Verhoven69 Posted October 31, 2016 Posted October 31, 2016 Pack.win32.Krap.ceh This is the file in dinput8.dll is the latest flag I got from autolink 2.6 Packed.Win32.Krap.hm Got it from my official Zone Alarm anti-virus software. Description Packed.Win32.Krap.hm is a Windows platform Trojan that is packed with potentially harmful programs. Packed.Win32.Krap.hm is designed to spread copies of fake security software. Once a PC is infected, fake security alert messages will be generated by the Trojan, prompting the victim to purchase the "full" version of the rogueware. Use a recognized security application to detect and remove Packed.Win32.Krap.hm.
Holden - DOAHDM Posted October 31, 2016 Posted October 31, 2016 I've been using Autolink 2.6 for a while now and haven't had this issue. Virus scanners give false positives about DLL's and Executables that aren't recognized all the time. I sincerely doubt that Falling Cat decided to start distributing malware after all the great work he's done.
Verhoven69 Posted October 31, 2016 Author Posted October 31, 2016 I've been using Autolink 2.6 for a while now and haven't had this issue. Virus scanners give false positives about DLL's and Executables that aren't recognized all the time. I sincerely doubt that Falling Cat decided to start distributing malware after all the great work he's done. I already PMed him. Falling Cat that is. At 3DM and here (loverslab) before posting this but no response. The first alert I got was in 2.5 two days ago. I Uninstalled it and installed 2.60. Did not get an alarm until just now and identified the trojan as this. The first was a krutz watchamacalit. So I checked what this krap.ceh is and I got this description. As I mentioned, I really enjoy Autolink but that dinput8 keeps on getting flagged. The dinput for lrs never gets flagged. Only this and its driving me nuts! I put an exception on one then another gets this.
Verhoven69 Posted October 31, 2016 Author Posted October 31, 2016 if you doubt dont use autolink dude It's all but disabled already so I have no choice but to remove it. Just a fair warning to y'all out there. Knowing is half the battle.
pia1024 Posted October 31, 2016 Posted October 31, 2016 FallingCat (http://bbs.3dmgame.com/thread-5065534-1-2.html) Here reveals 7. 金山毒霸 会删除任何d3d9.dll dinput8.dll 造成补钉失效 (自行判断如何处理 换个防毒软件 或是不使用补钉 或是看这边 ) google translate: Anti-virus software will remove any d3d9.dll dinput8.dll cause patch failure (self-judgment on how to deal with another anti-virus software or do not use the patch
dogcookie Posted October 31, 2016 Posted October 31, 2016 That is alarming, what is the alternative for autolink?
Verhoven69 Posted October 31, 2016 Author Posted October 31, 2016 FallingCat (http://bbs.3dmgame.com/thread-5065534-1-2.html) Here reveals 7. 金山毒霸 会删除任何d3d9.dll dinput8.dll 造成补钉失效 (自行判断如何处理 换个防毒软件 或是不使用补钉 或是看这边 ) google translate: Anti-virus software will remove any d3d9.dll dinput8.dll cause patch failure (self-judgment on how to deal with another anti-virus software or do not use the patch I repeat I love the program. I use not all it's features but overall, it's a good mod. Trouble is, after my Anti virus software detects it, even after I put an exception, the program won't run anymore. Major bummer indeed as I love the program itself when you use the camera in and out and rotate the game models and the adjust the sweat etc.
Futa Lover Posted October 31, 2016 Posted October 31, 2016 Instead of making the antivirus disabled only to a specific file its better to have the entire folder listed in the exception list also disable "Scans" I have mine set exclude my entire (G)Drive "Seagate Expansion 8TB" with my games/mod files When you are dealing with mod tools this always throws out false virus alarms and sometimes you have to think logical. If Autolink had an actual virus then none of us here would be using it let alone distribute it for downloading. Make sure to re download Autolink again if you haven't already, but you need to disable it toward your download location before downloading it otherwise it will keep detecting the file. Or just turn the antivirus off completely
Verhoven69 Posted October 31, 2016 Author Posted October 31, 2016 Instead of making the antivirus disabled only to a specific file its better to have the entire folder listed in the exception list also disable "Scans" I have mine set exclude my entire (G)Drive "Seagate Expansion 8TB" with my games/mod files When you are dealing with mod tools this always throws out false virus alarms and sometimes you have to think logical. If Autolink had an actual virus then none of us here would be using it let alone distribute it for downloading. Make sure to re download Autolink again if you haven't already, but you need to disable it toward your download location before downloading it otherwise it will keep detecting the file. Or just turn the antivirus off completely You know what? When I down load the file and unpack it, well before and after I unpack I scanned the files with ZA and Malware bytes. It is all clean. As I previously mentioned, I was on 2.50. When it was flagged, I uninstalled it and put an exception the installed 2.60. Game ran normally until ZA flagged it again (two days later). Btw, my steam folder won't install in my 1TB Seagate too. I'll try something creative later. Thanks though.
Budz Posted October 31, 2016 Posted October 31, 2016 You can upload and scan it here https://www.virustotal.com/ It was getting picked up as a trojan with my PC, but only by heuristic scan. Heuristic means it picked up the behavior, not the signature. So it's most likely a false-positive. Autolink does "inject" modded files into a running program. That can definitely be seen as suspicious by AV programs. Besides, that warning is talking about fake or rogue anti-virus programs. Which you would have noticed on your system almost instantly.
uyesuyes Posted October 31, 2016 Posted October 31, 2016 https://www.virustotal.com/tr/file/dd316c50882f904c6e5fc03f1e28e6b34fdd9aaa17ca77b4aad0a77cd61ddb69/analysis/1477935885/ - d3d9.dll https://www.virustotal.com/tr/file/00580093407dd18f2af26e8a63078ddf99b17eaabfd39cdd39c51417d6ecb21e/analysis/1477935767/ - DInput8.dll AegisLab Antiy-AVL Bkav No problem, files is clean.
Verhoven69 Posted October 31, 2016 Author Posted October 31, 2016 I sent it to virustotal and yes, it's 2/54 flagged. I'm sending this to ZA to clear this. Update: I was sent this by ZA. A link to kapersky, this is the result
Holden - DOAHDM Posted November 1, 2016 Posted November 1, 2016 I'm just going to say it. It's not a virus. It's not a trojan that pretends to be security software. Autolink is safe to use and it will not harm your computer. Virus scanners are constantly full of false positives especially with unsigned software.
Kureka Posted November 1, 2016 Posted November 1, 2016 How about change your AV maybe? I use avira free version, and if found false positive just report it to https://analysis. avira.com/ usually they will whitelist it on next update definition if it's really false positive.
funnybunny666 Posted November 1, 2016 Posted November 1, 2016 It's my turn now, I'm having the same false positive from my anti-virus, it's the second time since autolink install, I use Kaspersky Pure
Verhoven69 Posted November 1, 2016 Author Posted November 1, 2016 It's my turn now, I'm having the same false positive from my anti-virus, it's the second time since autolink install, I use Kaspersky Pure ZA uses kapersky as reference. I'm no hacker (I mean it in a good way) but is there a way to fix dinput.8dll to function without acting like a trojan? LRS's dinput.8dll doesn't cause flags. Btw, as a result of my system deactivating Autolink, the pop up is back......unable to connect to steam after each round of fighting.
CANGT1 Posted November 1, 2016 Posted November 1, 2016 It's my turn now, I'm having the same false positive from my anti-virus, it's the second time since autolink install, I use Kaspersky Pure Kaspersky is a paranoid piece of shit, it will tell you EVERY single file you download to be a trojan, just to brainwash you into thinking it's the best AV.
TranscendedGuy Posted November 1, 2016 Posted November 1, 2016 Despite Kaspersky did saved me few times from serious viruses that actually did infect my pc back in 2012, it does have paranoid of thinking whatever you download that you know is consider a virus or trojan. Happens when I try to boot up mabinogi client and got a pop up thinking the client is a virus. I mostly turn off kaspersky internet security and going on my business. Personally, microsoft essentials is better, since I have no problem with it at all at least.
Futa Lover Posted November 1, 2016 Posted November 1, 2016 Well anti-virus programs do their job, but they can also make us paranoid among things when we download Trainers, Mod Tools, or Cracked software. You'll be surprised how many people always say their anti-virus spotted a virus after downloading a tool, it's practically a common thing in the modding community. Thats why we usually see instructions to disable or omit our anti-virus upon use. We are just being abit over paranoid on this matter. My Norton is so strict I had to exclude entire drives that might have any sort of mod tool in them to make sure it doesn't go on a quarantine deletion spree. The only drive its protects is my SSD since I only install drivers and OS updates on it. I play alot of Phantasy Star Online 2(Best free mmo IMO) and Norton would try to block/Quarantine a proxy app mainly b/c it injects itself to the original launcher for official game updates and translates the files to English. But as Holden and others above mentioned its a common false postive nothing to lose our heads over or ask the dev to change it for our AV sake. If people are going to be on high alert on viruses then they probably should steer away from modding games or anything in general. You are downloading 3rd party tools that alter apps keep that in mind
Recommended Posts
Archived
This topic is now archived and is closed to further replies.