Jump to content
  • 0

Bitdefender detecting MTA update as malware?


Pilovali

Question

Hi!

I wanted to start MTA:SA, it wanted to upgrade some stuff, I got an error and Bitdefender blocked the updater cus it contained malware. I never had this issue with Bitdefender.

 

2p60gT1b.png

 

Why does it do that?

 

Virustotal report of one of the files it deleted: https://virustotal.com/#/file/5a41a74c00ed775234ee8a9995e35d3c52df46d81199d58a760f5acc3282da41/detection

 

EDIT:
So, I excluded MTA:SA's folder and temporarily disable Bitdefender to let the update do it's thing, and now I'm getting this error:

 0s21HTab.png

EDIT2:
Ok, re-installed MTA with Bitdefender disabled. I'm gonna enable it and play some MTA to see what happens.

Edited by Pilovali
Link to comment

10 answers to this question

Recommended Posts

  • 0
  • MTA Anti-Cheat Team

That's weird, because while I am on the same revision as that update ships, i ran the files it lists through virustotal.com (which also includes Bitdefender scan results) and it returned not a single detection, not even from Bitdefender.

Are you sure nothing external is modifying files as soon you download them? Another infection on your PC could inject malicious parts as soon your PC finishes downloading any file.

Please un-quarantine all detected files belonging to this MTA update, and whitelist them for a while so you can move them all to one folder and zip them up.

Then, upload the .zip or .rar archive to http://upload.mtasa.com and provide me the link in this topic. @Pilovali

Link to comment
  • 0
  • MTA Anti-Cheat Team

I got to draw back my last words as I re-scanned it, the new virustotal layout doesnt make it apparent it won't re-analyze when it already knows the file; it will automatically show old results first.

Once i re-scanned a file from your list of detected files, xmll.dll, it turned up these results:

sqGsrKV.png

 

This is obvious a false positive, as MTA doesn't ship infected files. The point here is that it's a shared signature, which means one company considered having expertise in the antivirus industry creates a definition, and other AV adopt the detection, without further analysis. These definitions get automatically distributed to AV companies that sub to theirs, in mailing lists.

By this method, a false positive found its way to multiple AV vendors, and currently we're working to report the false positive issues to the AV vendor responsible for the shared signature at fault.

In the meanwhile you can safely unquarantine and whitelist the files in order to play MTA.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...