trojan virus Generik.ICX ESET virus scanner notification

Discussion in 'Technical & Support' started by JayPasta, Apr 27, 2022.

  1. destihado

    destihado Registered

    Joined:
    Apr 28, 2022
    Messages:
    2
    Likes Received:
    0
    My case with this is abit more complicated i am afraid .... I tried validating the game files once i found the trojan message from Eset and first i got the message that "1 file failed to verify and will be reaquired" . Then aquairing the file which is 2.75 mb in length , the re-downloading stops ans i get no "play" ability . I constantly get the antivirus pop-up that stops the download and no joy ... Any tips ?

    thanks and best regards



     
  2. destihado

    destihado Registered

    Joined:
    Apr 28, 2022
    Messages:
    2
    Likes Received:
    0
    Ok i excluded file from Eset and seems to be fine !!

    best regards
     
  3. MikeV710

    MikeV710 Registered

    Joined:
    Mar 29, 2022
    Messages:
    412
    Likes Received:
    255
    atomed likes this.
  4. Lazza

    Lazza Registered

    Joined:
    Oct 5, 2010
    Messages:
    12,515
    Likes Received:
    6,672
    It's really not very weird. The slightest change to either can coincidentally cause a false positive. With user reports the next small update will probably stop it. Then something else will trigger, get reported, etc.

    They err on the side of caution.
     
  5. Coutie

    Coutie Moderator Staff Member

    Joined:
    Oct 5, 2010
    Messages:
    3,823
    Likes Received:
    2,312
  6. Evert

    Evert Registered

    Joined:
    Apr 27, 2022
    Messages:
    4
    Likes Received:
    1
    notification of the trojan
     

    Attached Files:

  7. kokpit

    kokpit Registered

    Joined:
    Mar 11, 2012
    Messages:
    5
    Likes Received:
    0
    I found this problem yesterday to because my steam is on my d drive i just excluded the whole drive from eset everything works mint now
     
  8. CollierT11

    CollierT11 Registered

    Joined:
    Oct 7, 2010
    Messages:
    19
    Likes Received:
    32
    BitDefender is raising questions about a Trojan in the latest update:

    upload_2022-4-28_23-20-26.png

    Now, before somebody tells me to exclude that folder from scanning, let me ask....why would I want to do that? That's the whole reason for anti-virus. There's been more than one occasion where a game or software update or release has had a virus (in most cases accidentally).

    I'm just posting here for the sake of sharing what my A/V is saying....
    but you can bet that I'm not going to let this update through for now.
     
    Ahto likes this.
  9. Tomas Machan

    Tomas Machan Registered

    Joined:
    Jul 7, 2020
    Messages:
    3
    Likes Received:
    0
    I also excluded the file from detection. Now the only way rF2 can work o_O
     
  10. davehenrie

    davehenrie Registered

    Joined:
    Jul 6, 2016
    Messages:
    7,563
    Likes Received:
    4,452
    watch this thread, there have been several ESET virus scanner users who have gotten this. And now BD as well it seems, but IF it was a real trojan, all of us would be getting warnings.
     
  11. Lazza

    Lazza Registered

    Joined:
    Oct 5, 2010
    Messages:
    12,515
    Likes Received:
    6,672
    @CollierT11 A/V can't tell you for sure that you don't have a virus, and in many cases it's only guessing that you do (that's what heuristics does). It's a tool to help you decide what to do. So you're absolutely free to avoid the RC if that's your choice, at least until it either changes slightly again (and is no longer picked up) or the A/V definitions are adjusted to no longer flag the false positive. At which point you'd be using the same thing you're avoiding now.

    Can never be sure, but the 'group' testing sites are normally a pretty good indicator.
     
  12. seamount

    seamount Registered

    Joined:
    Feb 8, 2016
    Messages:
    57
    Likes Received:
    59
    Hi all, now I see this thread .... today I had that problem ... I began receiving an "error writing file" during a rfactor2 update/download in steam ... then rfactor2 started but while starting the game I receive a blocking message from my antivirus ... than I excluded the directories (steam/common/rfactor2 and "downloading"), the game starts but when I try to start a race, it does not upload the track ...

    that's where I hate rfactor2 (that I still love ...) because when something like that happen, there is no way to have it working fine again ... I already spent two hours for that and now ? what could I do ?

    I fear I will have to disinstall it and then reinstall ?
    Here I ask your help ... and if I have to reinstall it, which settings files etc should I save before that process, to not have to redefine everything from scratch ?
     
    Rodolfo likes this.
  13. davehenrie

    davehenrie Registered

    Joined:
    Jul 6, 2016
    Messages:
    7,563
    Likes Received:
    4,452
    first off, DO NOT un-install. Just a waste of your time when all your DLC begins re-downloading. The simplest procedure is to rename your player.json file and restart rF2. It will create a fresh copy. If that doesn't correct the problem, rename the entire User Data folder. (re-naming preserves all your controller presets which you can copy back when things get up and running.)

    rF2 does write to several JSON files when it exits and that makes it particularly vulnerable to corrupted files if the process gets interupted by a CTD, or lately, this virus scanner intrusion.
     
    Last edited: Apr 29, 2022
  14. Anto870

    Anto870 Registered

    Joined:
    Sep 8, 2014
    Messages:
    130
    Likes Received:
    58
    Scan with malwarebytes and report here.
     
  15. smbrm

    smbrm Registered

    Joined:
    Nov 11, 2010
    Messages:
    440
    Likes Received:
    50

    This is pretty much what I am getting too, with latest bit defender update. Mine was bundle33 which was rejected when I attempted a game file verfication. Game file verification was halted immediately and could not be resumed without locking again.

    Interestingly, I did a full system scan and bitdefender found the same issue with “several bundle files in a cache folder that I had saved previously on another drive. It was a 2020 instance of cache.

    From 2020:
    --- Bin\Cache\bundle57\version0.0\bundle.jar=>net/rfactor2/overlay/WebProxy.class Java.Trojan.GenericGBA.31463
    --- Bin\Cache\bundle33\version0.0\bundle.jar=>net/rfactor2/overlay/WebProxy.class Java.Trojan.GenericGBA.31463
    --- Bin\Bundles\net.rfactor2.overlay.jar=>net/rfactor2/overlay/WebProxy.class Java.Trojan.GenericGBA.31463
    --- Bin\Bundles\net.rfactor2.overlay.jar=>net/rfactor2/overlay/WebProxy.class Java.Trojan.GenericGBA.31463

    Interestingly, not all of these files were identified, except bundle33 as issues with my 2022 AV observation? So what is different about those files other than bundle33, that they are not flagged by the 04/28 2022 AV update?

    So whatever this is it I not new to rFactor 2, but appears to be new to bitdefender?

    The problem manifests as:
    rFactor 2 UI loads, however in :
    Multiplayer:
    no animated track loading screen, just a black screen. Only way to get out is to kill rFactor in task manager

    Single Player:
    - no animated track loading screen. rF2 goes straight to what looks like a partial "watch" screen showing a static camera view, a disfunctional drive button, and exit button(upper left corner). A function gear button in upper right corner. Graphics tab is grossly under populated with minimal functions.
     
    Last edited: Apr 29, 2022
  16. Ahto

    Ahto Registered

    Joined:
    Apr 29, 2022
    Messages:
    2
    Likes Received:
    1
    ESET does not like the file and i did not succeed putting it under exceptions.
    net.rfactor2.overlay.jar
    (SHA-1 for the file is 1919155e2fdd3908ca682ad2f7ae04923fbec23c)

    virustotal.com reports "9 security vendors and no sandboxes flagged this file as malicious":
    https://www.virustotal.com/gui/file...d41815ad588ec4c93229dd31def8c3ecaa6/detection

    under "Details" tab, sha-1 for that file is 1919155e2fdd3908ca682ad2f7ae04923fbec23c
     
  17. dav_0075

    dav_0075 Registered

    Joined:
    Sep 24, 2018
    Messages:
    120
    Likes Received:
    84
    i too have the virus I can no longer play! if anyone has a solution thank you
     
  18. mesfigas

    mesfigas Registered

    Joined:
    Oct 15, 2015
    Messages:
    1,740
    Likes Received:
    830
    if your antivirus has the rfactor 2 file in quarantine then this is the reason why you cannot play
    just go to quarantine settings find the file and press restore
    after that go to antivirus settings and exclude the steam folder so no false alarm will be in the future
     
  19. dav_0075

    dav_0075 Registered

    Joined:
    Sep 24, 2018
    Messages:
    120
    Likes Received:
    84
    Thanks for your answer, I tried but it didn't work.
    screen blocked as you can see in the photo ... thank you
     

    Attached Files:

  20. Lazza

    Lazza Registered

    Joined:
    Oct 5, 2010
    Messages:
    12,515
    Likes Received:
    6,672
    Check your a/v logs to make sure it's not quarantining something else. Try verify rF2 files in steam and try again. And check the a/v logs again.
     

Share This Page