Trojan:Script/Wacatac.B!ml
-
Found attached to Falcon BMS 4.37.exe. Anyone else find this? A vulnerability maybe?
-
Antivirus isn’t. I’m still wondering anyone is still using AV software (and even worse, trusting it to do anything useful )
Safe browsing using a decent browser and as safe OS (Linux is a good choice here) and the usual plugins (ublock origin, noscript, privacy badger) and general common-sense usage of the internet will keep you safer than blindly “trusting” any AV vendor and accepting all the negative side effects that AV control over your system brings.
Just my 2c (online since 1989 and I’ve never had any issues with viruses / virii).
Cheers, Uwe
-
@Dufus
I’ve had the same thing, antivirus (ESET NOD32) found something “potentially dangerous” in the launcher. However, it’s obviously a false alarm. For me, I’m not known of any infections through BMS (Of course, only if you downloaded it from the official site). I’ve been playing BMS for a relatively long time, and like thousands of other people haven’t experienced any security issues. I think you can ignore this warning. -
you can also sublit it to the AV company so they improve their scan…
-
Thanks. I was just trying to help everyone else. I only use Edge, and it was Microsoft Defender that found it. Not likely an error. I’m not saying that this trojan was there before. I’m saying that it must have attached itself to Falcon BMS 4.37.exe after gaining access to my system or network. I had to re-install Falcon. I already use uBlock Origin. I suspect it was a Chinese device software I installed a month before. It’s the only thing I had installed since Falcon a month before that.
-
@Dufus Actually more likely a Microsoft error than not. I had this for launcher and IVC I have exceptions for everything BMS.
-
Had the same feedback from the Windows 10 defender. Same message, from just a mission .ini file.
Submitted the file to an online antivirus : nothing found.
I believe there is something in those mission ini files that Microsoft does not like. -
Well, it’s fine now after reinstall. Thanks…
-
@hoover always curious about the security background of people recommending not using AV. Hoover do you have any professional background in networking, system administration or computer security?
-
@jcook just submit the file to the AV company for them to update their DB…
-
@jcook
I was involved with infosec at both msft and amzn, for couple decades. I’d stop short of broadly recommending everyone on earth to disable AV… But for reasonably tech savvy users, honestly, yeah it’s a reasonably close call.The AV situation is grim. They use probabilistic detection filters (like https://en.wikipedia.org/wiki/Bloom_filter) to detect “signatures” of malware. But that means occasional false-positives, especially when scanning huge 4Gb+ payloads. And these bloom-filters run as part of the file system driver stack… so that means you burn a lot of CPU with every disk I/O operation, to wash every I/O buffer through the filter. The performance cost is real – have a look at “MsMpEng.exe” in taskmgr, on a stock Windows system… unless you’re mining crypto or doing AI stuff it is typically the highest cumulative CPU and RAM usage of any system service.
And the annoyance factor is real, as we see in these threads – over the longer term, false-positives create a “crying wolf” effect that is harmful to the cause.
Then, consider all this with the context that (most?) modern browsers have builtin malware scanning, for downloaded files… so, classic AV is (a) partially redundant, (b) moderately perf intensive, and (c) cries wolf, with false positives.
Reasons to keep AV: if you live or work in an untrusted network environment (college campus, small business etc) or if you regularly exchange files with others/strangers via email attachments or similar… or if you share a PC with someone in your house… or you’re a gamer downloading dodgy mods from dodgy sources… especially from sources like torrent that bypass browser-based layer of defense.
Ok that last example could be said to cover BMS but like others here have said… there have been no problems in its ~20 year history.
I personally do still run Windows Defender, just with an exclusion-rule for ‘C:\Falcon BMS’.