Jump to content
Update to the Latest Version for Smooth VPN Performance ×
Kaspersky Support Forum

False Positive: Mtool Translation Tool components (version.dll) incorrectly flagged as DLLHijack

ABS233

By ABS233
in Virus and Ransomware related questions

 Share

Recommended Posts

ABS233

ABS233

Posted
Posted

Hello Kaspersky Community and Lab Team,

I am reporting a persistent false positive issue involving a popular RPG game translation and optimization tool called Mtool.

Tool Website: https://mtool.app/

Detection Type: Typically flagged as Trojan.Win64.DLLhijack.gen.

Involved File: version.dll (located in various game root directories).

Description of the Issue: When using Mtool to translate RPG Maker games, the tool places a version.dll file into the game's folder to enable localized text rendering and UI overlays. Kaspersky frequently flags this file as a Trojan or a DLL Hijacking attempt and deletes it.

The tool is widely used by the gaming community for playing legally purchased titles in different languages. The tool uses the standard DLL Search Order Hijacking technique to hook into the game process. While this behavior mimics malware, it is a functional requirement for the translation engine to work without modifying the original game's encrypted assets. Please note that Mtool generates or modifies the version.dll specifically for each game engine instance. As a result, the hash value across different game directories, making individual file exclusions ineffective.

Could the Lab team please analyze the core logic of the Mtool injection component and consider creating a generic signature or a heuristic whitelist for its behavior? This would prevent thousands of users from having to manually disable their protection when playing translated games.

I have attached a few sample version.dll files from different games for comparison (Link: https://limewire.com/d/C3PI5#KldYl4rcxt Password: infected).

Best regards.

harlan4096

harlan4096

Posted
Posted

Welcome to Kaspersky Community.

 

I will try to report those 3 files, still, about your request:

 

Quote

Could the Lab team please analyze the core logic of the Mtool injection component and consider creating a generic signature or a heuristic whitelist for its behavior? This would prevent thousands of users from having to manually disable their protection when playing translated games.

I would create a ticket in official Support K. Support, since They can escalate your request to upper developers.

  • Like 1
harlan4096

harlan4096

Posted
Posted

The 3 files are not detected now.

  • Like 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...