Gunzta 0 Posted October 7, 2023 Share Posted October 7, 2023 Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 07/10/2023 09:16:53;Real-time file system protection;file;G:\Ubisoft\RidersRepublic\uplay_download\5487\RidersRepublic.exe;a variant of Win64/GenKryptik_AGen.KR trojan;cleaned by deleting;3900X-ADZ\xxxxx;Event occurred on a file modified by the application: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe (2075EB977C83F9E2A499BC3B7324E39F96B8DE95).;FE5B8E0C281975124C4CD94A48144A791C274240;07/10/2023 09:16:42 Any advice please? Link to comment Share on other sites More sharing options...
itman 1,667 Posted October 7, 2023 Share Posted October 7, 2023 Presently two detection's at VT on this one; Eset and Rising: https://www.virustotal.com/gui/file/6a948d7ee8796b35543075dec549956d84e3d7026c48657335f9d2fc6712a2c2/detection . Eset might be triggering on the presence of VMProtect. Link to comment Share on other sites More sharing options...
Gunzta 0 Posted October 7, 2023 Author Share Posted October 7, 2023 7 hours ago, itman said: Presently two detection's at VT on this one; Eset and Rising: https://www.virustotal.com/gui/file/6a948d7ee8796b35543075dec549956d84e3d7026c48657335f9d2fc6712a2c2/detection . Eset might be triggering on the presence of VMProtect. Thank you for the information. As a normal user that doesn't speak fluent Malware, could you possibly hold my hand a little more and walk me through your reply in language that I might understand? Probably a more pressing issue than understanding what you said, is knowing when ESET will let me play my game again? Link to comment Share on other sites More sharing options...
itman 1,667 Posted October 7, 2023 Share Posted October 7, 2023 (edited) 1 hour ago, Gunzta said: could you possibly hold my hand a little more and walk me through your reply in language that I might understand? With the low detection rate at VirusTotal, it could be an Eset false positive detection. You should submit RidersRepublic.exe to Eset for review as such. You do this by accessing the file in Eset GUI Quarantine section. Mouse right click on the file and select, Submit sample for analysis. Change the Reason for submitting the sample field to "False positive file." Edited October 7, 2023 by itman Link to comment Share on other sites More sharing options...
itman 1,667 Posted October 7, 2023 Share Posted October 7, 2023 (edited) I will also note that Eset detected a malware status of RidersRepublic.exe when the following occurred per your posted Eset Detection log entry; "Event occurred on a file modified by the application: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe." So this upc.exe file should also be submitted to Eset for analysis via Submit sample for analysis option in the Eset GUI Tools section. You can also submit this upc.exe file to VirusTotal.com and see if detection's for it exist there. Edited October 7, 2023 by itman Link to comment Share on other sites More sharing options...
Most Valued Members cyberhash 188 Posted October 7, 2023 Most Valued Members Share Posted October 7, 2023 I have upc.exe in the same folder and it does not show as being detected. https://www.virustotal.com/gui/file/d9f8ba7344c7b65587aa8e0f5cc15f37cde969ff4f3b4b4846f0ee11d2270a6f/detection/f-d9f8ba7344c7b65587aa8e0f5cc15f37cde969ff4f3b4b4846f0ee11d2270a6f-1696570946 Link to comment Share on other sites More sharing options...
Gunzta 0 Posted October 8, 2023 Author Share Posted October 8, 2023 Thank you itman, I really appreciate you taking the time to explain and educate me. I have followed your instructions. Although I note that upc.exe is no longer causing an issue and is scanning without problems. (as per cyberhash's post) Its just the RidersRepublic.exe that is getting falsley identified so I have submitted it. cyberhash: thank you for your additional info, very helpful. Link to comment Share on other sites More sharing options...
itman 1,667 Posted October 8, 2023 Share Posted October 8, 2023 13 hours ago, cyberhash said: I have upc.exe in the same folder and it does not show as being detected Are you receiving any Eset detection on RidersRepublic.exe? Link to comment Share on other sites More sharing options...
itman 1,667 Posted October 8, 2023 Share Posted October 8, 2023 (edited) I have a suspicion why Eset might be throwing a detection on this game. A couple of comments from Reddit; Quote I just finished downloading riders republic on epic games launcher, it was a 22gb download and when i clicked launch it took me to Ubisoft connect where it proceeded to start another 24 gb download. When I searched online it says that the game is only 22gb in size so can anyone explain what is going on or is this some kind of issue with the game?! I had this game installed before but deleted it. The first time I downloaded it this did not happen so i am very confused. Quote Ubisoft connect is like malware. Had the same thing happen. I selected to install it to my external disk drive then finished downloading and installing then Ubisoft connect decided it needs to go on my SSD then reinstalled the whole thing. Fuck Ubisoft connect. It’s somehow worse than EA origin https://www.reddit.com/r/gaming/comments/11ef1ga/i_just_downloaded_riders_republic_and_its_making/ Edited October 8, 2023 by itman Link to comment Share on other sites More sharing options...
Puririkaaal 0 Posted December 26, 2023 Share Posted December 26, 2023 I had an absolutely identical situation, so now I use only Steam Link to comment Share on other sites More sharing options...
Puririkaaal 0 Posted December 31, 2023 Share Posted December 31, 2023 (edited) and now I'm playing WoW by the way, I feel like a super newbie because I haven't played the game in 10 years, I'm thinking of ordering a boost from https://boosthive.eu/service/mythic-dungeons , , what do you think? Edited January 3 by Marcos Url unhidden Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 205 Posted January 3 Most Valued Members Share Posted January 3 On 12/31/2023 at 7:23 PM, Puririkaaal said: and now I'm playing WoW by the way, I feel like a super newbie because I haven't played the game in 10 years, I'm thinking of ordering a boost from https://boosthive[.]eu/service/mythic-dungeons, what do you think? I didn't go to the link , but it is a WoW boost? and stuff like gold or equipment I don't recommend doing that , because it's not affiliated with Blizzard or someone official to the game and it can be a scam or you will pay for something and get something else or get nothing. and probably it have to do some in-game trading to be able to get the stuff. Better not bro , I don't recommend it. Link to comment Share on other sites More sharing options...
Recommended Posts