Jump to content
Pentara

Xenonauts CE infested with virus!?!

Recommended Posts

Please note!

I decided to try the Community Edition today and opted into it on Steam. While the download was running, my anti-virus software popped up telling me it had detected a severely dangerous trojan. When I checked the details, it was coming from my steam download! I attach the screenshot of what was downloading and the error I got, as well as the error details which I paste below.

 

Trojan: Win32/Dorv.D!rfn

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:C:\Games\Steam\steamapps\downloading\223830\assets\mods\xce\GCSubmapEditor.exe
file:C:\Games\Steam\steamapps\downloading\223830\GCSubmapEditor.exe

 

Err.jpg

DL.gif

Edited by Pentara
Typo

Share this post


Link to post
Share on other sites

Antivirus software has largely been worthless crap for the last 15 years that does more harm than good. This is yet another case of it misfiring.

For the 0.34.1 submap editor, which is the file shown in your warning, here are the scan results from virustotal, showing the file as safe from 57 anti-virus engines. The warning should most likely disappear once it actually finishes downloading on Steam and moves out of your "downloading" folder. You can then upload the file to Virustotal to be sure it's clean.

Share this post


Link to post
Share on other sites

Also I believe the Microsoft Security Essentials error  0x80508023  is for when it's unable to properly scan a file - the likely reason is that it tried to scan the executable at the same time as Steam was writing to it, resulting in this misfire.

Share this post


Link to post
Share on other sites
4 hours ago, Solver said:

Antivirus software has largely been worthless crap for the last 15 years that does more harm than good. This is yet another case of it misfiring.

To derail the thread completely, can I ask for an explanation of this?  Is relevant to some research a dissertation student of mine completed recently.  (He was looking at instances of online identity fraud and found a positive association between use of anti-virus software and being a victim, with computer virus/infection as an apparent causal pathway.  The best explanation I could think of for this was user-error/carelessness but would be interested to know if there are technical reasons why AV software might be problematic.)

Share this post


Link to post
Share on other sites

I'd be happy to discuss the details in private, but to summarize:

Traditionally, anti-virus software has used the approach of scanning files and looking for "virus signatures" in them, these signatures being certain traces that each particular virus leaves behind. So a "signature database" would be compiled and the anti-virus software would check files on your computer versus that database to identify if they have signatures. These viruses would spread by floppy drive or other similar means, when infected files were transferred - one of the things that viruses learned was to infect other files. The anti-virus industry truly became established in the early and mid 90s, with products like Norton AntiVirus, AVG, Dr Web and others appearing.

These days, the issue is that the threat vector has mostly changed. The main security threats to a computer are no longer from having some pre-infected files, but rather from browsing to websites that serve malicious content. This is because Web browsing and web apps largely took over as the main thing people do on their computers, and because the majority of modern web sites requires scripting. The biggest threats come from browser vulnerabilities, or vulnerabilities of other Web components, that would then allow sites with malicious content to do whatever they want. Adobe (Macromedia) Flash is notorious for this, and it's one of the reasons the technology is being phased out. It has had lots of security holes that allow execution of malicious code.

Those threats arise due to bugs in browsers or other programs, and persist until the issue is patched. In reality, they persist far longer because many users are very bad at patching their software. That's why auto-updating has become increasingly prevalent. That's also why companies like Google are paying people who discover security bugs - it's a very important issue now. If you search for something like "vulnerabilities fixed in Google Chrome", you can find notes on updates fixing many critical vulnerabilities, regularly.

Traditional anti-virus software deals with known, specific threats. It's useless against zero-day vulnerabilities where nobody knows there's a security hole until it starts getting exploited. Other defensive models are needed to counter these threats. Disabling scripting whenever possible in the browser is the best thing you can do, then there are various virtualization methods that are likely to be helpful.

Classic style viruses and trojans still exist. CryptoLocker is one that was popular and would be likely counter-acted by antivirus software. Then there are extremely complicated viruses developed by organizations like NSA, GCHQ or Shmone Matayim, but those are essentially powerful cyberweapons used for spying and unconventional warfare, and can be around for years without anyone noticing. Antivirus software doesn't do anything against these, it's the equivalent of using a bulletproof vest to defend against a tank.

Major companies behind classic antiviruses, such as Symantec (Norton) or Kaspersky have had to re-focus. They now focus on newer defensive methods, on helping companies prevent data breaches, on analyzing intrusion attempts, and so on.

To use another analogy for anti-viruses. They're like protecting an area by establishing a perimeter and looking for known suspects or some very obviously suspicious people trying to cross it. Whereas modern attacks are like attackers capable of turning invisible to walk past the guards and end up inside the perimeter.

A coupe of years ago even a Symantec VP said that anti-virus is dead and no longer considered a viable revenue source for the company - that's a Fortune 500 company that has had a very successful antivirus product for over 20 years.

Share this post


Link to post
Share on other sites

My 5 cents from another point of view also. I have had a large amount of experience with end user difficulties and the ways Anti-Virus is undermined having worked for a large Internet Service Provider, the most prevalent issue is that most AV programs are not end user friendly for your "average computer end user". If you post on a forum, chances are you're well beyond the capabilities of your average end user just to give some context.

This was then compounded by default AV settings being overly restrictive on all of the common AV apps, resulting in the end user needing to attempt to disable them to access completely legitimate websites or files ( as explained in detail above) however we found end users in their lack of knowledge and frustration would simply disable the firewall yet continue to believe the app was doing it's job.

Don't even start me on the volume of people that fall for fake Microsoft call scams.... :(

Share this post


Link to post
Share on other sites

That's again the failure of antivirus software to be proactive. In the old days, you told your users, who had no tech skills, that hey, you need to scan your computer occasionally, and you need to scan all floppies you get. Here's how. They may not understand, but if they did as you taught them, the AV software worked wonderfully.

Now that AV software tries to be more proactive, it indeed fails for average end users because it blocks too much, or asks too much. AV software is incapable of making smart decisions transparently to the user, so some programs err on the side of asking too much (confusing the user), others on the side of blocking too much (confusing the user in a different way).

My essay to kabill missed one more point, which is why AV software gives so many false positives.

In addition to signature detection, AVs also use "heuristic detection" where they essentially try to figure out if something could be dangerous even though it's not a known specific threat. Great in theory, and has been around for a long time. The basic approach there is to try and analyze the behavior of a program, and see if it does something suspicious. Which is harder these days. Some things antiviruses commonly flag for are if a program is capable of silently downloading files, or taking commands from another computer, or if it tries to modify other running programs. Those are all things that could be suspicious but also have an increasing amount of valid uses. Steam itself often gets flagged as a false positive because it does lots of things that can be suspicious - it downloads stuff, it modifies what other programs show (such as via the Steam Overlay) and so on.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×