Windows Virus protection is activating

Gistix / portal2vr

Portal 2 VR Mod

761 stars 21 forks source link

Windows Virus protection is activating #61

Open anklejbiter opened 1 year ago

anklejbiter commented 1 year ago

This happens upon, and only upon, unzipping the Portal2VR.zip file.

Windows threat detection says it is Wacatac.B!ml, and it says it's part of bin\d3d9.dll

It might be a false positive, as I haven't seen anyone online talk about this, even in comments of videos talking about the mod, but it's highly suspicious.

Kathode-Negative commented 1 year ago

I have a similar problem wherein McAfee Anti-Virus says bin\d3d9.dll is a GenericRXQO (some sort of Trojan apparently).

The dll itself seems to have headers associated with DirectX and Image manipulation. I still don't trust it tho

J-Emil-P commented 1 year ago

Seems like a false positive to me but I am no expert

The mod works
virustotal only flags on McAfee and Bkav Pro (3/69) https://www.virustotal.com/gui/file/e4d766a067fc4704eec00d6d065bde452a8a1bc424277c3d2f80ffa5f1cb578f/detection

If you are unsure check the code and compile it yourself.

anklejbiter commented 1 year ago

If you are unsure check the code and compile it yourself.

I'm not sure how to do that, I don't fully understand github. The UI is kinda confusing.

deleting d3d9.dll makes portal 2 not launch at all, period, and I have seen the same filename in other games, so I assume it's a false positive. various members of discord have also said they think that as well.

I don't know how to make windows stop flagging it, so I manually disabled it for now and created a backup of my machine, in addition to the one I have from a few weeks ago. Game looks good with some glitches and stuff, but it's still really early so these things will probably get ironed out eventually.

J-Emil-P commented 1 year ago

For me windows does not flag it, try uploading the dll to virus total and check that you get the same sha256/hash as me (I used PortalVR v.0.1.5)

Btw are you using built in zip extraction or external?

anklejbiter commented 1 year ago

I think you're right, it seems to be a false positive. I'm the only one getting it, google says sometimes windows will do this with certain files

On Wed, Sep 20, 2023 at 3:50 PM Emil Pettersson @.***> wrote:

Seems like a false positive to me but I am no expert

The mod works

virustotal only flags on McAfee and Bkav Pro (3/69)

https://www.virustotal.com/gui/file/e4d766a067fc4704eec00d6d065bde452a8a1bc424277c3d2f80ffa5f1cb578f/detection

— Reply to this email directly, view it on GitHub https://github.com/Gistix/portal2vr/issues/61#issuecomment-1728336066, or unsubscribe https://github.com/notifications/unsubscribe-auth/AM4LZHPCO7CKJF6WZ6MW6K3X3NCHZANCNFSM6AAAAAA5AHLKEQ . You are receiving this because you authored the thread.Message ID: @.***>