Jump to content

I did something stupid, need advice


Recommended Posts

I downloaded an anti cheat game exe file that scans active files to confirm you're not using a cheat, eset didn't find an issue with it so I ran it, but upon scanning it with virustotal I saw some weird things. Here's the scanned file:

 

https://www.virustotal.com/gui/file/78bc50bbd753cb431221e4d2c5f67177c18611c0afcc83438f2a14c70aa0b9f2

 

IP traffic shows some IPs that were flagged by eset and also according to https://socradar.io/dark-web-profile-royal-ransomware/ are "IOCs of Royal Ransomware:"

 

20.99.132.105:443 (TCP)

20.99.133.109:443 (TCP)

20.99.184.37:443 (TCP)

23.216.147.64:443 (TCP)

 

Could anyone take a look at the above scan and advice what I should do? Eset scan did not find anything suspicious, but the above makes me wonder if my PC hasn't been compromised?

 

Link to comment
Share on other sites

I suggest you to download (if not already present on your computer) Kaspersky Virus Removal Tool,Malwarebytes and Norton Power Eraser and scan your PC to make sure everything is clean.

Link to comment
Share on other sites

4 hours ago, JoeBlack40 said:

I suggest you to download (if not already present on your computer) Kaspersky Virus Removal Tool,Malwarebytes and Norton Power Eraser and scan your PC to make sure everything is clean...

Thanks for your answer, I will download Norton Power Eraser and other apps 

Link to comment
Share on other sites

16 hours ago, Tom25 said:

The products detecting this anti-cheat software at VT are the one's that employ behavior monitoring to a large degree. It also appears most of the detections fall in the PUA/grayware category which is appropriate for type of software.

The bottom line here is the software per se most likely does not perform malicious activities in regards to your Windows installation. This does not mean that using this software is 100% safe and comes with other risks such as marketing claim misrepresentation and the like.

Edited by itman
Link to comment
Share on other sites

The only reputable AV detecting this is Sophos and even it says its just PUA. You probably cannot see it since you do not have VT account but this file was firstly scanned in 2020 and submitted to VT for over 200 times since then. Stay calm ;) 

Edited by Nevermind
Link to comment
Share on other sites

  • Most Valued Members
On 1/21/2023 at 1:31 AM, Tom25 said:

I downloaded an anti cheat game exe file that scans active files to confirm you're not using a cheat, eset didn't find an issue with it so I ran it, but upon scanning it with virustotal I saw some weird things. Here's the scanned file:

 

https://www.virustotal.com/gui/file/78bc50bbd753cb431221e4d2c5f67177c18611c0afcc83438f2a14c70aa0b9f2

 

IP traffic shows some IPs that were flagged by eset and also according to https://socradar.io/dark-web-profile-royal-ransomware/ are "IOCs of Royal Ransomware:"

 

20.99.132.105:443 (TCP)

20.99.133.109:443 (TCP)

20.99.184.37:443 (TCP)

23.216.147.64:443 (TCP)

 

Could anyone take a look at the above scan and advice what I should do? Eset scan did not find anything suspicious, but the above makes me wonder if my PC hasn't been compromised?

 

You better stay away from applications like this , because they have no use , if you don't have cheat software then you don't need to have a checker for them

And even if the app was legit , it would just scan for known cheat apps exe etc..

You can see that most of the detections that came in VirusTotal , is decided by AI , better to stay away from it

Link to comment
Share on other sites

  • Most Valued Members

Aaa , I can read about it here

image.png

If some clan requires it to be able to run their server or matches , it is different , but still I don't know if the app is legit , but seems that their website is old and not new or fake but still I wouldn't like to run those things

Each game has it's own Anti-Cheat programs , it should do the job from their side

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...