Jump to content

Probbaly false positive in Dragon Age Inquisition


Recommended Posts

  • ESET Insiders

Today ESET starts to delete file from Dragon Age Inquisition - to remove any doubts - legit and original - ESET detects probably threat on one file and delete it, repairing installed Dragon Age Inquisitioon results in failed, because ESET blocks downloading missing file, without that file game cannot be run.

Below attached line from log about cleaning file:

--> begin <--

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
27.03.2017 19:43:31;Real-time file system protection;file;D:\Electronic Arts\Dragon Age Inquisition\dbdata.dll_DiP_STAGED;a variant of Win32/Packed.VMProtect.ACL trojan;cleaned by deleting;MONSTERXXL\Mandi;Event occurred on a new file created by the application: D:\Origin\Origin.exe (7507E483479218E3E922860497A0E11A2C427882).;DB314C5A3B1AF978955D92768E3102C83787843A;22.09.2015 02:49:32

--> end <--

[edit]

Or maybe this is right and DA:I is infected by design? Who knows... :-)

Edited by mandiato
Link to comment
Share on other sites

  • Administrators

Most likely a blacklisted VMProtect license was used to pack the file. Are you positive it's the original file created by the vendor and not a file installed by a crack for instance?

Link to comment
Share on other sites

  • ESET Insiders

Yes, I'm sure that this one is legit. Even trying "Repair" function in Origin, which detects modified file results in failing when downloading that missing file, and ESET blocks it.

--> from log <--

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
27.03.2017 19:35:48;Real-time file system protection;file;D:\electronic arts\dragon age inquisition\dbdata.dll;a variant of Win32/Packed.VMProtect.ACL trojan;cleaned by deleting;ZARZĄDZANIE NT\SYSTEM;Event occurred during an attempt to access the file by the application: C:\Windows\System32\CompatTelRunner.exe (39E7D1F98AB5509F9B1BBAD4F7873E3DEF554DEE).;DB314C5A3B1AF978955D92768E3102C83787843A;22.09.2015 02:49:32
27.03.2017 19:43:31;Real-time file system protection;file;D:\Electronic Arts\Dragon Age Inquisition\dbdata.dll_DiP_STAGED;a variant of Win32/Packed.VMProtect.ACL trojan;cleaned by deleting;MONSTERXXL\Mandi;Event occurred on a new file created by the application: D:\Origin\Origin.exe (7507E483479218E3E922860497A0E11A2C427882).;DB314C5A3B1AF978955D92768E3102C83787843A;22.09.2015 02:49:32
27.03.2017 19:53:24;Real-time file system protection;file;D:\Electronic Arts\Dragon Age Inquisition\dbdata.dll_DiP_STAGED;a variant of Win32/Packed.VMProtect.ACL trojan;cleaned by deleting;MONSTERXXL\Mandi;Event occurred on a new file created by the application: D:\Origin\Origin.exe (7507E483479218E3E922860497A0E11A2C427882).;DB314C5A3B1AF978955D92768E3102C83787843A;22.09.2015 02:49:32


--> end <--

And sshot when it occurs. Origin client tries to download missing file, and ESET deletes it because found threat in it, and this is reproduceable every time.

[edit]

And log collector log files also attached.

Przechwytywanie.PNG

 

essp_logs.zip

Edited by mandiato
adding LogCollector output
Link to comment
Share on other sites

  • ESET Insiders

It's looks like after latest update no longer DA Inquisition files are recognised as malware, gamest now starts perfectly without any warning and no longer detections about malicious in DA:I files...

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...