Trojan malware targets SH3 utils.dll

[Dave Kay]

WARNING!!

Hope I'm in the right forum for this:

Had this Trojan target both desktop and laptop installs of my SH3 and game won't start now because MalwareBytes software quarantines utils.dll.

Anybody seen this before?

OK, this IS a false positive or whatever. Malwarebytes targeted it because, as I've learned, DLL's are executables and that casued the quraentine. SO--- I found a clean utils.dll on another backup drive and copied/pasted to SH3 folder and set Malwarebytes to ignore this file and all seems to be well.

Thanks to all for the helpful suggestions.

[Herr-Berbunch]

Delete the utils.dll files and get them again by using Google to find the second half of the following post - http://www.subsim.com/radioroom/showthread.php?t=160118

Once downloaded turn off System Restore and reboot, put the .dll into the correct location - you shouldn't need to reinstall SH3, it should just accept it nicely.

Reboot again, scan and then turn on System Restore.

[Dave Kay]

Thank you, thank you and THANK YOU~!

Was not looking forward to a reinstall as I only recently did this along with GWX and SH3 Commander.

Now to the Starforce fix

[Herr-Berbunch]

There is no guarantee, implied or otherwise, that this will work, but I just plucked my best guess out the air.

Let us know how you get on.

[TG626]

Sh3 seems like an unlikely target, sure its not a false positive?

[Dave Kay]

Quote:

Originally Posted by TG626

Sh3 seems like an unlikely target, sure its not a false positive?

Sure enough~!

Muchos Gracias~!

[IchBin1]

"The instruction at 0x04e7a60 referenced memory at 0x1201e2d4. The memory could not be written."
..i wonder if this could be a result of Malwarebytes also?

[BigWalleye]

Quote:

Originally Posted by Dave Kay

Sure enough~!

Muchos Gracias~!

I'm sorry, Dave, but I don't knoe how to interpret your response. Do you mean that, sure enough, TG626 is right and it WAS a false positive, or that you are sure enough (that is, convinced) that it WAS NOT a false positive?

[Dave Kay]

Quote:

Originally Posted by BigWalleye

I'm sorry, Dave, but I don't knoe how to interpret your response. Do you mean that, sure enough, TG626 is right and it WAS a false positive, or that you are sure enough (that is, convinced) that it WAS NOT a false positive?

YES--- I meant that it seems Malwarebytes WAS giving false positive and file was not malware. When it quarantines a file it gives you the option to restore the file but when I did that option as soon as I tried to start SH3 again it quarantined the file again and game won't start. After that your only other option is to delete it. So the fix was to slip a clean backup utils.dll into SH3's folder and tell Malwarebytes, in a separate tab-option, to specifically ignore that file.

Now my game starts and plays perfectly and all seems well. Well I say because I haven't been 'attacked' by anything--- yet~!

[Dave Kay]

Quote:

Originally Posted by IchBin1

"The instruction at 0x04e7a60 referenced memory at 0x1201e2d4. The memory could not be written."
..i wonder if this could be a result of Malwarebytes also?

Tough question to answer without more info but I would recommend doing some kind of base memory test on the RAM. Is you PC a brand name like HP or Dell? Utilities like that are usually included somewhere on disk or drive.

[Herr-Berbunch]

@IchBin1 - if it's a one-off event I wouldn't be overly concerned, if it's more regular then read this thread from the Steam fora - https://support.steampowered.com/kb_...1274-uohk-5653

@Dave Kay - glad you're sorted and not now spamming the globe with Nigerian 'bank/prince/government/lottery' (delete as applicable) emails.

[Dave Kay]

Quote:

Originally Posted by Herr-Berbunch

@IchBin1 - if it's a one-off event I wouldn't be overly concerned, if it's more regular then read this thread from the Steam fora - https://support.steampowered.com/kb_...1274-uohk-5653

@Dave Kay - glad you're sorted and not now spamming the globe with Nigerian 'bank/prince/government/lottery' (delete as applicable) emails.

Thanks Herr-Berbunch, will now restrict my efforts to only spamming the Kenyan Prince we currently have in the White House for my share of the govt run lottery I've paid into for over 45 years in hopes there will still be some left for me when time comes...

[BigWalleye]

Dave, however much I might agree with you, please, please, please let's keep politics off SubSum! This is the only place I know, other than the biffy, where I can escape from being reminded about that subject. An' that makes it a special place for me!

[RConch]

Agreed-keep that stuff off these boards.

[Sailor Steve]

And a third - and official - request for no politics in the SH forums. We have a forum called General Topics for that sort of thing.