Kaspersky
Question

Steam > warsim > indie, warsim.exe is detected as PDM:Trojan.Win32.Generic.nblk

  • 17 July 2019
  • 8 replies
  • 421 views

I got a game on steam, got warsim. It is indie and still in development (I mention this because something similar happened before, also a indie game still in development). After playing for a few minutes I saw a pop-up from kaspersky saying it was potentially malicious, and it asked me If i wanted to scan so I did. It scanned and found the game malicious and put it in quarantine. It says the file warsim.exe is PDM:Trojan.Win32.Generic.nblk and i want to know if this might be a mistake? I didn't find any reviews saying it did bad stuff to their computers (very positive reviews) and the game has a community, but I don't want to risk damaging the computer. Help?

8 replies

Userlevel 7
Badge +5
Hello Suzanne,
Welcome!
Please go to KAV REPORTS, look for the PDM:Trojan.Win32.Generic.nblk alerts, export a report for the smallest period where the alerts show, preferably a 24hr report, save the report as a .txt file & please upload, using the upload button, in your reply.

Late last week, Kaspersky Virus Lab advised, files submitted from Steam that generated PDM:Trojan.Win32.Generic.nblk alerts, were legitimately detected:

"Kaspersky experts report:
On Sunday, July 14, 2019, 20:18:29 GMT + 10, Kaspersky Lab.
The detection is true. This proxy server implements scripts for mining cryptocurrency.
Best regards, DS, Malware Analyst
39A / 3 Leningradskoye shosse, 125212, Moscow, tel. / Fax: + 7 (495) 797 8700 http: //www.Kaspersky Virus Lab"

https://community.kaspersky.com/kaspersky-total-security-22/kis-19-0-0-1088-f-detele-steam-file-moved-2217
The post is in Russian, unless you read Russian, you'll need to use a translator.

The Steam game is different, however, if the objects your Steam game are the same, the same advice applies.
  • In certain situations exclusions can be applied.
  • You would configure KAV to do that, but, before we go thru that, it would be good to look at the detections.
  • Creating exceptions is always done with a complete awareness of the possibles risks.
Please let us know?
Many thanks.

'
Is this what you meant? Also, "mining crypto currency" does that mean they use your computer to get something like bitcoin?

Edit: sorry for some of the other stuff in it, they happened after the game in question was scanned but before I generated the report
Userlevel 7
Badge +5
Hello Suzanne,
Thank you for the report, it's exactly what's needed👍🏼
I'll post back shortly, I have some information for you which you may need if/when communicating with the Lab.
Thanks.

OK, I’m having the same problem with the same game on Steam: Warsim: The Realm of Aslona. This game has worked fine for me all week. All of a sudden, I’m getting the same warning from Kaspersky.

This previous post was three months ago, and it ends with “I’ll post back shortly.” So,... is this a real problem? Is it a false positive? What do I do next?

I followed the instructions above and I’m posting a text file with the same information. Thanks.

 

Userlevel 7
Badge +1

Welcome. 

Please contact Tech Support: https://my.kaspersky.com/support/

Please attach the following items to your Tech Support request: 

a. Description of the issue.
b. Detection report.

Userlevel 5
Badge

Please also attach the file to your request to Technical Support in a password protected archive:

C:\Program Files (x86)\Steam\steamapps\common\Warsim The Realm of Aslona\Warsim.exe

Thank you. 

OK, I reported it to Tech Support and included those files. Thanks!

I’ll post further when I hear something back.

 

I heard back from Tech Support. This was a false positive, and Kaspersky seems to have fixed the issue already.

Thanks again.

 

Reply / Ответить