Raised This Month: $ Target: $400
 0% 

File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
gitgud
New Member
Join Date: Dec 2021
Old 05-19-2024 , 12:09   File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #1

I'm installing Metamod and Sourcemod as local server for Left 4 Dead 2. I start a game to check the installation.

] meta list
Listing 1 plugin:
[01] <FAILED>

] meta info 1
Plugin 1 is not loaded.
File: h:\...\steam\steamapps\common\left 4 dead 2\left4dead2\addons\sourcemod\bin\sourcemod_m m.dll

] meta load \addons\sourcemod\bin\sourcemod_mm.dll
Failed to load plugin \addons\sourcemod\bin\sourcemod_mm.dll (Operation did not complete successfully because the file contains a virus or potentially unwanted software.
(failed to load bin/sourcepawn.jit.x86.dll
)).

I open /sourcemod/bin in file explorer, which should contain both sourcemod_mm.dll and sourcepawn.jit.x86.dll but the latter is missing. I open Windows Defender and find out that it silently removed the file with no warnings (Trojan:Win32/Grandoreiro).

I disable Windows Defender, re-extract Sourcemod's files and run a Malwarebytes scan on them. The software doesn't flag sourcepawn.jit.x86.dll, instead, it detects sourcemod.2.l4d.dll as malware.

VirusTotal scans:
sourcepawn.jit.x86.dll - 21/70 flags
b4b27649bd510aabe85cb55bffef10734e9b6ecd0d843 a190177a29ab8832687
sourcemod.2.l4d.dll - 17/70 flags
47dba4deb6ce020a87911a7a98a3d3803978feac6df5d 7fb2b4e7cb3957918c3
The other dll files seem to get 0-3 flags, which may be false positives.

EDIT: I scanned with VirusTotal the file sourcepawn.jit.x86.dll from older Sourcemod builds, and it looks like the more recent the build, the more flags it gets. Builds:
6946: 0 flags
6947: 1 flag
6952: 3 flags
6954: 8 flags
6955 and later: 20+ flags

Since Defender detects the file as Trojan:Win32/Grandoreiro in the last build, it's impossible to run a server (at least local server) in a machine with Windows Defender without adding the file to whitelist first. I don't know about other antivirus or other files (I only know Malwarebytes flags sourcemod.2.l4d.dll).

Last edited by gitgud; 05-20-2024 at 10:01.
gitgud is offline
AndrewM5
New Member
Join Date: May 2024
Old 05-19-2024 , 20:31   Re: File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #2

As of 5/19/24 I am getting the same thing, I would also not like to whitelist it if possible.
AndrewM5 is offline
AndrewM5
New Member
Join Date: May 2024
Old 05-19-2024 , 20:49   Re: File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #3

Just checked the discord, this is what they say

"Sourcemod has never contained malware and there is no reason it should now. Black Mesa suffered from the same issue recently with the executable being flagged for no good reason by Defender. Sourcemod was, is and will always be safe to use."

So whitelisting this file should be okay
AndrewM5 is offline
CPEGTtf2007
New Member
Join Date: May 2024
Old 06-05-2024 , 04:26   Re: File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #4

Starting from version 6947, Chrome and Microsoft Defender both detect suspicious content. (Trojan:Win32/Grandoreiro)

Although the community says there is no problem, there is no proof that the content is virus-free, and it is still a gamble. Does the official want to correct this?

Starting from 47 to 64, all will be blocked and detected (Trojan:Win32/Grandoreiro)

If there really is no virus, the official should correct this error in the next version so that browsers and anti-virus software will not determine that it is a virus.
CPEGTtf2007 is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 06-07-2024 , 04:18   Re: File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #5

There’s nothing to correct on our side, you need to report it to your AV vendor as a false positive.

This has been done for at least BitDefender already and they’ve confirmed it’s virus free.
__________________

Last edited by asherkin; 06-07-2024 at 04:19.
asherkin is offline
CPEGTtf2007
New Member
Join Date: May 2024
Old 06-10-2024 , 09:25   Re: File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #6

Quote:
Originally Posted by asherkin View Post
There’s nothing to correct on our side, you need to report it to your AV vendor as a false positive.

This has been done for at least BitDefender already and they’ve confirmed it’s virus free.

OK, I will report this to the AV customer service. Thank you for solving my problem : )
CPEGTtf2007 is offline
hkkelvin1995
Senior Member
Join Date: Jun 2009
Location: Hong Kong
Old 06-13-2024 , 20:25   Re: File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #7

For those who still have issue on Windows, you can exclude specific files/folder from Windows Defender in its settings.
__________________
Founder of Reachhl2.com from Hong Kong 🇭🇰
10+ years experience in hosting SCRDS
Best known for our VSH/FF2 server with self-made Bosses, Features, Maps
hkkelvin1995 is offline
CPEGTtf2007
New Member
Join Date: May 2024
Old 06-17-2024 , 10:50   Re: File [sourcepawn.jit.x86.dll] detected as Virus and removed, breaking the server
Reply With Quote #8

Quote:
Originally Posted by hkkelvin1995 View Post
For those who still have issue on Windows, you can exclude specific files/folder from Windows Defender in its settings.
OK, Also, I have sent a request to the AV software company to whitelist SourceMod. I wonder if they will improve it :S
CPEGTtf2007 is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 10:37.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode