Jump to content

Recommended Posts

Posted

Hi,

since the last update of the game "Helldivers 2" on Steam the file D:\Programme\Steam\steamapps\common\Helldivers 2\data\game\game.dll will be reportet as a variant of Win64/Packed.Themida.L and be deleted.

This is a known problem in the community and occurs only with eset and no other antivir.

I don't want to just create and exclusion for the file.

Would be nice if someone can look into the matter....

Greetings

Apas

Posted

I have send an report of the file directly via ESET.

Posted

I'm having the same problem. Did a search and I'm seeing everyone with ESET security and playing Helldiver2 is having the same problem. Will this be fixed in a way that I don't have to do anything but wait? I'm not good with computer programing stuff. The only fix I'm seeing currently is changing settings in ESET, which I don't clearly understand. Id rather not do that and possible mess something up.

  • Administrators
Posted
1 hour ago, MK369 said:

I'm having the same problem. Did a search and I'm seeing everyone with ESET security and playing Helldiver2 is having the same problem. Will this be fixed in a way that I don't have to do anything but wait? I'm not good with computer programing stuff. The only fix I'm seeing currently is changing settings in ESET, which I don't clearly understand. Id rather not do that and possible mess something up.

Please provide logs collected with ESET Log Collector as I requested in my post above.

Posted
42 minutes ago, Marcos said:

Please provide logs collected with ESET Log Collector as I requested in my post above.

Hello, did the log collector and opened a case.

Thanks

Posted (edited)

Per VirusTotal analysis: https://www.virustotal.com/gui/file/ab920976c7aebc1d3c50a9ef23b3a2eda36551002f37f466b1664aecd4f684e4/details , the .dll is code signed which would further indicate its a legit file.

The Eset detection of a variant of Win64/Packed.Themida.L indicates the .dll file is using software code protection making it impossible for Eset to scan the file. Code protection is deployed by developers to prevent their code being stolen via reverse engineering methods. It also is used by malware developers for the same reason.

Edited by itman
  • Administrators
Posted

Please upload your ELC logs here. Attachments can be accessed only by ESET staff.

Posted (edited)

FYI:

Quote

Helldivers 2 & nProtect GameGuard (anti-cheat)

DEVELOPER

Hi everyone,

My name is Peter Lindgren and I'm the Technical Director of HELLDIVERS 2. I've been making games at Arrowhead since the Magicka-days and I've been involved in every game we've released to date.

I will do my best in this post to address the concerns and confusion that's come up recently regarding the choice of Anti-Cheat software in HELLDIVERS 2.

So, let's start off with the more urgent questions:

Is GameGuard a kernel-level / administrator-priviledge anti-cheat?

Yes, GameGuard is a "kernel-level", aka rootkit, anti-cheat. Most anti-cheat run at "kernel-level", especially all of the popular ones. It's unfortunately one of the more effective ways to combat cheating.

https://www.reddit.com/r/Helldivers/comments/19dp2qw/helldivers_2_nprotect_gameguard_anticheat/

Bottom line - when you run this software, a kernel mode rootkit is being deployed. It's the user's decision on whether to use the software since there is always the possibility it could be used maliciously.

Edited by itman
Posted

line 2

...some (not widely known) antivirus, have... 😆😅

  • 1 month later...
Posted

Same issue with latest Patch 01.000.400. 

  • Administrators
Posted
29 minutes ago, kalima said:

Same issue with latest Patch 01.000.400. 

Please create a detection exclusion with the detection name Win64/Packed.Themida.L and the appropriate path in which Steam creates files that are detected:

image.png
 
The thing is that the application downloads chunks of the file with zeroes inside and assembles the final file in the end. As a result, the digital signature of the chunks is invalid and the detection is triggered since Themida protector is used.
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...