Bitdefender detecting MTA update as malware?

[Pilovali]

Hi!

I wanted to start MTA:SA, it wanted to upgrade some stuff, I got an error and Bitdefender blocked the updater cus it contained malware. I never had this issue with Bitdefender.

 

 

Why does it do that?

 

Virustotal report of one of the files it deleted: https://virustotal.com/#/file/5a41a74c00ed775234ee8a9995e35d3c52df46d81199d58a760f5acc3282da41/detection

 

EDIT:
So, I excluded MTA:SA's folder and temporarily disable Bitdefender to let the update do it's thing, and now I'm getting this error:

 

EDIT2:
Ok, re-installed MTA with Bitdefender disabled. I'm gonna enable it and play some MTA to see what happens.

Edited September 3, 2017 by Pilovali

[Pilovali]

Since I can't edit it anymore:

As soon as I start Bitdefender, it goes full retard. I gotta exclude a few DLL's and now it's running jolly.

[Dutchman101]

That's weird, because while I am on the same revision as that update ships, i ran the files it lists through virustotal.com (which also includes Bitdefender scan results) and it returned not a single detection, not even from Bitdefender.

Are you sure nothing external is modifying files as soon you download them? Another infection on your PC could inject malicious parts as soon your PC finishes downloading any file.

Please un-quarantine all detected files belonging to this MTA update, and whitelist them for a while so you can move them all to one folder and zip them up.

Then, upload the .zip or .rar archive to http://upload.mtasa.com and provide me the link in this topic. @Pilovali

[Pilovali]

http://upload.mtasa.com/u/509705609/xmll.zip_

I uploaded it to virustotal, and multiple AV's went full retard: https://virustotal.com/#/file/7579b35adc1f79395a8f68289a07a81cc0ac21c3ab33340c0c349b30d71d7ba5/detection

I re-downloaded MTA:SA and I have a clean system. I ran a full scan with Bitdefender, MBAM and HitmanPro. No malware.

[Dutchman101]

I got to draw back my last words as I re-scanned it, the new virustotal layout doesnt make it apparent it won't re-analyze when it already knows the file; it will automatically show old results first.

Once i re-scanned a file from your list of detected files, xmll.dll, it turned up these results:

 

This is obvious a false positive, as MTA doesn't ship infected files. The point here is that it's a shared signature, which means one company considered having expertise in the antivirus industry creates a definition, and other AV adopt the detection, without further analysis. These definitions get automatically distributed to AV companies that sub to theirs, in mailing lists.

By this method, a false positive found its way to multiple AV vendors, and currently we're working to report the false positive issues to the AV vendor responsible for the shared signature at fault.

In the meanwhile you can safely unquarantine and whitelist the files in order to play MTA.

[Pilovali]

Yea, I already whitelisted most DLL's, gon b good.

Thanks and good luck with trying to fix it

[InventorR]

I have the same issue here. Also using bitdefender

[Pilovali]

1 minute ago, InventorR said:

I have the same issue here. Also using bitdefender

Do the same what Dutchman suggested. Whitelist the stuff.

[Pilovali]

If you re-scan the files on VirusTotal, it'll show 0/64, which is nice. It think it should be solved after you update your anti-virus.

[Dutchman101]

8 hours ago, Pilovali said:

If you re-scan the files on VirusTotal, it'll show 0/64, which is nice. It think it should be solved after you update your anti-virus.

Yes, we worked on it by reporting the false positives. Good to hear.

[Pilovali]

Thanks a bunch <3