Risk of Rain Virus/Malware?

Discussion in 'General Discussion' started by BitHorizon, Nov 20, 2013.

Thread Status:
This thread has not been replied to for more than 90 days.
  1. BitHorizon

    BitHorizon Existential Complex

    When ROR came out on Steam, I was extremely excited. Once I put aside some money to purchase it, I did so immediately. When it was finished installing, AVAST! Antivirus gave me a startling message telling me that it found a rootkit. I didn't bother checking where it was or where it came from and simply followed AVAST!'s steps to remove it, and the computer restarted and booted from AVAST!'s safe scanner. I pulled out my other computer so I could play Risk of Rain while the other one took a long time to scan. I downloaded Risk of Rain, but out of precaution downloaded MalwareBytes to check to see if the other computer had become infected as well. Look at what I found:
    [​IMG]
    That's right. It says C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\39dll.dll.

    Here's the log that MalwareBytes returned to me after it was done being removed:

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.11.20.09

    Windows 8 x64 NTFS
    Internet Explorer 11.0.9600.16438
    Marshall :: MARSHALLG-HP [administrator]

    Protection: Enabled

    11/20/2013 3:40:47 PM
    mbam-log-2013-11-20 (15-40-47).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 603987
    Time elapsed: 2 hour(s), 1 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files (x86)\Steam\SteamApps\common\Risk of Rain\39dll.dll (PUP.HackTool.DDoS) -> Quarantined and deleted successfully.

    (end)

    This is not a troll post. This piece of malware was there immediately after ROR was installed. I did not place it there to fool anybody. I will post an update after I find out what was on the first computer after scanning it with a better antivirus than AVAST!. If anybody is curious, I downloaded it from Steam legitimately after paying $9.99 to the Steam Store.

    (That emoticon in the post is supposed to be the D drive, but the automated emoticons turned it into D:)
    • meow247

      meow247 Pangalactic Porcupine

      false positive perhaps?
      there are a lot of people that purchase and DL'd from steam but no one comlain about there being a virus
      perhaps avast sucks? :p
        Wasd_wasd likes this.
      • BitHorizon

        BitHorizon Existential Complex

        But it was MalwareBytes that returned the positive for a virus. MalwareBytes is superior to Avast. Perhaps it was just a mistake, but immediately after downloading the game on two separate computers and both finding a virus with two different antiviruses? That is suspicious. Does anyone else have any info on the file "39dll.dll"?
        • meow247

          meow247 Pangalactic Porcupine

          my 39dll file is clean though.. although it is download from humble :D
          anyway, i just search about 39dll and .. "39DLL is a poweful dll which gives you access to windows sockets using game maker. Make fast multiplayer games or connect to protocols like http, irc, ftp, etc. "
          so yeah.. just put it in white list or something ;)
            Wasd_wasd likes this.
          • BitHorizon

            BitHorizon Existential Complex

            Alright. Just to be safe, is there any way that I can get it on Humble Store without paying, seeing that I got it on Steam?
            • meow247

              meow247 Pangalactic Porcupine

              i have no idea. sorry :\
              • Sly 3 4 me

                Sly 3 4 me Starship Captain

                It's fine, both are safe. The Humble version is the same and also has it detected.

                ^That's my scan from two days ago on Malwarebytes.

                The last three are the last recent ones before it was available on Steam, the third entry is the current 1.0.1 version, but from Humble Bundle.

                Both have the same files and are safe, it's nothing to worry about.

                Malwarebytes is a good tool to remove some deep malware, but also gives you a bit of insight on things that could potentially be questionable, with this case it's 100% safe as it's just being used for the online functionality.

                Wanderlust also uses 39dll.dll and has it detected as the PUP, Matt made both of the online functionality.
                  Last edited: Nov 21, 2013
                  Wasd_wasd likes this.
                • I would add it to the exceptions and move on, it's not a virus.
                    Wasd_wasd likes this.
                  • BitHorizon

                    BitHorizon Existential Complex

                    Thanks for the clarification, guys!
                    • Rawrquaza

                      Rawrquaza Phantasmal Quasar

                      LLLEEEETTTHHHHHH!!!!
                      • sparkocm

                        sparkocm Orbital Explorer

                        Seeing as it is not entirely clear I will shed some light on the subject.
                        1. mostly all "decent" antivirus software will detect false positives they are not perfect after all (malwarebytes included)
                        2. the reason why you are being prompted as a virus in this .dll file is simple: its a vastly used file in terms of connection to your PC, and antiviruses tend to be paranoiac when it comes to stuff connecting to your PC or making outbound connections.
                        3. steam has a pretty reasonable virus "guard" for their files, additionally the file would be detected by steam prior to submission on their servers and thus defused and not submitted without repair.
                        4. It is generally common for popular antivirus SW like avast!, AdAware, Malwarebytes, Norton, McAfee,etc. to come up with this type of issues when their Data bases cross match with something that might be a "virus" under the name of "another clean file" so fear not before actually going into panic about a possible virus research just like you did.
                        5. as a tech savvy person I would recommend you the following things: Make periodical (physical backups of your PC) before going crazy with the Antivirus thing allow some time to see if there is corruption most "common" viruses have pretty straight forward effects on your PC and are noticeable e.g critical slowdowns, internet connectivity issues (slow speed), sudden bloatware installed on you system, etc. I recommend you to invest on a decent Antivirus (I must confess that I use Avast! though) but I highly suggest you use a much more powerful antivirus and actually invest on it, this type of SW is made so to protect you Avast! pro is a very good antivirus not the best but good for the money you pay.

                        So in conclusion seeing a "virus threat" is not necessarily true, but it's something to look into, research the "infected" file. quarantine it if your SW allows to, run a sandboxed mode of your OS to test it. submitted to 3 antivirus (different) with heuristic modules before going crazy. Oh and by the way, I personally don't trust malwarebytes, if you really want to try a "decent" antivirus go for BitDefender that thing is heavy duty and might be difficult to setup and get your exceptions up and blah blah blah... but it's by far one of the best SW for the matter.
                          Wasd_wasd likes this.
                        • Leth

                          Leth Risk of Rain & Wanderlust Developer

                          If you delete 39dll.dll, your online modes will not function.

                          39dll.dll is not a virus, malware, trojan, or any other kind of thing your silly little programs think it is - it's simply a Windows Socket api. Using your internet browser is a greater risk than playing Risk of Rain (or Wanderlust).

                          Nothing to see here.
                          • emp nu

                            emp nu Lucky Number 13

                            "39dll.dll is not a virus, malware, trojan, or any other kind of thing your silly little programs think it is - it's simply a Windows Socket api. Using your internet browser is a greater risk than playing Risk of Rain (or Wanderlust)."

                            Nothing to see hear except for a dev that, having been hounded for a reply for the last two weeks decides to use the phrase silly little programs. It's great to see one of your actually bother to address the issue in such a way as to prove my point that you don't give a damn about paying customers as much as the money they've already given. Some of us actually value our valuables, and need our computers for work. We, unlike you sniveling spoiled prats can't just hop onto the internet and beg for help.

                            Thank you, seriously, for this reply. When you could've very simply addressed the issues as they were brought up and alleviated fears, you chose instead to insult your consumer base. I will be using this to make sure the people I know don't waste any money on your trojans. In addition, I'll be forwarding it to steam as part of a back and forth to show to them the outright disrespect you have for your consumers.

                            I can't wait to see the news release saying your company went belly up.
                              blorx likes this.
                            • emp nu

                              emp nu Lucky Number 13

                              And before my choice of security suites comes into call, I use a legitimate paid copy of Iolo System Mechanic that has kept my computers problem free for the last decade, barring the one time where I white listed a game and suddenly had a worm appear that bound up all of my CPU resources. Given the choice between the tried and tested program and random crappy attitude dev duder, I'm going with the security suite with the ten+ year track record.
                              • Leth

                                Leth Risk of Rain & Wanderlust Developer

                                =(

                                I'm not justified in thinking an AV program is awful (let alone "silly") when it makes a false - and severely damaging - claim about the software I've developed? I deserve to have my company go "belly up"?

                                For the record, I would like to remind everyone here that the software I developed (or in this particular case, assisted with developing) was the only software in this discussion that was "working as advertised" - Risk of Rain is not prompting its userbase to delete essential libraries off of their computer.

                                If you're going to take part in an active campaign to assert false claims about my personal character and business practices, while citing a "false-positive" flag from an Anti-Virus program (along with my frustration with it) as your only evidence, how is it that I am being made out to be "the bad guy" in this thread?
                                  Last edited: Dec 23, 2013
                                • Hawkeman92

                                  Hawkeman92 Industrial Terraformer

                                  Silly little emp nu thinking a light hearted comment was an insult and then goes on to wish bad things to someone trying to be as pleasant as possible. I hope whatever put you in a bad enough mood to do this gets resolved and you have a dandy day. < 3
                                    Wasd_wasd, Munchgun and BitHorizon like this.
                                  Thread Status:
                                  This thread has not been replied to for more than 90 days.

                                  Share This Page