RandyJackspoon Posted August 29, 2016 Share Posted August 29, 2016 (edited) This mod: http://www.nexusmods.com/morrowind/mods/36945/?tab=1&navtag=http%3A%2F%2Fwww.nexusmods.com%2Fmorrowind%2Fajax%2Fmoddescription%2F%3Fid%3D36945%26preview%3D&pUp=1Contains this specific Trojan virus: https://www.microsoft.com/en-us/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FRundas!plock I downloaded this mod a couple of days ago and just now got around to working through the installation process. I found it kind of odd that the installer had me turn of UAC on my administrator account, though I figured 'eh, it's a pretty hefty installer I'll let it slide'. About halfway through the backup process of the Morrowind file directory, I got a message from Windows defender stating that it had found some malware. Specifically this: http://i.imgur.com/TnCxZe9.png I've since 'removed' it, though I'm not sure if this has happened to everyone, or if it just so happened to me. Anyway, thought I'd report it just to serve as a forewarning then next time someone decides to download this file. Also: Is there a main, or more reliable source for the mod? EDIT: I've been reading up on this, and I'm kind of curious if this is actually a dangerous mod or not? Edited August 29, 2016 by RandyJackspoon Link to comment Share on other sites More sharing options...
bill8872 Posted August 29, 2016 Share Posted August 29, 2016 You might want to put this on the main Nexus forum, as it should be free of stuff like this.Or you got this from another source, and it just happened to trigger during this process. Link to comment Share on other sites More sharing options...
RandyJackspoon Posted August 29, 2016 Author Share Posted August 29, 2016 You might want to put this on the main Nexus forum, as it should be free of stuff like this.Or you got this from another source, and it just happened to trigger during this process. I downloaded this particular file from the Nexus. I've done some looking around and i guess it seems to be rather universal, except everywhere I've read it's been only a flag warning whereas WD actually found the file and had to delete it's malicious entirety. Quite honestly this is really disappointing given that Morrowind deserves an overhaul, and this seems to be the best one out there. Link to comment Share on other sites More sharing options...
Dragon32 Posted August 30, 2016 Share Posted August 30, 2016 Tempted to say false positive. The MS info page is useless. Technical info: "The summary tab has all the available details for this threat." Summary tab: "Windows Defender detects and removes this threat. This threat can perform a number of actions of a malicious hacker's choice on your PC." I mean. WTF is that supposed to be? Defender identified the issue in MGEStable.exe, try uploading that file to VirusTotal. Or if you have the file hash see if someone else has scanned it. That'll give you information on the file from ~40 different AV engines. Look for what the good ones say. IIRC, MGSO uses auto hot key or some such similar techniques to set-up the included programs like MGE XE. Chances are Defender has identified that and flagged it as a Trojan (bad file masquerading as a good file). Basically assuming that a program which contains code like that is malicious. It's somewhat understandable with ~200K unique malicious files per day. FUD like this, though, helps no-one. Link to comment Share on other sites More sharing options...
kiowaza Posted August 18, 2017 Share Posted August 18, 2017 (edited) I have the same problem. I wanted to install the mod and then it took control of my mouse and keyboard. Then it suddenly froze to memory dump and restarted my PC. I thought this was a usual memory error but after my PC restarted it asked me to define my boot drivers. And when I started Windows I did a scan with Malware Bytes and a rootkit scanner and both of them found a trojan infected in one of the processes running in the background. It wasn't there yesterday I had scanned my computer with the same things. I reported the file already and doing a thorough scan of my computer now. Also check this too http://forums.iobit.com/forum/iobit-security-software/false-positive-reports-by-iobit-products/16254-false-positives-for-morrowind-graphics-and-sound-overhaul-mgso-tools-and-fallout-3 This websites staff says it might not be a false positive since separate places report it as malicious software. And come on... Why would a texture and sound mod want to install itself remotely? Why not just a .rar file like other mods? Why such an invasive installer? There is something not right about this. I say don't trust it. You may be trusting because a lot of people have downloaded the file etc but this is how security flaws happen. Larger number of people have downloaded much more popular files from much more "confident" sources before and it ended up ruining a lot of peoples lives in the past. Edited August 18, 2017 by kiowaza Link to comment Share on other sites More sharing options...
ProfArmitage Posted August 18, 2017 Share Posted August 18, 2017 (edited) There seems to be something about Morrowind and its associated software that antivirus programs don't like. I've occasionally had Kaspersy Internet Security insist that the main Construction Set exe is a virus and try to delete it. ...Just got it now in fact, while doing a clean install in preparation for a modded-to-the-eyeballs playthrough. It thinks TES Construction Set.exe is infected with Trojan.Win32.Shifu.aax. It always happens during the Tribunal installation. Edited August 20, 2017 by ProfArmitage Link to comment Share on other sites More sharing options...
Recommended Posts