trojan virus Generik.ICX ESET virus scanner notification

Discussion in 'Technical & Support' started by JayPasta, Apr 27, 2022.

  1. JayPasta

    JayPasta Registered

    Joined:
    Apr 27, 2022
    Messages:
    2
    Likes Received:
    0
    If you have recently installed rFactor 2, your PC may be infected with a Trojan Horse virus (see virus details below). After I was infected, a PC from an IP address in the United States tried to login into my Hotmail account associated with Windows. The virus may be sending sensitive information to a hacker somewhere in the US. Please be careful.

    If anyone knows more about what damage this virus can inflict, please let me know with a response to this thread.

    Virus Details:

    <ESET>
    <LOG>
    <RECORD>
    <COLUMN NAME="ログ">D:\SteamLibrary\steamapps\common\rFactor 2\Bin\Bundles\net.rfactor2.overlay.jar - Generik.ICXNONF トロイの木馬の変種 (Trojan Horse)- 削除によって駆除されました [1]</COLUMN>
    </RECORD>
    <RECORD>
    <COLUMN NAME="ログ">D:\SteamLibrary\steamapps\common\rFactor 2\Bin\Cache\bundle33\version0.0\bundle.jar - Generik.ICXNONF トロイの木馬の変種 (Trojan Horse) - 削除によって駆除されました [1]</COLUMN>
    </RECORD>
    </LOG>
    </ESET>

    Thank you.
     
  2. Evert

    Evert Registered

    Joined:
    Apr 27, 2022
    Messages:
    4
    Likes Received:
    1
    since today Eset virus scanner reports that a Trjorjaan has been found in the folder of rFactor2.

    C:\Program Files (x86)\Steam\steamapps\common\rFactor 2\Bin\Bundles\net.rfactor2.overlay.jar;a variant of Generik.ICXNONF trojan horse;cleaned by uninstalling

    As a result, rfactor2 no longer works, you can still load circuits but not drive. It remains in loading.

    I was able to find the solution in making an exception in Eset on the steam folder.

    After uninstalling rfator 2 and reinstalling I also got this message during the installation.

    Apparently there is something wrong with steam. I get this with more games such as on the laptop as PC.

    Don't know if it's only with Eset.
     
  3. ThomasJohansen

    ThomasJohansen Registered

    Joined:
    Dec 27, 2019
    Messages:
    617
    Likes Received:
    1,393
    It's not uncommon that an antivirus product detect false positives. Best advise is to set a antivirus program to only quarantine files and not delete them, then you can salvage them. But common sense works better than an antivirus program.
     
  4. ThomasJohansen

    ThomasJohansen Registered

    Joined:
    Dec 27, 2019
    Messages:
    617
    Likes Received:
    1,393
    just checked that file with virustotal.com
    nothing found.
    Mine was from 14.april 2022.

    Udklip2.PNG
     
  5. Coutie

    Coutie Moderator Staff Member

    Joined:
    Oct 5, 2010
    Messages:
    3,065
    Likes Received:
    1,558
    I checked with Windows Defender and found nothing. Could be a false positive with ESET.
     
  6. atomed

    atomed Member

    Joined:
    Jul 9, 2019
    Messages:
    1,122
    Likes Received:
    1,069
    Same here, zero issues.
    upload_2022-4-27_18-58-18.png
     
  7. JayPasta

    JayPasta Registered

    Joined:
    Apr 27, 2022
    Messages:
    2
    Likes Received:
    0
    Thank you everyone for the feedback. Hopefully, it was just a false positive, but it's still a bit concerning!
     
  8. DanRZ

    DanRZ Registered

    Joined:
    Aug 22, 2021
    Messages:
    122
    Likes Received:
    30
    Same problem here. On your antivirus, you can exclude these directories from scan :

    <whatever>\Steam\steamapps\downloading\365960\Bin\Bundles\
    <whatever>\Steam\steamapps\common\rFactor 2\Bin\Bundles\
    Edit : and <whatever>\Steam\steamapps\common\rFactor 2\Bin\Cache\

    Some paths are where files are downloaded before getting to their place.
     
    Last edited: Apr 27, 2022
    Sachmo likes this.
  9. 73_Dave_Martin

    73_Dave_Martin Registered

    Joined:
    May 27, 2016
    Messages:
    50
    Likes Received:
    12
    Same here, but how do you exclude those directories in ESET?
     
  10. Tomas Machan

    Tomas Machan Registered

    Joined:
    Jul 7, 2020
    Messages:
    3
    Likes Received:
    0
    Hi, I also have a trojan report via ESET, as described above.
     
  11. Franconen

    Franconen Registered

    Joined:
    Jan 1, 2019
    Messages:
    11
    Likes Received:
    26
    Same thing for me.
     
  12. Evert

    Evert Registered

    Joined:
    Apr 27, 2022
    Messages:
    4
    Likes Received:
    1
  13. Franconen

    Franconen Registered

    Joined:
    Jan 1, 2019
    Messages:
    11
    Likes Received:
    26
    Ok, i excluded the file from the detection and it works now.
     
  14. ThomasJohansen

    ThomasJohansen Registered

    Joined:
    Dec 27, 2019
    Messages:
    617
    Likes Received:
    1,393
    DanRZ likes this.
  15. DanRZ

    DanRZ Registered

    Joined:
    Aug 22, 2021
    Messages:
    122
    Likes Received:
    30
    Nice tutorial, except it is simplier to use folder exclusion since suspicious files never exist in our case for rF2 ...
     
  16. atomed

    atomed Member

    Joined:
    Jul 9, 2019
    Messages:
    1,122
    Likes Received:
    1,069
    I´d report it to ESET as a false positive for them to check it out.
     
    pace_car and trichens like this.
  17. pace_car

    pace_car Registered

    Joined:
    Dec 30, 2011
    Messages:
    29
    Likes Received:
    13
    noticed the same today....but i didnt use RF2 yesterday

    but weird this suddenly has become an issue...am using ESET and RF2 for years together now
     
    Last edited: Apr 28, 2022
  18. trichens

    trichens Registered

    Joined:
    Nov 2, 2020
    Messages:
    81
    Likes Received:
    45
    I worked for a software company for around 20 years. We released a new version of ourmain product which got automatically updated on customers PCs. Unfortunately a couple of anti-virus applications saw the new version as containing a virus and basically deleted the new version.
    We had lots of unhappy end users and took a while to figure out what had gone wrong, and then get a fixed version issued.
     
    atomed likes this.
  19. atomed

    atomed Member

    Joined:
    Jul 9, 2019
    Messages:
    1,122
    Likes Received:
    1,069
    Ugh, that can hurt a small bussiness so much, better get rid of it quick.
     
  20. lagg

    lagg Registered

    Joined:
    Oct 1, 2012
    Messages:
    2,903
    Likes Received:
    1,854
    Usually, reporting the false positive to the antiviral company, explaining them the code that caused the false detection, they add the program to a "white list"
     
    atomed likes this.

Share This Page