Jump to content

pcre3.dll, proxy-internal.dll, proxy-test.dll, proxy-legacy.dll all detected as malicious files. (ESET, MB, VT)


Falton

Recommended Posts

----------------------------------------------------------------------------------------------------------------------------------------------------------
MalwareBytes:
pcre3.dll - Malware.AI.2164814371
proxy-internal.dll - Malware.AI.2164814371
proxy-test.dll - Malware.AI.2164814371
----------------------------------------------------------------------------------------------------------------------------------------------------------
ESET:
(Detection event occurred on new file created by application SkylordsRebornUpdater.exe)
pcre3.dll - a variant of Win32/ShellcodeRunner.JZ Trojan
proxy-internal.dll - a variant of Win32/ShellcodeRunner.JZ Trojan
proxy-test.dll - a variant of Win32/ShellcodeRunner.JZ Trojan
----------------------------------------------------------------------------------------------------------------------------------------------------------
VirusTotal Detections:
pcre3.dll - https://www.virustotal.com/gui/file/7af271f84cd85970675547c47ec3ca7b5798c7c4a5c1656644704d61cec2f8be/detection
proxy-test.dll - https://www.virustotal.com/gui/file/76c9633207e4fc929fcb3b3f5d3d36919edaf8013e50804b73d0ca02c777ffb4/detection
proxy-internal.dll - https://www.virustotal.com/gui/file/2b55fa1da40cd6deb27ec5346fdd1b90ffbf5ac6cacd061fff6a1f0348a7af4e/detection
proxy-legacy.dll - https://www.virustotal.com/gui/file/2c432df677086bc6de7cc02fc64114c23b5ca87ef3709b642c5e52d4efbd7dc9/detection
----------------------------------------------------------------------------------------------------------------------------------------------------------


Could someone shed some light on these detections and why they are new?
I've had Skylords installed for a while and haven't played for a long time.
However upon updating I get hit with these detections and virus total doesn't seem to like them either.
I ran skylords-upd.sh using git bash and I was blocked at pcre3.dll downloading from the webpage.

35 Detections seems awfully high (pcre3.dll).

Maybe I'm just being paranoid, but what has changed since I last played to now would cause these detections?

Edited by Falton
Unhelpful comments
kalterberg likes this
Link to comment
Share on other sites

🤔was it ever in within your "risk appetite"?

I would also be interested, what exactly so many AVs started to dislike now, but they will not answer such questions unfortunatelly.

Link to comment
Share on other sites

We have seen an increase in AV detections after our last few patches. We are still investigating these issues, but have managed to get the number down a bit already, and are still working on it. Apologies for this inconvenience. 

As for why Anti Virus tends to flag Skylords files in general, please see the explanation below: 

AV often randomly triggers on Skylords, which can happen again with updates. You have to make an exception for the folder so it leaves it alone.
The Skylords launcher functions in a way that triggers some AV. But it's harmless for the user yet necessary for the game to work.

By default, the game is meant to send your login credentials to the EA server, just like every other always-online game communicates with the official server. However, EA shut down the official server, there is nothing to communicate with. And without the EA server the game cannot function at all, it's dead. In order for this project to work it needs to use a technique that "steals" the login credentials that you enter when logging in and reroutes them to the Skylords Reborn server instead of the non-existent EA server.

So to be clear, what is being taken is what you enter on the log-in screen. Usually this will be your SR-account credentials that this project already has from you registering. Those are then being sent to the SR server instead of the EA server. Otherwise the game would just try and fail to connect to the dead EA server and not work.

 

 

 

kalterberg likes this
Link to comment
Share on other sites

  • 2 weeks later...

I share the same issue, I was running the game fine a week ago, now since the recent patch I have this issue as well. Trying to toy around to let my AV run it but somehow nothing work and I keep getting error 0xc0000906.  Any clues on how to work around ? Thanks in advance.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use