Kaspersky
Solved

Is Vampire the masquerade: Bloodlines Unofficial patch safe? [Closed]

  • 26 June 2019
  • 7 replies
  • 1284 views

Userlevel 2
Hello,

My question is, if vampire the masquerade's Unofficial patch is safe. My Kaspersky says it's a riskware(Might be dangerous), is that true?


The Moddb link: https://www.moddb.com/mods/vtmb-unofficial-patch
icon

Best answer by Flood and Flood's wife 26 June 2019, 18:20

Hello Rimanah,

Welcome!

Kaspersky is giving information about the "potential" risk, leaving users to make an eductated decision/choice:



Riskware is the name given to legitimate programs that can cause damage if they are exploited by malicious users – in order to delete, block, modify or copy data, and disrupt the performance of computers or networks . Riskware can include the following types of programs that may be commonly used for legitimate purposes:


  • Remote administration utilities
  • IRC clients
  • Dialer programs
  • File downloaders
  • Software for monitoring computer activity
  • Password management utilities
  • Internet server services – such as FTP, web, proxy and telnet
These programs are not designed to be malicious – but they do have functions that can be used for malicious purposes.

How Riskware can impact you

With so many legitimate programs that malicious users can employ for illicit purposes, it can be difficult for users to decide which programs represent a risk. For example, remote administration programs are often used by systems administrators and helpdesks for diagnosing and resolving problems that arise on a user’s computer. However, if such a program has been installed on your computer by a malicious user – without your knowledge – that user will have remote access to your computer. With full control over your machine, the malicious user will be able to use your computer in virtually any way they wish.


  • Kaspersky Lab has recorded incidents in which legitimate, remote administration programs – such as WinVNC – have been secretly installed in order to obtain full remote access to a computer.
  • In another example, the mIRC utility – which is a legitimate IRC network client – can be misused by malicious users. Trojan programs that use mIRC functions to deliver a malicious payload – without the knowledge of the user – are regularly identified by Kaspersky. Often, malicious programs will install the mIRC client for later malicious use. In such cases, mIRC is usually saved to the Windows folder and its subfolders. So, if mIRC is detected in these folders, it almost always means that the computer has been infected with a malicious program.
  • Riskware can include any of the following behaviours:
  • Client-IRC
  • Client-P2P
  • Client-SMTP
  • Dialer
  • Downloader
  • Fraud Tool
  • Monitor
  • NetTool
  • PSWTool
  • RemoteAdmin
  • RiskTool
  • Server-FTP
  • Server-Proxy
  • Server-Telnet
  • Server-Web
  • WebToolbar

How to protect yourself against Riskware

Because there may be legitimate reasons why Riskware is present on your computer, antivirus solutions may not be able to determine whether a specific item of Riskware represents a threat to you. Kaspersky’s products let you decide whether you wish to detect and remove Riskware:


  • Detecting and removing Riskware
  • There can be many reasons why you suspect that a Riskware program, that has been detected by Kaspersky’s antivirus engine, is posing a threat. For example, if you didn’t consent to the installation of the program and you don’t know where the program came from, or if you’ve read a description of the program on Kaspersky’s website and you now have concerns over its safety. In such cases, Kaspersky’s antivirus software will help you to get rid of the Riskware program.
  • Choosing not to detect Riskware
  • For cases where Riskware programs are detected, but you’re confident that these are programs that you have consented to, you may decide that the Riskware programs are not harming your devices or data. Kaspersky products let you disable the option to detect these programs – or let you add specific programs to a list of exceptions – so that the antivirus engine doesn’t flag this Riskware as malicious.

https://www.kaspersky.com.au/resource-center/threats/riskware
View original

This topic has been closed for comments

7 replies

Userlevel 7
Badge +10
Hello Rimanah,
Please login to your MyKaspersky online account, create a incident request: https://my.kaspersky.com/techsupport#/requests/new
provide
  1. exact details,
  2. the source of the object,
  3. if you have the object on your system add it to a .zip file, label the file "possible riskware", upload the file with the incident log,
  4. provide the exact information Kaspersky is detecting,
  5. your concerns,
  6. your expectations,
  7. ask that the case be escalated for analysis.
HOWEVER, as already advised, Kaspersky is advising the object has the POTENTIAL to be misused by criminals and other nefarious "people", any Lab analysis (imo) will not vary from their already provided advice.
No-one can do more than inform of the POTENTIAL risk, at the end of the day, the choice is yours.
My question would be: why not wait for an OFFICIAL patch?
Best regards!
Userlevel 7
Badge +10
Hello Rimanah,
Welcome!
Kaspersky is giving information about the "potential" risk, leaving users to make an eductated decision/choice:

Riskware is the name given to legitimate programs that can cause damage if they are exploited by malicious users – in order to delete, block, modify or copy data, and disrupt the performance of computers or networks . Riskware can include the following types of programs that may be commonly used for legitimate purposes:
  • Remote administration utilities
  • IRC clients
  • Dialer programs
  • File downloaders
  • Software for monitoring computer activity
  • Password management utilities
  • Internet server services – such as FTP, web, proxy and telnet
These programs are not designed to be malicious – but they do have functions that can be used for malicious purposes.

How Riskware can impact you

With so many legitimate programs that malicious users can employ for illicit purposes, it can be difficult for users to decide which programs represent a risk. For example, remote administration programs are often used by systems administrators and helpdesks for diagnosing and resolving problems that arise on a user’s computer. However, if such a program has been installed on your computer by a malicious user – without your knowledge – that user will have remote access to your computer. With full control over your machine, the malicious user will be able to use your computer in virtually any way they wish.
  • Kaspersky Lab has recorded incidents in which legitimate, remote administration programs – such as WinVNC – have been secretly installed in order to obtain full remote access to a computer.
  • In another example, the mIRC utility – which is a legitimate IRC network client – can be misused by malicious users. Trojan programs that use mIRC functions to deliver a malicious payload – without the knowledge of the user – are regularly identified by Kaspersky. Often, malicious programs will install the mIRC client for later malicious use. In such cases, mIRC is usually saved to the Windows folder and its subfolders. So, if mIRC is detected in these folders, it almost always means that the computer has been infected with a malicious program.
  • Riskware can include any of the following behaviours:
  • Client-IRC
  • Client-P2P
  • Client-SMTP
  • Dialer
  • Downloader
  • Fraud Tool
  • Monitor
  • NetTool
  • PSWTool
  • RemoteAdmin
  • RiskTool
  • Server-FTP
  • Server-Proxy
  • Server-Telnet
  • Server-Web
  • WebToolbar

How to protect yourself against Riskware

Because there may be legitimate reasons why Riskware is present on your computer, antivirus solutions may not be able to determine whether a specific item of Riskware represents a threat to you. Kaspersky’s products let you decide whether you wish to detect and remove Riskware:
  • Detecting and removing Riskware
  • There can be many reasons why you suspect that a Riskware program, that has been detected by Kaspersky’s antivirus engine, is posing a threat. For example, if you didn’t consent to the installation of the program and you don’t know where the program came from, or if you’ve read a description of the program on Kaspersky’s website and you now have concerns over its safety. In such cases, Kaspersky’s antivirus software will help you to get rid of the Riskware program.
  • Choosing not to detect Riskware
  • For cases where Riskware programs are detected, but you’re confident that these are programs that you have consented to, you may decide that the Riskware programs are not harming your devices or data. Kaspersky products let you disable the option to detect these programs – or let you add specific programs to a list of exceptions – so that the antivirus engine doesn’t flag this Riskware as malicious.
https://www.kaspersky.com.au/resource-center/threats/riskware
Userlevel 2
Thanks for the responce. Could you now please tell me if the file is really safe(and thus it is just false positive) or if it's unsafe, thanks
Userlevel 2
I've already sent a request and I'll hopefully get an answer soon. Also I don't wanna bother you more, but what exacly could "HideExec" mean? Could it just be that the patch just changes/replaces some files or kills some processes during the install? And will the risk disappear after I install the patch and delete the installer(the file is a unofficial patch installer for a older game, that devs don't care about anymore, it's mostly bug fixes and compatibility. The whole patch is also well known by the community and even media like IGN recommend it - https://www.pcgamer.com/how-to-have-the-best-vampire-the-masqueradebloodlines-experience-today. The thing that bothers me is just the fact that Kaspersky says it might be used for bad purposes). Also after another Virustotal scan it seems that Kaspersky is the only popular AV(like Avast, Bitdefender,...) that detects the file as PUP, so it might be just a false detection. What do you think? Did you too look at the file to find out? This or that I anyways thank you for your help!
Userlevel 7
Badge +10
Hello Rimanah,
You're not bothering me and we're always here and happy to help, however, a few things:
Re: "what exacly could "HideExec" mean?"
Given that's the first time "HideExec" has been mentioned in this discussion I have absolutely no idea.
As I said in my previous reply, provide exact, detailed information to receive any response other than a generic response.
No-one, in the Kaspersky Community, in the Kaspersky Lab, in the Kaspersky business, I even surmise, in the world, has been gifted a crystal ball - we rely on OPS to tell us everything, otherwise we are blind.

Back to the specific issue:

PUP = POTENTIALLY UNWANTED PROGRAM, that translates to: if I SOMEHOW got a PUP on my system & I DID NOT deliberately put it there, my security software is saying "hey, watch out, there's a PUP", and then if I'm concerned about my system, I investigate the PUP, if I did not deliberately, actively choose to have it on my system I get rid of it. On the hand, if I had (as you appear to have done) gone to the original file/game and was presented with the detection, I would then investigate and make an informed decision. Part of my investigation would be to submit the issue to the Kaspersky Lab as ONLY they can analyse and make a determination as to whether or not the detection is legitimate & or a false positive and only the Lab can recategorise an object should that be necessary.
And yes, I did go to the original url you provided, I also performed some perfunctory analysis, none of which changes or overrides the advice given.
Best regards!
Userlevel 2
And do you think that by installing the patch and then removing the installer the "potentionally harmful part" will go away?
Userlevel 7
Badge +10
And do you think that by installing the patch and then removing the installer the "potentionally harmful part" will go away?
Hello Rimanah,
You have the issue logged with the Kaspersky Malware Expert Team, I think you should be guided by them.
Best regards.