PDA

View Full Version : False Positives?


Dope
12-16-2019, 12:21 PM
https://www.virustotal.com/gui/file/98be1166f9b099bd25b33a078d36e5b259f83843a43bff8d81 c514f6024f0e9a/detection

I'm assuming these are false positives, but why do they come up? Is it due to the .jar connecting to the server?

Psionyx
12-16-2019, 01:18 PM
I believe they are false positives. When I was compiling files into an EXE before the update, I was having issues with media fire sometimes flag for virus, sometimes not. If there was a true positive, it would hit Everytime. I believe it's just heuristics scanning that picks it up, but I'm no John McAfee :p

Dope
12-16-2019, 01:48 PM
I believe they are false positives. When I was compiling files into an EXE before the update, I was having issues with media fire sometimes flag for virus, sometimes not. If there was a true positive, it would hit Everytime. I believe it's just heuristics scanning that picks it up, but I'm no John McAfee :p

Yeah that seems to be the case, I looked up the detections and there's nothing specific. Guess it's time to get started. :devil:

(plus it was first scanned yesterday, and nowadays it seems most crypter stubs don't keep them undetectable for more than an hour)

Cache
12-16-2019, 03:52 PM
Seems to be the case as nothing harmful in our game play client. I appreciate any virusscans as proof once you finish up scanning. Thank you.

Zkiller
12-16-2019, 09:21 PM
Seems to be the case as nothing harmful in our game play client. I appreciate any virusscans as proof once you finish up scanning. Thank you.

All of those scans are virus scans...

It's false positive, because the path and injection that these clients run on needs to go through some sensitive parts of your computer essentially.
If you haven't seen it before there's some fairly basic Java injection where people can put RATs onto your computer following the same procedure and security protocols that is set up to run servers like these.

With that being said, no.
There's no issue with this server.
You are vulnerable to applications like these, but that's the risk you take for playing a illegal copy of a game.
Just go to the open source server and client that is hosted on their website and look through it yourself.
This is people that leave their projects open sourced is so that people that want to look through what's going onto their computer can and if they want to replicated and host their own version of this server they can also do that.

Dope
12-16-2019, 10:55 PM
All of those scans are virus scans...

It's false positive, because the path and injection that these clients run on needs to go through some sensitive parts of your computer essentially.
If you haven't seen it before there's some fairly basic Java injection where people can put RATs onto your computer following the same procedure and security protocols that is set up to run servers like these.

With that being said, no.
There's no issue with this server.
You are vulnerable to applications like these, but that's the risk you take for playing a illegal copy of a game.
Just go to the open source server and client that is hosted on their website and look through it yourself.
This is people that leave their projects open sourced is so that people that want to look through what's going onto their computer can and if they want to replicated and host their own version of this server they can also do that.

No wonder I had trouble finding with a reliable Java friendly-RAT back in the day -- I was doing it all wrong. xD

Thanks for the reassurance and clarification.

Nozemi
12-18-2019, 01:59 AM
https://github.com/superblaubeere27/obfuscator/issues/46

Someone discussed it here, should be the same topic for our case.

Not sure if Pro Noob published the source code for the client as well.