trojan virus Generik.ICX ESET virus scanner notification

Discussion in 'Technical & Support' started by JayPasta, Apr 27, 2022.

  1. Masterrenderer

    Masterrenderer Registered

    Joined:
    Apr 30, 2022
    Messages:
    3
    Likes Received:
    1
    Any update on this from the devs? It's a bit concerning that without a real update suddenly this issue pops up. It could be the RFactor files, but ofcourse also new antivirus database definitions
     
    Ahto likes this.
  2. Lazza

    Lazza Registered

    Joined:
    Oct 5, 2010
    Messages:
    10,583
    Likes Received:
    5,397
    Isn't that why it's not concerning?

    The .jar being picked up has a handful of small class files. Not surprisingly it has some sort of data access (net sockets and the like), which is why it will be more prone to being picked up as a false positive. Just like when you script a small installer/uninstaller (that, not surprisingly, can install and remove files, and uses the registry to decide what to do) and it gets picked up - because in broad terms it's doing the same thing some malicious code will want to do.

    If you own/run antivirus you should understand what it's doing. Do you trust rF2/Steam? Then create an exception.
     
    Masterrenderer likes this.
  3. dave roche

    dave roche Registered

    Joined:
    May 4, 2022
    Messages:
    2
    Likes Received:
    0
    hi,
    yesterday my virus software quarantined
    net.rfactor2.overlay.jar

    because it contained
    Dldr.Adwind.svfgb

    which stopped rf2 from loading.

    i verified the game files, which caused the net.rfactor2.overlay.jar file to be re-downloaded, and the virus software quarantined it again straight away.

    please can this file be cleaned so i can re-install it and use the software again?

    thanks in advance!
     
  4. JMCardenas

    JMCardenas Registered

    Joined:
    Jun 3, 2011
    Messages:
    351
    Likes Received:
    32
    Same problem here. But more serious, because the net.rfactor2.overlay.jar file is directly deleted by the antivirus. It does not even leave it in quarantine (Eset Nod32). And although the destination folder of that file excludes it from the analysis, it does not allow downloading said file when verifying rFactor2 in Steam, nor copying it from the backup copies. And if I completely deactivate Eset Nod32, it is the Windows antivirus that does the same thing, it does not allow it to be copied or installed on the computer.

    Therefore impossible to execute rFactor2
     
    Ahto likes this.
  5. dave roche

    dave roche Registered

    Joined:
    May 4, 2022
    Messages:
    2
    Likes Received:
    0
    Virus total says;
    IMG20220505172121.jpg
     
  6. DJCruicky

    DJCruicky Registered

    Joined:
    Jan 25, 2012
    Messages:
    1,349
    Likes Received:
    625
    I can happy say Avira no longer blocks these files now.
    3 days ago I sent the 2 files to their virus lab via their website.
    Had reply back saying "The analysis you requested is now complete: Files are clean."
    I've tested, I can confirm the files are not blocked no more by my virus checker Avira.
     
    davehenrie likes this.
  7. DJCruicky

    DJCruicky Registered

    Joined:
    Jan 25, 2012
    Messages:
    1,349
    Likes Received:
    625
    When Steam downloads files, they first go to a temporary location first before they are copied to rFactor. You will need add exclusions to that folder too. The folder is found at ......\SteamLibrary\steamapps\downloading\
    See post number 8 https://forum.studio-397.com/index....irus-scanner-notification.71825/#post-1096254
     
    Last edited: May 5, 2022
  8. Giovanni Cavallazzi

    Giovanni Cavallazzi Registered

    Joined:
    Mar 4, 2022
    Messages:
    13
    Likes Received:
    2
    I have the same problem, my rFactor2 don't works. It starts but I can drive and don't exit. What can I do?
     
  9. Lazza

    Lazza Registered

    Joined:
    Oct 5, 2010
    Messages:
    10,583
    Likes Received:
    5,397
    Create an exception for the files/folders that are being picked up. Google for instructions for your particular antivirus.

    *Note: half this thread is dedicated to people explaining what to do. Please read it!
     
    Levelup1 likes this.
  10. Alex96

    Alex96 Registered

    Joined:
    Dec 21, 2016
    Messages:
    73
    Likes Received:
    27
    error o virus.png Same here, with Microsoft Defender. It detects a malicious program(1) and the affected files(2) and started on the night of May 5th. The funny thing is that the infected bundle.jar file does not delete it, the other does. I have to check the files in Steam every time I want to play, because when I finish and exit RF2 I get the Defender notification and the overlay.jar file doesn't show up.
    It lets me start the game, but when it is going to start loading the circuit it crashes.
     
    Giovanni Cavallazzi likes this.
  11. Alex96

    Alex96 Registered

    Joined:
    Dec 21, 2016
    Messages:
    73
    Likes Received:
    27
    The Steam GameOverlayUI program, I think, has something to do with it??
    Now the circuit loads but it won't let me leave the box, the session and the weather don't appear, it's as if I hadn't finished loading the session.
    The GameOverlayUI program log tells me this:

    Fri May 06 14:26:26 2022 UTC - GameOverlay process started: pid: 992
    Fri May 06 14:26:26 2022 UTC - GameOverlay process connecting to: pid: 9548
    Fri May 06 14:26:26 2022 UTC - BuildID: 1647446817
    Fri May 06 14:26:26 2022 UTC - Steam Path: C:\Program Files (x86)\Steam
    vi. may. 06 14:26:26 2022 UTC - Got gameid on commandline: 365960
    vi. may. 06 14:26:26 2022 UTC - PNG load warning iCCP: known incorrect sRGB profile
    vi. may. 06 14:26:26 2022 UTC - PNG load warning iCCP: known incorrect sRGB profile
    vi. may. 06 14:26:26 2022 UTC - PNG load warning iCCP: known incorrect sRGB profile
    vi. may. 06 14:26:26 2022 UTC - PNG load warning iCCP: known incorrect sRGB profile
    vi. may. 06 14:26:26 2022 UTC - PNG load warning iCCP: known incorrect sRGB profile
    vi. may. 06 14:26:26 2022 UTC - PNG load warning iCCP: known incorrect sRGB profile
    vi. may. 06 14:31:03 2022 UTC - Detected possibly crashed/killed game, exiting
    vi. may. 06 14:31:03 2022 UTC - Shutting down overlay
     
  12. Giovanni Cavallazzi

    Giovanni Cavallazzi Registered

    Joined:
    Mar 4, 2022
    Messages:
    13
    Likes Received:
    2
    I don't have 1, and opted to go into Defender and allow the Overlay to run. That's how it all works.
     
  13. svictor

    svictor Registered

    Joined:
    Jan 20, 2019
    Messages:
    518
    Likes Received:
    3,272
    This is caused by missing net.rfactor2.overlay.jar file in Bin\Bundles folder, which the file was blocked or deleted by defender. You will have to first add this file to defender's exception (the first screenshot you posted, Acciones button), and if the file is only blocked it will then be restored by defender. If the file was deleted by defender already, then you need to verify game file integrity through steam to restore it.
     
    Giovanni Cavallazzi and Alex96 like this.
  14. Hiigara

    Hiigara Registered

    Joined:
    Apr 14, 2022
    Messages:
    6
    Likes Received:
    2
    So, there has been an actual trojan in the rF2 installation? Should i format my PC and reinstall windows?? Why are there no clear instructions from the dev team.
     
  15. Oldgamergazza

    Oldgamergazza Registered

    Joined:
    Jun 25, 2017
    Messages:
    77
    Likes Received:
    15
    I have to pause anti virus (Eset) to race.
     
  16. Lazza

    Lazza Registered

    Joined:
    Oct 5, 2010
    Messages:
    10,583
    Likes Received:
    5,397
    No, there is no trojan. No, you don't need to format your PC.

    Please learn what a false positive is.

    @Oldgamergazza I'm sure they'll adjust their detection at some point to let it run, but you should be able to create an exception as others have detailed in this thread.
     
    Giovanni Cavallazzi likes this.
  17. Giovanni Cavallazzi

    Giovanni Cavallazzi Registered

    Joined:
    Mar 4, 2022
    Messages:
    13
    Likes Received:
    2
    Thanks for the innformation, Svictor.
     

Share This Page