Possible trojan in patch?

snowmarshmallows · May 2013

While patching today, my antivirus is claiming \Star Trek Online\Live\libcef.dll is a trojan.

It's probably a false positive, but it could be a significant issue if it's not.

dirlettia · May 2013

Not coming up as a virus under Avast antivirus. Which antivirus are you using and also check the file version to make sure a malicious program hasn't changed it.

My own version shows as;

file version: 1.1180.1112.0
product version: 1.1180.1112

size 21.1MB
date modified: 17/03/2013 04:12

jelly0 · May 2013

I dont even have that dll file oO

Edit
Ah its in the test folder not live for me.

pwebranflakes · May 2013

Thanks for the report, Captains. What AV are you using? I?d like to pass this info along to the team.

Cheers,

Brandon =/\=

gamerjosh · May 2013

I checked my file, the details match the ones posted above, passed all virus checks with windows defender, windows 8.

kurumimorishita · May 2013

Checked mine with AVG.. passed - no virus.

arctrooper1773 · May 2013

DLL files are shared libraries for your operating system. That means that more than one program will access the dll file - they can also be statistically linked which will allow an executable file (essentially that thing you double click on) to load the information from more than one at a time into memory and start doing what the code is asking it to.

If it's a data file in dll format, it can look similar to a simple antivirus scan - a trojan is a seemingly innocuous program that contains malicious code that is not accessed by the program it's telling the computer it's for.

Trojans are also typified by a random number generator that will prevent the malicious code from executing until a certain point (makes it harder to pinpoint where the virus came from). DLL files are also able to delay this - especially if the program the DLL is there for can't find it (i.e. it's being downloaded at that moment).

Would you like to know more? (cookie for the one who gets this)

It looks like the antivirus just picked it up because it has similarities to the more simple malicious code. Nothing to worry about - you'll get this with anything from STO to a printer installation.

The main thing you need to think about though is that even if the source is one you trust (perfectworld and, say, HP being perfect examples), they may have been attacked and a virus may have been saved as part of the download. It's incredibly unlikely, but as they say, the safest computer is one that doesn't have an internet card.

raepok · May 2013

If you mean the reference it's Starship Troopers...

sfccrash · May 2013

I've checked this file at work using 3 different AV programs, ESET, Symantic, and AVG all come clean with the file. Definitely sounds like a false positive to me there.

speedyonpwi · May 2013

checked with microsoft security essentials, no positives there

ki451 · May 2013

gamerjosh wrote: »

I checked my file, the details match the ones posted above, passed all virus checks with windows defender, windows 8.

VirusTotal shows it clean:

https://www.virustotal.com/en/file/aa6cf1f192bc2656d5c766c38537adceab2a7f80c0540cf2f7e50073bd672948/analysis/1369183519/

xcom43 · May 2013

I have 5 cleaning programs and non of them are giving a flase positve.

AVG/malwarebytes/ASC6/ccleaner/Iobit malware:D

But it has been knowen to happen with other mmos.

lombardus · May 2013

Hi I'm also getting a virus warning for libcef.dll (path: ....Cryptic Studios\Star Trek Online\Live\libcef.dll).

ESET is saying its a variant of Win32/Kryptic.AGJL trojan.

It's repeatedly deleting the file resulting in the launcher having a "file locked" error and restarting.

Any assistance will be greatly appreciated.

arctrooper1773 · May 2013

raepok wrote: »

If you mean the reference it's Starship Troopers...

Oh go on, you can have two.

Possible trojan in patch?

Comments