Steam > warsim > indie, warsim.exe is detected as PDM:Trojan.Win32.Generic.nblk [Closed]

[suzanne]

I got a game on steam, got warsim. It is indie and still in development (I mention this because something similar happened before, also a indie game still in development). After playing for a few minutes I saw a pop-up from kaspersky saying it was potentially malicious, and it asked me If i wanted to scan so I did. It scanned and found the game malicious and put it in quarantine. It says the file warsim.exe is PDM:Trojan.Win32.Generic.nblk and i want to know if this might be a mistake? I didn't find any reviews saying it did bad stuff to their computers (very positive reviews) and the game has a community, but I don't want to risk damaging the computer. Help?

[Flood and Flood's wife]

Hello Suzanne, Welcome! Please go to KAV REPORTS, look for the PDM:Trojan.Win32.Generic.nblk alerts, export a report for the smallest period where the alerts show, preferably a 24hr report, save the report as a .txt file & please upload, using the upload button, in your reply. Late last week, Kaspersky Virus Lab advised, files submitted from Steam that generated PDM:Trojan.Win32.Generic.nblk alerts, were legitimately detected: "Kaspersky experts report: On Sunday, July 14, 2019, 20:18:29 GMT + 10, Kaspersky Lab. The detection is true. This proxy server implements scripts for mining cryptocurrency. Best regards, DS, Malware Analyst 39A / 3 Leningradskoye shosse, 125212, Moscow, tel. / Fax: + 7 (495) 797 8700 http: //www.Kaspersky Virus Lab" https://community.kaspersky.com/kaspersky-total-security-22/kis-19-0-0-1088-f-detele-steam-file-moved-2217 The post is in Russian, unless you read Russian, you'll need to use a translator. The Steam game is different, however, if the objects your Steam game are the same, the same advice applies.

1. In certain situations exclusions can be applied.
2. You would configure KAV to do that, but, before we go thru that, it would be good to look at the detections.
3. Creating exceptions is always done with a complete awareness of the possibles risks.

Please let us know? Many thanks. '

[suzanne]

Is this what you meant? Also, "mining crypto currency" does that mean they use your computer to get something like bitcoin? Edit: sorry for some of the other stuff in it, they happened after the game in question was scanned but before I generated the report

[Flood and Flood's wife]

Hello Suzanne, Thank you for the report, it's exactly what's needed:thumbsup_tone2: I'll post back shortly, I have some information for you which you may need if/when communicating with the Lab. Thanks.

[Bill Garthright]

OK, I’m having the same problem with the same game on Steam: Warsim: The Realm of Aslona. This game has worked fine for me all week. All of a sudden, I’m getting the same warning from Kaspersky.

This previous post was three months ago, and it ends with “I’ll post back shortly.” So,... is this a real problem? Is it a false positive? What do I do next?

I followed the instructions above and I’m posting a text file with the same information. Thanks.

 

[richbuff]

Welcome. 

Please contact Tech Support: https://my.kaspersky.com/support/

Please attach the following items to your Tech Support request: 

a. Description of the issue.
b. Detection report.

[Igor Kurzin]

Please also attach the file to your request to Technical Support in a password protected archive:

C:\Program Files (x86)\Steam\steamapps\common\Warsim The Realm of Aslona\Warsim.exe

Thank you. 

[Bill Garthright]

OK, I reported it to Tech Support and included those files. Thanks!

I’ll post further when I hear something back.

 

[Bill Garthright]

I heard back from Tech Support. This was a false positive, and Kaspersky seems to have fixed the issue already.

Thanks again.