Tom25 0 Posted January 20 Share Posted January 20 I downloaded an anti cheat game exe file that scans active files to confirm you're not using a cheat, eset didn't find an issue with it so I ran it, but upon scanning it with virustotal I saw some weird things. Here's the scanned file: https://www.virustotal.com/gui/file/78bc50bbd753cb431221e4d2c5f67177c18611c0afcc83438f2a14c70aa0b9f2 IP traffic shows some IPs that were flagged by eset and also according to https://socradar.io/dark-web-profile-royal-ransomware/ are "IOCs of Royal Ransomware:" 20.99.132.105:443 (TCP) 20.99.133.109:443 (TCP) 20.99.184.37:443 (TCP) 23.216.147.64:443 (TCP) Could anyone take a look at the above scan and advice what I should do? Eset scan did not find anything suspicious, but the above makes me wonder if my PC hasn't been compromised? Link to comment Share on other sites More sharing options...
JoeBlack40 0 Posted January 21 Share Posted January 21 I suggest you to download (if not already present on your computer) Kaspersky Virus Removal Tool,Malwarebytes and Norton Power Eraser and scan your PC to make sure everything is clean. Link to comment Share on other sites More sharing options...
alphayash 0 Posted January 21 Share Posted January 21 4 hours ago, JoeBlack40 said: I suggest you to download (if not already present on your computer) Kaspersky Virus Removal Tool,Malwarebytes and Norton Power Eraser and scan your PC to make sure everything is clean... Thanks for your answer, I will download Norton Power Eraser and other apps Link to comment Share on other sites More sharing options...
itman 1,629 Posted January 21 Share Posted January 21 (edited) 16 hours ago, Tom25 said: Here's the scanned file:https://www.virustotal.com/gui/file/78bc50bbd753cb431221e4d2c5f67177c18611c0afcc83438f2a14c70aa0b9f2 The products detecting this anti-cheat software at VT are the one's that employ behavior monitoring to a large degree. It also appears most of the detections fall in the PUA/grayware category which is appropriate for type of software. The bottom line here is the software per se most likely does not perform malicious activities in regards to your Windows installation. This does not mean that using this software is 100% safe and comes with other risks such as marketing claim misrepresentation and the like. Edited January 21 by itman Link to comment Share on other sites More sharing options...
Nevermind 8 Posted January 22 Share Posted January 22 (edited) The only reputable AV detecting this is Sophos and even it says its just PUA. You probably cannot see it since you do not have VT account but this file was firstly scanned in 2020 and submitted to VT for over 200 times since then. Stay calm Edited January 22 by Nevermind Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 198 Posted January 24 Most Valued Members Share Posted January 24 On 1/21/2023 at 1:31 AM, Tom25 said: I downloaded an anti cheat game exe file that scans active files to confirm you're not using a cheat, eset didn't find an issue with it so I ran it, but upon scanning it with virustotal I saw some weird things. Here's the scanned file: https://www.virustotal.com/gui/file/78bc50bbd753cb431221e4d2c5f67177c18611c0afcc83438f2a14c70aa0b9f2 IP traffic shows some IPs that were flagged by eset and also according to https://socradar.io/dark-web-profile-royal-ransomware/ are "IOCs of Royal Ransomware:" 20.99.132.105:443 (TCP) 20.99.133.109:443 (TCP) 20.99.184.37:443 (TCP) 23.216.147.64:443 (TCP) Could anyone take a look at the above scan and advice what I should do? Eset scan did not find anything suspicious, but the above makes me wonder if my PC hasn't been compromised? You better stay away from applications like this , because they have no use , if you don't have cheat software then you don't need to have a checker for them And even if the app was legit , it would just scan for known cheat apps exe etc.. You can see that most of the detections that came in VirusTotal , is decided by AI , better to stay away from it Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 198 Posted January 24 Most Valued Members Share Posted January 24 Aaa , I can read about it here If some clan requires it to be able to run their server or matches , it is different , but still I don't know if the app is legit , but seems that their website is old and not new or fake but still I wouldn't like to run those things Each game has it's own Anti-Cheat programs , it should do the job from their side Link to comment Share on other sites More sharing options...
Recommended Posts