Pircbot.jar

[SafetyBrick]

not sure if this is a false positive but Pircbot.jar in the lib folder is being flagged as spyware by my antivirus with the latest update v0.189996.

 

[SmilingDemon]

either your system got otherwise infected ... or more likely the AV is thinking that IRC Chat bot thingy (yes i had to google it first ) is something harmful. I doubt it to be a risk ... at least not more of a risk than any other program talking to the outside world
So .. my guess : false positive.

What AV is reporting that ?

 

[SafetyBrick]

Trendmicro. i am running additional scans right now and im also testing to see if another of my systems will detect the same thing with the download directly from the site instead of steams update.

 

[SmilingDemon]

SafetyBrick ... and did Trendmicro also gave an alert for the direct page download ? .. .just curious here

 

[chocolateeagle]

I've just gotten this too. I use Trend Micro as well. It should be noted that this is not the first time I've run a scan since downloading Starmade on Steam (I've had it off of Steam for ages)

 

[SafetyBrick]

So here what i tested. i went to another of my systems with starmade, updated it and trend micro did not detect any issues with the file however the size of the file was something like 26kb. I copied that file to the machine that was flagging it as spyware and it did not get any notifications. now on the machine that was flagging the file i downloaded starmade from the main site and installed in a totally different folder and suddenly i get a flagged spyware file. another difference is that the file is about 76kb now. Both machines are flagging the 76kb file as spyware... so im wondering if my main machine is pulling a file it shouldn't be. i am currently running a full system scan with MalwareBytes to see if i pick anything else up on my machine.
[DOUBLEPOST=1425601849,1425600737][/DOUBLEPOST]Also just asked one of my friends his file is 74.9kb an he uses spybot and avast so maybe its just trendmicro that has flagged it?

 

[Drybreeze]

My Trend Micro also just removed it, citing it as containing "malicious software".

Threat: HKTL_PIRCBOT
Source: Threat
Affected Files: C:\Program Files (x86)\Steam\Stea…\pircbot.jar
Response: Removed
Detected By: Real Time Scan

This link (and several others if you google it) says that it is a hacking tool.

Arrival Details

This hacking tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be manually installed by a user.

NOTES:

This hacking tool is a Java framework used to create Internet Relay Chat (IRC) bots.

 

[Megacrafter127]

This link (and several others if you google it) says that it is a hacking tool.

It is a hacking tool, but hacking tool!=malicous.

 

[SafetyBrick]

It is a hacking tool, but hacking tool!=malicous.

Your right and if you do a little reading into it you'll see its a legit tool to create irc bots(not all irc bots are bad) but even legit tools can be used the wrong way or be exploited because of a weakness in their code. what really worries me is i have found two variants of the file. one 25kb the other 76kb with the ladder being detected as malicious. I am still up in the air about it because it seems only trend micro is flagging it. anyone else out there that can chime in to see if their system security is flagging the file? or perhaps what size the file is?

 

[SmilingDemon]

Schema knows about the false positiv (or what ever) and will see into it. As far as i know that library is not in use by Starmade. Probably included for future ingame chat features ... afaik ... do not qoute me on this

 

[SafetyBrick]

well after its removal the game still seems to run without it so i am not to worried.

 

[Megacrafter127]

i have found two variants of the file. one 25kb the other 76kb with the ladder being detected as malicious

Don't quote me on this, but there are 2 pircbot libraries, pircbot and pircbotx, both do the same, but apparently one has a very very minor memory leak. I don't know how both libraries compare in size.
Another fun way to find out would be to kill all java processes, excempt all pircbot.jar files from your antivirus, get both files and actually compare their contents(jars are just zips with a fancy name), maybe you can find the bad files in there.

 

[Drybreeze]

EDIT: Hotfix 0.189997: fixed sector claims sometimes not working, as well as removed a library that is flagged by some antivirus softwares (it was an IRC lib I was planning to use for the new chat system. It wasn't used at all in the version, anyway)