steam_api.dll

[Senzorei 3]

Hello everyone, haven't been here in a long time and I'm happy to be here again. That aside, my ESET NOD 32 4.0.417.0 signature DB 9040 detects a variant of Win32/HackTool.Crack.BL Potentially unsafe application in the file steam_api.dll (https://www.virustotal.com/en/file/1827e9eb9417bec0d9869ba6a36d62b48f548dbb30c881dbf47ee1cb38304eb2/analysis/1384354621/).

This steam_api.dll came from a torrent which included a crack provided with a game (XCOM: Enemy Within). I'm not sure whether this is a false positive (which seems unlikely) or a legitimate virus. Also, someone explain how can I upload samples (ESET doesn't want any potentially malicious files on their forums, but we need a way to send samples for other people to inspect) and why can't I submit files for analysis from the quarantine menu (It displays a pop-up with the title "Threatsense early warning system" and contains "Submission of suspicious files is currently disabled. File was placed in cache."). Thank you in advance.

Edited November 13, 2013 by Senzorei

[Marcos 5,074]

Cracks with a suspicious behavior that are likely to trigger heuristic detection are detected as potentially unsafe applications. Detection of pot. unsafe applications is disabled by default as they mainly cover legit tools that can be misused for malicious purposes in the wrong hands. If you want to keep the PUA detection, you can exclude the dll from scanning.

 

In the future, you can submit samples to ESET as per the instructions here (not necessary in this case as it's apparently a crack / hack tool).