[FALSE POSITIVE]DCS World 2.6 trojan? worldgeneral.dll

[Wodzu]

Silent? They already edited the thread title; what else is needed?

 

 

The entry "FALSE POSITIVE" is unfortunately not enough to convince me.

Even BIGNEWY wrote that this is probably a false alert. This means that even ED does not know what it is all about, because they have not written anything specific so far.

 

You guys are all reaaaaally new to the internet if you are freaking out so much about this stuff

 

I have been using the Internet since the late 90's, do you think it is too short? I don't understand what your post meant to mean.

[oldcrusty]

You guys are all reaaaaally new to the internet if you are freaking out so much about this stuff

 

:lol: I forgot who said: "It pays to be paranoid" (It might have been in a movie)... Hell, even today when I browsed through the Hornet's "Pics and videos" forum, as I scrolled down the last page I accidentally clicked on one of the pics (I'm still trying to get used to my new trackball) and voila... my AV hollered at me and bragged that it stopped an intrusion attack, I guess from the pic hosting website. Good job AV!:thumbup:

[Mars Exulte]

It is sarcasm, a result of you guys apparently not having dealt with something like this before. If the program is a non-quantity (ie not some crapware you downloaded off an obscure filesharing site) you whitelist it and move on. Is it annoying? Yes. Does it take two seconds to deal with? Also yes.

 

@Gripes

A lot of music/pic/file sharing sites will try to insert some crap into your stream for monitoring, that's why I don't recommend using stuff like that. Certain sites have a vibe about them you can usually tell if they're safe to use. Ie pop ups and fake ''click me'' ads or ''virus warnings'' you should leave. The owners aren't curating their site. Etc

 

Paranoia is good and all, but like a lot of things, there's a degree involved. Not enough is recklessness, too much is just poor sense. We're talking about a known quantity here, DCS. They're not slipping you malware, nor are they likely to get infected without knowing it.

 

That's why you can override quarantine and whitelist, because AV aren't perfect and can hang up on safe files. You need a way to override it.

Edited February 25, 2020 by zhukov032186

[oldcrusty]

...That's why you can override quarantine and whitelist, because AV aren't perfect and can hang up on safe files. You need a way to override it.

 

Well, I did (wisely or unwisely) on the day 2.6 was released. I guess mainly for the reasons you stated and also because I use my desktop for the single purpose of flight simming (currently DCS is the only sim running on it) and... as crazy as it sounds I've been pretty happy with performance so far. That's in SP. Can't fly MP for next 2 months so not too much bitching from me:D

[BIGNEWY]

The entry "FALSE POSITIVE" is unfortunately not enough to convince me.

Even BIGNEWY wrote that this is probably a false alert. This means that even ED does not know what it is all about, because they have not written anything specific so far.

 

ED have been in contact with Karpersky, and users have already reported their virus definitions updating and ignoring DCS now.

 

But it is a personal choice with security, if you are not happy it is best to wait for your definitions to update.

 

thanks

[Wodzu]

ED have been in contact with Karpersky, and users have already reported their virus definitions updating and ignoring DCS now.

 

But it is a personal choice with security, if you are not happy it is best to wait for your definitions to update.

 

thanks

 

Thank you for your response. That is enough for me. I know what to wait for.

Greetings.

[Wiesel02]

ED have been in contact with Karpersky, and users have already reported their virus definitions updating and ignoring DCS now.

 

But it is a personal choice with security, if you are not happy it is best to wait for your definitions to update.

 

thanks

 

 

 

 

Thank you Bignewy,

 

 

 

that's the plan. Still, there's another install called "stable version", which in my case, seems to be unaffected :)

 

 

Did anyone get in contact with BitDefender as well?

[BIGNEWY]

Thank you Bignewy,

 

 

 

that's the plan. Still, there's another install called "stable version", which in my case, seems to be unaffected :)

 

 

Did anyone get in contact with BitDefender as well?

 

Unsure about bitdefender, but usually when one provider virus definitions update the rest of the providers update after.

 

Yes stable version is not affected. It seems some of the security changes the team made triggered the antivirus.

[Wodzu]

I confirm that BitDefender has passed the worldgeneral.dll file. Everything seems fine.

[AirWolf D]

Bitdefender saved the dll in quarnatine, restor it and everything is ok ! (OB not Stable)

[PreussLee]

So I did everything mentioned in the thread here. After putting DCS on Whitelist of my AntiVir program (Avira) the world.dll issue seems to be solved, though I can still not start DCS, because I get a application can't start error...

I did run a repair, cleanup and everything and running out of ideas how to solve this.

Please help someone...

[Wiesel02]

So I did everything mentioned in the thread here. After putting DCS on Whitelist of my AntiVir program (Avira) the world.dll issue seems to be solved, though I can still not start DCS, because I get a application can't start error...

I did run a repair, cleanup and everything and running out of ideas how to solve this.

Please help someone...

 

 

Preuss, one thing I can recommend is to have both versions installed side by side on different hard drives/SSDs, the stable version and open beta. Currently, if you want to fly, the stable version is a good way to go, no issues with that version. Second thing is that when you reinstall the open beta (after an uninstall due to virus detection issues like in my case :smilewink:) you dont have to wait for too long - the reinstall took less than 2 hours for DCS OpenBeta with all available maps and 19 modules (or so :music_whistling:) because the installer took advantage from the stable version install, where it just copied all data that the two versions have in common, instead of downloading all stuff again. Not exactly painful...

[Wiesel02]

Unsure about bitdefender, but usually when one provider virus definitions update the rest of the providers update after.

 

Yes stable version is not affected. It seems some of the security changes the team made triggered the antivirus.

 

 

Sounds like waiting for ED to figure out the root cause and antivirus providers to get used to those changes is a good way to go... :)

[grafspee]

Virus?

 

My antivirus detected this file as infected

[Harlikwin]

There have been a lot of these false positives with 2.5.6

[StandingCow]

See thread here: https://forums.eagle.ru/showthread.php?t=263368

[Wiesel02]

My antivirus detected this file as infected

 

 

Thats my current problem as well...as I have posted. BitDefender moves it to quarantine. "Restore" from quarantine doesn't work for me, DCS OB is currently unusable, it starts a lot slower thatn ever before and then, on the start up screen, it is stopped and won't let me do anything. Antivirus stops executing DCS... as for me there's now way out currently

[Wilbus]

I was given this with:

 

 

Gen:Variant.Ursu.776114 virus detected by BitDefender. It was in the F14 modules package and that module is now unflyable :-/

 

First time I ever see it though. I wonder why we're getting different alerts though.

[ryak84]

I was given this with:

 

 

Gen:Variant.Ursu.776114 virus detected by BitDefender. It was in the F14 modules package and that module is now unflyable :-/

 

First time I ever see it though. I wonder why we're getting different alerts though.

 

Had the same problem, F14 was not flyable anymore.:noexpression:

 

I went trough this steps :

 

1. delete F14 module (also manual erase of files in "_download" and "mods" folder)

2. added exceptions to Bitdefender 2020 for DCS and DCS updater (example bellow)

3. REBOOT <--- this one is also crucial!

4. redownload F14 module (setup should not fail now)

 

Exceptions:

 

 

Hope that helps!

 

ryak84

[Wiesel02]

Nothing has changed...

 

Since the update to 2.5.6 nothing works & and nothing helps, the open beta can't even be started since then...latest hotfix 2.5.6.43931 and the update of today 2.5.6.44266 both didn't change anything. Various repairs and complete and reinstallations in vain. It still triggers antivirus (BitDefender in my case) and restoring suspicious files put under quarantine doesn't help either....ithe startup process is always stopped and I have to kill the dcs process using the task manager.

 

 

ED please, are you still working on a solution for this?

[Zappovitz]

After todays update (2.5.6.44266) - DCS will not start.

 

I got this from Bitdefender when i tried to repair with Updater Utility.

My two other machines running Windows defender are happy with the update.

 

 

 

Is it safe to make en exception for this file in BitDefender?

 

Edited March 4, 2020 by Zappovitz

[fasteddie1]

Bitdefender detected virus after update

 

After updating to latest update today Bitdefender detected a virus.

 

"The file E:\Program Files\Eagle Dynamics\DCS World OpenBeta\bin\World.dll is infected with Gen:Variant.Ursu.768621 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean".

 

Has anyone else experienced this?

[Phantom453]

I got this one with the latest update (Bit Defender). I've had virus notifications for the last two updates but never before that.

 

The file D:\Program Files\Eagle Dynamics\DCS World OpenBeta\_downloads\.torrents\HEATBLUR_F-14.arch_x86_64\89\897787d58d5886c56dc7a32cc4d15908ab471b45991c3074a7c1576376be810b is infected with Gen:Variant.Ursu.776114. The threat has been successfully blocked, your device is safe.

 

Any advice guidance from ED would be appreciated.

[FoxTwo]

The guidance is whitelist the eagle dynamics folder.

 

 

It's a false positive as a result of the new DRM. It's not a virus.

[BaD CrC]

You'll get that twice (update and first DCS launch). Each time you will have to restore the file in quarantine and relaunch the process.