Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Silistras
Sebiestor Tribe Minmatar Republic
0
|
Posted - 2016.04.29 19:36:16 -
[1] - Quote
Today i got this messages from kaspesky Internet Security 2016 (KIS)
maintenancetool.exe;UDS:DangerousObject.Multi.Generic;unknown threat.
The file was deleted by KIS.
Someone else has similar problems?
|
|
CCP Snorlax
C C P C C P Alliance
970
|
Posted - 2016.04.29 20:12:39 -
[2] - Quote
Silistras wrote:Today i got this messages from kaspesky Internet Security 2016 (KIS)
maintenancetool.exe;UDS:DangerousObject.Multi.Generic;unknown threat.
The file was deleted by KIS.
Someone else has similar problems?
We're investigating this and hope to have a process in place to catch false positives ourselves soon.
CCP Snorlax - Software Architect - Team RnB - @CCP_Snorlax - http://ccpsnorlax.blogspot.is/
|
|
Syrren
Shadows of Earth Das Fornax Protektorat
0
|
Posted - 2016.05.01 18:35:27 -
[3] - Quote
almost the same problem here. also using KIS 2016.
01.05.2016 20.18.10 Gefundenes Objekt (Datei) wurde nicht verarbeitet. ...\EVE\Launcher\maintenancetool.exe;Trojan.MSIL.CoinStealer.hg Trojanisches Programm
i'd like to know what u programmed to get a false positive on this one oO |
Nike Andedare
Diamond Command
8
|
Posted - 2016.05.02 21:32:49 -
[4] - Quote
Logged into see if anyone else had similar
Posting to say I'm in the same boat; Kaspersky removed said Trojan from maintenance tool exe, etc.
Have a great day CCP Snorlax! |
Darius Shakor
Intaki Liberation Front Intaki Prosperity Initiative
66
|
Posted - 2016.05.03 09:34:04 -
[5] - Quote
Had this same issue today and I am not convinced it is a 'false positive' here. Specifically Kaspesky identified the malware type to be trojan.MSIL.CoinStealer.hb. That is a very specific identification for a false positive.
Also I was not running EVE or the launcher itself at this time. My laptop was only powered on for less than 15 mins when Kaspesky detected this.
I want to make it clear, too, that I do not have scheduled security scans running. I do however have active protection running which checks files as they are opened and run. Meaning this was found when a check on the file was triggered. And I did not run anything EVE related meaning this file ran itself. Which it should not be doing from what I can see. So yes, you might want to look deeper into this because that does not indicate a false positive to me, it indicates a program running on my PC without my permission and it is embedded in your maintenancetool.exe program.
Please take this seriously, CCP.
Darius Shakor - Kacha
Vandeamon Writing Project - EVE Works
|
Solar Chase
Lonetrek Blacksoul Federation The Methodical Alliance
0
|
Posted - 2016.05.03 14:00:02 -
[6] - Quote
Same here. Hope to get an informative comment from CCP on what has caused this and how to proceed with the file. |
Starain
The Reborn The Gorgon Empire
83
|
Posted - 2016.05.03 14:55:15 -
[7] - Quote
same thing, at first I thought that it something in my system, but then found out this theme http://i.imgur.com/Ot2JlVs.png https://www.virustotal.com/ru/file/e8816746f35fa53e8a34db6bcefcda8c1e9053bc15adb309aa69d59713355f0e/analysis/1462286843/
Kaspersky says it's Trojan.MSIL.CoinStealer.hb
virustotal info: File identification MD5 269e46f941fd5a8796752a545f444dda SHA1 dc819844d9d34b1d06d3f29a44b33d7ae20c36cd SHA256 e8816746f35fa53e8a34db6bcefcda8c1e9053bc15adb309aa69d59713355f0e ssdeep196608:ZvPmxX9KZocze1IfBlALdwD7Jsv6tWKFdu9Cxxe:ZvPmfgzovZwD7Jsv6tWKFdu9Cu authentihash 18fac6f5fc8246ccaf244346f2310f2fd010332251ff4fc7b8237a9aacee4719 imphash 94eb88cfd6185da077c0d4a9413d99d2 File size 14.7 MB ( 15410224 bytes ) File type Win32 EXE Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit TrIDWin32 Executable (generic) (52.9%) Generic Win/DOS Executable (23.5%) DOS Executable Generic (23.5%) Tagspeexe overlay VirusTotal metadata First submission 2016-04-26 13:09:01 UTC ( 1 week ago ) Last submission 2016-05-03 14:47:23 UTC ( 6 minutes ago ) File namesmaintenancetool.exe
|
Nuhvok
United Federation of Psycotic Oppression Porkpie Active
0
|
Posted - 2016.05.03 20:19:40 -
[8] - Quote
My KIS just flagged this too, active protection caught this as windows loaded.
03.05.2016 21.14.00 Detected object (file) was deleted. C:\EVE\Launcher\maintenancetool.exe File: C:\EVE\Launcher\maintenancetool.exe Object name: Trojan.MSIL.CoinStealer.hg Object type: Trojan program Time: 03/05/2016 21:14
|
Kate Katsumi
Deep Core Mining Inc. Caldari State
0
|
Posted - 2016.05.04 09:52:04 -
[9] - Quote
04.05.2016 12.45.27; -P-¦-+-¦-Ç-â-¦-¦-+-+-ï-¦ -+-¦-è-¦-¦-é (-ä-¦-¦-+) -¦-â-¦-¦-é -+-¦-Ç-¦-¦-+-é-¦-+ -+-+-ü-+-¦ -+-¦-Ç-¦-+-¦-¦-Ç-â-+-¦-+ -¦-+-+-+-î-Ä-é-¦-Ç-¦.; disk:\EVE\maintenancetool.exe; disk:\EVE\maintenancetool.exe; Trojan.MSIL.CoinStealer.hb; -ó-Ç-+-Å-+-ü-¦-¦-Å -+-Ç-+-¦-Ç-¦-+-+-¦; 05/04/2016 12:45:27
|
HellGate fr
46
|
Posted - 2016.05.04 17:46:09 -
[10] - Quote
It will delete your boot.ini |
|
Sarmatiko
1706
|
Posted - 2016.05.07 15:56:16 -
[11] - Quote
Darius Shakor wrote:Had this same issue today and I am not convinced it is a 'false positive' here. Specifically Kaspesky identified the malware type to be trojan.MSIL.CoinStealer.hb. That is a very specific identification for a false positive.
If you upload executable to Virustotal and it shows something like 3/56 (and those "threats" usually detected only by one product and rebranded derivatives on same engine ) - that IS a false positive, no need to overthink it. As usual, most dangerous thing in your PC - paranoid antivirus, that has to show you any results even false. "Look user, I made up found some threats , please buy license for another year". |
Starain
The Reborn The Gorgon Empire
83
|
Posted - 2016.05.08 11:39:16 -
[12] - Quote
I uploaded to virustotal once a file and there was like 3/47 and one of them was Dr.Web along with antiviruses, that barks to everything, but after quite time - almost all antiviruses was marked it as virus, as it really was. So, it's good to look which dog is barking, if it Norton/Kaspersky/Dr.Web - I'd listen to it and not people suggesting "nah, just disable it for a while, it's okaaaay" and then I found out some cool GPU bitcoin miners on their computers with their words like "maan, I have to change my videocard, can't play games, it always 100% GPU loaded" |
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |