Open anklejbiter opened 1 year ago
I have a similar problem wherein McAfee Anti-Virus says bin\d3d9.dll is a GenericRXQO (some sort of Trojan apparently).
The dll itself seems to have headers associated with DirectX and Image manipulation. I still don't trust it tho
Seems like a false positive to me but I am no expert
If you are unsure check the code and compile it yourself.
If you are unsure check the code and compile it yourself.
I'm not sure how to do that, I don't fully understand github. The UI is kinda confusing.
deleting d3d9.dll makes portal 2 not launch at all, period, and I have seen the same filename in other games, so I assume it's a false positive. various members of discord have also said they think that as well.
I don't know how to make windows stop flagging it, so I manually disabled it for now and created a backup of my machine, in addition to the one I have from a few weeks ago. Game looks good with some glitches and stuff, but it's still really early so these things will probably get ironed out eventually.
For me windows does not flag it, try uploading the dll to virus total and check that you get the same sha256/hash as me (I used PortalVR v.0.1.5)
Btw are you using built in zip extraction or external?
I think you're right, it seems to be a false positive. I'm the only one getting it, google says sometimes windows will do this with certain files
On Wed, Sep 20, 2023 at 3:50 PM Emil Pettersson @.***> wrote:
Seems like a false positive to me but I am no expert
- The mod works
virustotal only flags on McAfee and Bkav Pro (3/69)
— Reply to this email directly, view it on GitHub https://github.com/Gistix/portal2vr/issues/61#issuecomment-1728336066, or unsubscribe https://github.com/notifications/unsubscribe-auth/AM4LZHPCO7CKJF6WZ6MW6K3X3NCHZANCNFSM6AAAAAA5AHLKEQ . You are receiving this because you authored the thread.Message ID: @.***>
This happens upon, and only upon, unzipping the Portal2VR.zip file.
Windows threat detection says it is Wacatac.B!ml, and it says it's part of bin\d3d9.dll
It might be a false positive, as I haven't seen anyone online talk about this, even in comments of videos talking about the mod, but it's highly suspicious.