts file mainly what this app was designed for think its C:\Windows\System32\drivers\etc/hosts when the program is off.

 

I use 

0.0.0.0 before the address

or

127.0.0.1 for local but that leaves roaming open so just 0.0.0.0 <-- work 100% ;)

 

For the ip's you will have to either manually add them to the firewall rule or netsh from cmd like in this page

https://www.itechlounge.net/2014/11/windows-blocking-ip-from-command-line/

  • Thanks 1
  • Administrators
daredevil Grand Master

daredevil

Posted
  • Administrators
Posted
On 1/3/2019 at 3:51 AM, Lenovo said:

by downloading the instraller from splashdamage, and scanning it, it does not detect anything

 

 

 

md5 checksum is different and hence it triggers it. Just submit the new ET.exe do your new antivirus company and once they will not be able to find anything - they will white list it. 

 

Anti virus - recent years - have gone ape shit over md5 checksums. Collect data from 100 users - for ET.exe - store the md5 - and if another ET.exe checksum is different - they will start whinning for it. My norton does same. Classic old md5 checksum when their AI have failed to catch the code. 

  • Haha 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept