ransomware behavior

[SteelEagle]

Hello I would like to know what it is about your game that would trip my antiviruses ransomware detection. Its telling me a file was encrypted in regards to a steam log?

Edited July 9, 2020 by SteelEagle
spelling

[NodSaibot]

Could you provide a file name or more specific than "Steam log?" The game implements the SteamAPI but besides that there's not much else with Steam.

[Suspiria]

And what antivirus are we talking about here?
Are you running Steam when you get the detection notice? (check for tray icon)

[SteelEagle]

I use Bitdefender. The details are as follows. The process C:\Program Files (x86)\Renegade X\Launcher\Renegade X Launcher.exe manifests ransomware behavior and was blocked. Several files were encrypted by it and we couldn't automatically restore all of them. You can find the files to be restored below.

The file in question is connection_log_7777.txt C:\Program Files (86)\Steam\logs

Yes I run steam all the time my AV has no problem with it. 

Edited July 9, 2020 by SteelEagle
extra info

[N4CR]

Bitdefender ain't exactly premium AV lol but yeah I wouldn't worry... put an ignore rule in and move on. 

[Suspiria]

5 hours ago, SteelEagle said:

I use Bitdefender. The details are as follows. The process C:\Program Files (x86)\Renegade X\Launcher\Renegade X Launcher.exe manifests ransomware behavior and was blocked. Several files were encrypted by it and we couldn't automatically restore all of them. You can find the files to be restored below.

The file in question is connection_log_7777.txt C:\Program Files (86)\Steam\logs

Yes I run steam all the time my AV has no problem with it. 

To make sure: upload your "Renegade X Launcher.exe" file to VirusTotal and report back the result.
Also, for your safety, I have installed BitDefender myself to check for a false-positive.

Under no circumstance does mine warn of ransomware.

However, it is acting triggerhappy on other (online) files which could not be more clean.
So that already tanks my trust in BitDefender as to not play on the customer's fears.

Which version of BitDefender are you using exactly?

Kindly be reminded that today's ransomware attacks are overally decreasing and also shifting to businesses.
Nevertheless, do take precautions such as making an offline backup of your most sensitive or valuable files.

IF ever you fear or suspect an active ransomware encryption process: hibernate the machine.
Then unplug the power and calmly yet timely seek professional assistance. Do NOT reboot or shutdown.

Renegade X's Launcher does indeed interact with Steam.
In what way I don't know, but this is obviously a false positive.

Edited July 9, 2020 by DugeHick

[SteelEagle]

Thank you for your time and response.

I have BitDefender total security I ran the file through virus total as requested but it seems clear even with there read on BitDefender.

I appreciate the advice. I have a handful of games that I play and that was the first time something like that came up.

Once more thank you for your quick, kind, and professional response. 

[Suspiria]

On 7/9/2020 at 11:44 PM, SteelEagle said:

I have a handful of games that I play and that was the first time something like that came up.

Once more thank you for your quick, kind, and professional response. 

Yes, I understand. I would've double-checked it too.
You're quite welcome.

EDIT: I would've loved to end this conversation on that high note, but something still bothers me about your situation.

There are still a couple of unknown variables here:
1. If this is a false-positive, why am I not getting it too? (since I now also run BitDefender with Steam)
2. The warning is extraordinarily concise, specifically claiming an encryption process. (on a simple log file..)
3. I've thoroughly searched the Launcher code, and as far as I can see it does not deal with local Steam files at all.
4. Viruses are known to inject malicious code into other - innocent - running processes, shifting blame to the latter.
5. Ransomware goes after documents and images first. .txt files will likely fall under that umbrella.

Depending on your personal level of neuroticism, I would suggest you consider that offline backup and to proceed carefully.
The Renegade X files are probably clean, but I cannot fully guarantee that the rest of your computer is too.

Perhaps you'd like to have a look at a more thorough scan, just to make sure.
Better safe than sorry.

Up to you.

Edited July 11, 2020 by DugeHick
it doesn't add up

[SteelEagle]

I appreciate the concern. I ran a full system scan with Bitdefender and nothing. I ran a scan with windows defender and nothing. I ran a scan with the link you provided some things about steam, 2 games and my gaming headset were listed as suspect. The games that were suspect were ones that I haven't updated in awhile. My headset and the usb connector are always making online connections back and forth when from discord . I think what happened is that BD was in need of an update and restart. I launched the game before this update happened. I have launched the game after the update and I haven't seen that warning since. If you downloaded BD after my post then yours would've been up to date automatically. Thats probably why you didn't get the same warning I got. 

[Suspiria]

12 hours ago, SteelEagle said:

I appreciate the concern. I ran a full system scan with Bitdefender and nothing. I ran a scan with windows defender and nothing. I ran a scan with the link you provided some things about steam, 2 games and my gaming headset were listed as suspect. The games that were suspect were ones that I haven't updated in awhile. My headset and the usb connector are always making online connections back and forth when from discord . I think what happened is that BD was in need of an update and restart. I launched the game before this update happened. I have launched the game after the update and I haven't seen that warning since. If you downloaded BD after my post then yours would've been up to date automatically. Thats probably why you didn't get the same warning I got. 

Alrighty then. Glad you're safe.  Enjoy!