suspicious dll-file in user folder :: Rescue HQ

Rescue HQ - The Tycoon

Wszystko Dyskusje Zrzuty ekranu Prace graficzne Transmisje Wideo Warsztat Aktualności Poradniki Recenzje

Rescue HQ - The Tycoon > Dyskusje ogólne > Szczegóły wątku

Oximat 28 marca 2021 o 1:32

suspicious dll-file in user folder

After starting this game, Microsoft Defender Antivirus pops up with a message "Virus & thread protection; Security Scan required. Your IT Administrator requires a security scan of this item..."

Looking into the Defender Log (via Event Log) it seems that Windows uploaded the DLL-File from the RHQ-Folder (C:\Users\...\AppData\Local\Temp\stillalive studios gmbh\RHQ\Player\FSX) onto its servers for further analyzing. Checking this file manually via Virustotal 5 scanners detect this file as unsafe.

Anyone with the same experience? Statement from developer?

Ostatnio edytowany przez: Oximat; 28 marca 2021 o 1:32

< >

Wyświetlanie 1-14 z 14 komentarzy

swimspud

20 stycznia 2023 o 12:51

thats scary

Crazy Old Vet posiada Rescue HQ - The Tycoon

10 sierpnia 2023 o 12:48

might be the boogey man

Orcat 9 października 2023 o 13:38

Want to know further information about this post. Other players' experience, or reply from developer.

ska

21 grudnia 2023 o 9:40

Same for me. Recognized as Trojan:Win32/Wacatac.B!ml from Windows.

Orcat 10 marca 2024 o 20:29

Push up this topic. It's a shame there are some games from this developer seem interesting.

CaveMan 7 kwietnia 2024 o 22:56

Początkowo opublikowane przez Orcat:
Push up this topic. It's a shame there are some games from this developer seem interesting.

Sad part is they release unfinished stuff and just as fast as they release them, abandons them...

Bastorius von der Nordsee posiada Rescue HQ - The Tycoon

24 kwietnia 2024 o 12:17

Same here!

Oximat 24 kwietnia 2024 o 13:14

It's a shame that this is ongoing for years now wiithout further analyzing by the devs or steam

CaveMan 24 kwietnia 2024 o 20:14

If you want you can upload that dll here: https://www.hybrid-analysis.com/
And see what comes up on it, sometimes it's better to get a few second opinions.

Oximat 25 kwietnia 2024 o 15:23

Done

#10

Bobby 11 czerwca 2024 o 5:28

Początkowo opublikowane przez Oximat:
It's a shame that this is ongoing for years now wiithout further analyzing by the devs or steam

House of Steam, doesn’t care what it is or it’s function. As long as the $800 THOUSAND per steam employee keeps rolling in the door[http//Sutton], for doing nothing but sell someone else’s games and take a 30% cut. (Yeah they take 27 moolah out of a 90 game)
Steam is the biggest company out there now.
Bigger than Microsoft,Apple,Facebook, yet everyone else thinks it’s the other way around. How naive.

They have nothing to do with what a company does with its software, they tell *you* to contact the company.
Like people believing that steam is safe and virus scanned it’s hosts files… wrong.
https://hothardware.com/news/valve-pushes-two-factor-sms-to-developers-updating-games

#11

Orcat 15 lipca 2024 o 2:09

Początkowo opublikowane przez hillyhaven:
Reported this to steam. Suggest you all do the same by scroll down and clicking the flag button on https://gtm.you1.cn/storesteam/app/809720/Rescue_HQ__The_Tycoon/

It took me a while to find the flag. It's beside the "Embed" button.

#12

Billy Rex

17 grudnia 2024 o 6:11

Also got a pop up for that today (after playing it several times), wondering what's up with that.

#13

[Heinz] Template Metaprogramming posiada Rescue HQ - The Tycoon

20 godz. temu

Hi,
Sorry for answering this only now.
The game uses fsharp scripting for its main logic and mods. The "suspiccous DLLs" are the compiled version of those scripts and are created on each game start.
When we released the game Virus scanners where not as paranoit about them nowadays it looks like more heuristics don't like this behaviour.
We already reported similar issues to other Virus Scanner providers as false positives and got it resolved.

That usually works like this.

Find the false positive report form on the provider website
- This is for example for windows defender https://www.microsoft.com/en-us/wdsi/filesubmission
Submit the supissious file with a short discription with context
Wait for their experts to have a look and resolve the issue

As devs we are not always aware if a new detection poped up, so it would be super helpfull if you as comunity could report those things to the Virus Scanner Providers.

Grettings
Jerry

Ostatnio edytowany przez: [Heinz] Template Metaprogramming; 20 godz. temu

#14

< >

Wyświetlanie 1-14 z 14 komentarzy

Na stronę: 1530 50

Rescue HQ - The Tycoon > Dyskusje ogólne > Szczegóły wątku

Data napisania: 28 marca 2021 o 1:32

Posty: 14