Windows Detected a Trojan in Elite Dangerous' Game Files

s00zster

S
I've played Elite Dangerous since release in 2014 and this has never happened to me before.

I was redownloading the game after some months away when I got an alert showing the following:

Untitled.png


I've used PCs since 1998 and reinstalled Elite Dangerous countless times and I've never had a virus alert before. Ever. I'm a very careful person, so to have this pop up inside Elite's own game files was quite alarming. I cancelled the install and I'm going to roll back to a recent snapshot out of caution.

Has anyone else had this?
 

GraphiteGB

GraphiteGB
You mean false possitive reports due to portals and other secondary rerouting programmes yep..
Yes there have been bucket loads of false reports from virus software over the years...
Steam games are not tested by companies that make virus software and this adds to people having to ignore them which then lets in the real issues when using VPN/proxies/DNS changes..

Use Geforce now in 1 hour sessions untill you name the "anti viruss/ malware" programs in use..
Then others can check that softwares history for false possitives...
 

HappyMoonMonkey

HappyMoonMonkey
I had exactly the same Trojan report today as I was fully reinstalling via epic. Given that I trust the source I disabled windows defender to finish the install (not a general recommendation but I believe ok in this context).
 
Last edited:

s00zster

S
GraphiteGB said:
You mean false possitive reports due to portals and other secondary rerouting programmes yep..
Yes there have been bucket loads of false reports from virus software over the years...
Steam games are not tested by companies that make virus software and this adds to people having to ignore them which then lets in the real issues when using VPN/proxies/DNS changes..

Use Geforce now in 1 hour sessions untill you name the "anti viruss/ malware" programs in use..
Then others can check that softwares history for false possitives...
Click to expand...
Just to clarify, this is not only the first virus alert I've had with Elite, it's the first alert (false positive or not) I've had in 24 years with any OS and virus checker. I've been very lucky considering the amount of games I own on Steam if this sort of thing is really this common.
 

GraphiteGB

GraphiteGB
Northpin said:
Hopefully it's just a false positive.
Else it would mean that FDev's building machines got compromised.
Click to expand...
Would be way way worse the files from Steam not Fdev direct, and steam and epic run on geforce now server farms and that is were the Xbox users just moved to..lol..
 
Last edited:

Ian Skippy

Ian Skippy
s00zster said:
Just to clarify, this is not only the first virus alert I've had with Elite, it's the first alert (false positive or not) I've had in 24 years with any OS and virus checker. I've been very lucky considering the amount of games I own on Steam if this sort of thing is really this common.
Click to expand...
Its not common on Steam,. but very common with third party software. In any case, even if FD would mess up I am 99.99% convinced it wouldn't get past Valve's screening. If people have those skills they'd be using them for more lucrative purposes than annoying a tiny niche gamer group.
 

DrinkyBird

DrinkyBird
Quite likely just a false positive. ED has a lot of files, and unfortuntely some of the data managed to trip some detection rules.
Googling the particular malware it claims to have identified shows that it shows up as a false positive a lot, so I'd bet you're safe.
 
Last edited:

CMDR Karrde Sun

CMDR Karrde Sun
Yikes! Look at the file in a text editor and see if it looks like something legitimate?

Its not only steam updates that client is exposed to.. there's some sort of client server interaction with the servers, and maybe the culprit is for the p2p multiplayer networking? Would your client have to a "server" at some point as part of that?

Luckily i only play solo... thanks for the heads up, hope that gets attention from frontier.
 

DrinkyBird

DrinkyBird
Frillop Freyraum said:
Weird post right above (post #11) Looking at the quarantine date, it's pretty old, but it was found by the user just a few hours ago? How can that be? He should have received the warning much earlier.
Click to expand...
The reddit link given points to a comment from four hours ago. That comment is a response to a post from 11 months ago, which is where the image comes from.
 

Agony_Aunt

Agony_Aunt

Jmanis

Jmanis
s00zster said:
I've played Elite Dangerous since release in 2014 and this has never happened to me before.

I was redownloading the game after some months away when I got an alert showing the following:

View attachment 304524

I've used PCs since 1998 and reinstalled Elite Dangerous countless times and I've never had a virus alert before. Ever. I'm a very careful person, so to have this pop up inside Elite's own game files was quite alarming. I cancelled the install and I'm going to roll back to a recent snapshot out of caution.

Has anyone else had this?
Click to expand...
Those files are encrypted and/or encoded these days, so likely just the ciphertext triggering a signature.
 

Jonkarra

J
Given that this seems to be just one vendor reporting a false positive I wouldn't worry too much. If multiple people with multiple vendors were all reporting the same thing I'd be more worried. As Jamis pointed out most files are encrypted/encoded these days to not be readable and you then sometimes get a hit on a signature hash.
 
You must log in or register to reply here.
Back
Top Bottom