Raised This Month: $ Target: $400
 0% 

File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server


Post New Thread Reply   
AlliedModders Forum Index > SourceMod > General
 
Thread Tools Display Modes
Author Message
gitgud
New Member
Join Date: Dec 2021
Old 05-19-2024 , 12:09   File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #1
I'm installing Metamod and Sourcemod as local server for Left 4 Dead 2. I start a game to check the installation.

] meta list
Listing 1 plugin:
[01] <FAILED>

] meta info 1
Plugin 1 is not loaded.
File: h:\...\steam\steamapps\common\left 4 dead 2\left4dead2\addons\sourcemod\bin\sourcemod_m m.dll

] meta load \addons\sourcemod\bin\sourcemod_mm.dll
Failed to load plugin \addons\sourcemod\bin\sourcemod_mm.dll (Operation did not complete successfully because the file contains a virus or potentially unwanted software.
(failed to load bin/sourcepawn.jit.x86.dll)).

I open /sourcemod/bin in file explorer, which should contain both sourcemod_mm.dll and sourcepawn.jit.x86.dll but the latter is missing. I open Windows Defender and find out that it silently removed the file with no warnings (Trojan:Win32/Grandoreiro).

I disable Windows Defender, re-extract Sourcemod's files and run a Malwarebytes scan on them. The software doesn't flag sourcepawn.jit.x86.dll, instead, it detects sourcemod.2.l4d.dll as malware.

VirusTotal scans:
sourcepawn.jit.x86.dll - 21/70 flags
b4b27649bd510aabe85cb55bffef10734e9b6ecd0d843 a190177a29ab8832687
sourcemod.2.l4d.dll - 17/70 flags
47dba4deb6ce020a87911a7a98a3d3803978feac6df5d 7fb2b4e7cb3957918c3
The other dll files seem to get 0-3 flags, which may be false positives.

EDIT: I scanned with VirusTotal the file sourcepawn.jit.x86.dll from older Sourcemod builds, and it looks like the more recent the build, the more flags it gets. Builds:
6946: 0 flags
6947: 1 flag
6952: 3 flags
6954: 8 flags
6955 and later: 20+ flags

Since Defender detects the file as Trojan:Win32/Grandoreiro in the last build, it's impossible to run a server (at least local server) in a machine with Windows Defender without adding the file to whitelist first. I don't know about other antivirus or other files (I only know Malwarebytes flags sourcemod.2.l4d.dll).
Last edited by gitgud; 05-20-2024 at 10:01.
gitgud is offline
AndrewM5
New Member
Join Date: May 2024
Old 05-19-2024 , 20:31   Re: File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #2
As of 5/19/24 I am getting the same thing, I would also not like to whitelist it if possible.
AndrewM5 is offline
AndrewM5
New Member
Join Date: May 2024
Old 05-19-2024 , 20:49   Re: File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #3
Just checked the discord, this is what they say

"Sourcemod has never contained malware and there is no reason it should now. Black Mesa suffered from the same issue recently with the executable being flagged for no good reason by Defender. Sourcemod was, is and will always be safe to use."

So whitelisting this file should be okay
AndrewM5 is offline
Reply
AlliedModders Forum Index > SourceMod > General

« Previous Thread | Next Thread »


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 14:01.

DMCA - Archive - Top

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode