These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Issues, Workarounds & Localization

 
  • Topic is locked indefinitely.
12Next page
 

Windows Defender says Eve's blue.dll is a "Password Stealer"

First post
Author
Previous Topic Next Topic
Armenius Lennelluc
The Scope
Gallente Federation
#1 - 2013-05-08 14:23:40 UTC  |  Edited by: Armenius Lennelluc
This just started occurring today. Can't launch Eve because Windows Defender (on 8 Pro, x64) is claming C:\Program Files (x86)\CCP\EVE\bin\blue.dll is a "Password Stealer".



Windows Defender encountered the following error: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

Category: Password Stealer

Description: This program has potentially unwanted behavior.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
file:C:\Program Files (x86)\CCP\EVE\bin\blue.dll




Edit:

Here is an additional file being caught:


Windows Defender encountered the following error: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

Category: Password Stealer

Description: This program has potentially unwanted behavior.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
file:C:\Program Files (x86)\CCP\EVE\tmpmhxf7c.tmp
Doc Fury
Furious Enterprises
#2 - 2013-05-08 14:29:09 UTC
Maybe CCP is just behind on its tithing to M$.







There's a million angry citizens looking down their tubes..at me.
James Amril-Kesh
Viziam
Amarr Empire
#3 - 2013-05-08 14:29:46 UTC
Maybe you should permit it then. Or is CCP not a trusted software publisher?

Enjoying the rain today? ;)
Kelby
#4 - 2013-05-08 14:33:42 UTC
Run repair? Maybe the DLL itself has picked up an infection?
Equus
Republic Military School
Minmatar Republic
#5 - 2013-05-08 14:33:58 UTC
Eve works fine for me on Windows 8 running defender, also, I have no clue what that second file you listed is, I do not have it in my Eve install directory.
Commissar Kate
Kesukka
#6 - 2013-05-08 14:35:00 UTC
James Amril-Kesh wrote:
Maybe you should permit it then. Or is CCP not a trusted software publisher?



Not after boot.ini Roll

-k8

My Fanclub
Jake Warbird
Republic Military School
Minmatar Republic
#7 - 2013-05-08 14:35:16 UTC
Were you in lowsec recently? Must've picked up a virus.

Sugar Von MurdererTits : Jake Warbird gets my vote for most intriguing and attractive male character in Eve.
Brujo Loco
Brujeria Teologica
#8 - 2013-05-08 14:40:58 UTC

VirusTotal
SHA256: 312a7fd0a76c52b75e8064618f479a74dd20025778ea38e5727055c445af277c
File name: blue.dll
Detection ratio: 0 / 46
Analysis date: 2013-05-08 14:38:44 UTC ( 0 minutes ago )

That´s what Virus Total says and Malwarebytes comes clean too on the dll, at least MY blue.dll

Odd, why dont u try a Virus Total scan of yours?

Inner Sayings of BrujoLoco: http://eve-files.com/sig/brujoloco
Noriko Mai
#9 - 2013-05-08 14:43:19 UTC
Don't use AntiVirus software. It's useless. Cool

"Meh.." - Albert Einstein
Armenius Lennelluc
The Scope
Gallente Federation
#10 - 2013-05-08 14:46:05 UTC
Brujo Loco wrote:

VirusTotal
SHA256: 312a7fd0a76c52b75e8064618f479a74dd20025778ea38e5727055c445af277c
File name: blue.dll
Detection ratio: 0 / 46
Analysis date: 2013-05-08 14:38:44 UTC ( 0 minutes ago )

That´s what Virus Total says and Malwarebytes comes clean too on the dll, at least MY blue.dll

Odd, why dont u try a Virus Total scan of yours?



SHA256: 312a7fd0a76c52b75e8064618f479a74dd20025778ea38e5727055c445af277c
File name: blue.dll
Detection ratio: 0 / 46
Analysis date: 2013-05-08 14:44:59 UTC ( 0 minutes ago )



Interesting. I wonder if my Windows Defender is just being funky then...
Implying Implications
Sebiestor Tribe
Minmatar Republic
#11 - 2013-05-08 14:51:02 UTC
You should get that checked out.

hello
Muad 'dib
State War Academy
Caldari State
#12 - 2013-05-08 14:51:23 UTC
Its probably a new thing from Sony to help keep your account safe, they are pioneers of internet security you know.

Cosmic signature detected. . . . http://i.imgur.com/Z7NfIS6.jpg I got 99 likes, and this post aint one.
Nam Dnilb
Universal Frog
#13 - 2013-05-08 14:55:57 UTC
Running Win8 Pro and Defender here. My blue.dll has the same SHA256 checksum and I don't get any alerts.

Defender has signature update 1.149.1500.0 currently.
March rabbit
Aliastra
Gallente Federation
#14 - 2013-05-08 15:03:15 UTC
Armenius Lennelluc wrote:

Windows Defender encountered the following error: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

i just find this funny: "there is no BAD software on this computer. Something is wrong!!! Shocked"
Lol

The Mittani: "the inappropriate drunked joke"
Muad 'dib
State War Academy
Caldari State
#15 - 2013-05-08 15:05:42 UTC
"besides windows 8, obviously, your machine has no other bad software installed or infected"

Cosmic signature detected. . . . http://i.imgur.com/Z7NfIS6.jpg I got 99 likes, and this post aint one.
Wodensun
Caldari Provisions
Caldari State
#16 - 2013-05-08 15:30:35 UTC  |  Edited by: Wodensun
Noriko Mai wrote:
Don't use AntiVirus software. It's useless. Cool


Its people like you that get turned into bots...

Also win defender is rubish

Ps, can you drop that temp file in virus total as wel? And check your quarantine folder of defender see if it quaranteend something that is what the error code relates to.

Do not give me likes them 101 likes arent a accident...
Oxandrolone
Center for Advanced Studies
Gallente Federation
#17 - 2013-05-08 16:31:28 UTC
Windows 8

thanks for the laugh
Sergeant Acht Scultz
School of Applied Knowledge
Caldari State
#18 - 2013-05-08 16:36:05 UTC
Armenius Lennelluc wrote:
Brujo Loco wrote:

VirusTotal
SHA256: 312a7fd0a76c52b75e8064618f479a74dd20025778ea38e5727055c445af277c
File name: blue.dll
Detection ratio: 0 / 46
Analysis date: 2013-05-08 14:38:44 UTC ( 0 minutes ago )

That´s what Virus Total says and Malwarebytes comes clean too on the dll, at least MY blue.dll

Odd, why dont u try a Virus Total scan of yours?



SHA256: 312a7fd0a76c52b75e8064618f479a74dd20025778ea38e5727055c445af277c
File name: blue.dll
Detection ratio: 0 / 46
Analysis date: 2013-05-08 14:44:59 UTC ( 0 minutes ago )



Interesting. I wonder if my Windows Defender is just being funky then...



Because with smarscreen anything that can change initial windows files seems considered as virus or malware.

Disable smartscreen, it's not a problem if you haven't figured yet how it works, if you don't ant to bother with it and just use your usual anti virus+win firewall or your AV firewall, you still need to create exceptions for eve.exe process so those don't spend resources scanning Eve files on execution.

Nothing to worry about.

You can also disable all the ****** stuff you don't like/need like meteo and other stuff doing API calls, just right click on the small tag and click "uninstall" or "disable" on the bottom.

Change your Metro interface for Win7 and get rid of those corner things that change your life? -easy, just get Classic Shell and use advanced settings to recover a better looking Win7 interface.

-smarscreen -API calls ****** stuff -Metro interface and you get exactly a Win7 but way faster, little resource hungry and gives you the best out of your hardware (specifically recent one)

For eve eventually use fixed window if you have issues, I'm not getting any these days, seems CCP is doing some work on those pesky issues we had at the beginning.

removed inappropriate ASCII art signature - CCP Eterne
Armenius Lennelluc
The Scope
Gallente Federation
#19 - 2013-05-08 17:30:43 UTC
Wodensun wrote:
Noriko Mai wrote:
Don't use AntiVirus software. It's useless. Cool


Its people like you that get turned into bots...

Also win defender is rubish

Ps, can you drop that temp file in virus total as wel? And check your quarantine folder of defender see if it quaranteend something that is what the error code relates to.


The files don't stick around. It looks like they're only there temporarily while it's patching.
Noriko Mai
#20 - 2013-05-08 17:35:27 UTC
Wodensun wrote:
Noriko Mai wrote:
Don't use AntiVirus software. It's useless. Cool


Its people like you that get turned into bots...


I don't think so.

"Meh.." - Albert Einstein
12Next page