SEVERE MALWARE ALERT!

Fixxer · Nov 25, 2016

Code:

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items: 
file:C:\MacroQuest2\DSurface\DSurface.exe

Trojan:Win32/Rundas!plock

All I can say is... WTF?

Kodilynn · Nov 25, 2016

Been a false positive for longer than I can remember.

Fixxer · Nov 25, 2016

it never showed up before... Why now?

htw · Nov 25, 2016

Fixxer said:
it never showed up before... Why now?

Likely was added to list i.e. windows update / defender definitions. Access rights/privs handled by injectors sometimes get caught up in this kind of thing.

Other harmless software does as well. E.g., this exact same trojan flag (by windows defender at least) has or does flag things like Lockheed Martin's Prepar3D, various open source projects once compiled (where everyone can see the source and knows there is no trojan), and other various software.

If you don't use or intend to use the MQ2Radar plugin, you can just not run it, and let defender kill it (delete it) whenever it gets downloaded. If you want to continue to use it, you will need an exception.

htw

Fry · Nov 26, 2016

About two years ago we had to purposely remove DSurface.exe from our zip's as it was getting our release zips flagged as malware. We had to make it so people get the file from the update server.

The file has been being used in it's same state for over 9 years now. I have dug into the exe before, and although we don't have the original source for the exe, we could not find any signs of malware in it.

As Htw said, it's only used for MQ2Radar, just don't run it if you are worried.

Search

Search

SEVERE MALWARE ALERT!

Fixxer

Active member

Kodilynn

Master of Orion

Fixxer

Active member

htw

Developer

Fry

Fry Guy

Similar threads