Kaspersky
Solved

Not-a-virus? + Questions. [Closed]

  • 17 June 2019
  • 3 replies
  • 1213 views

Hello

-Question-

When i search through a file (.exe) using Kaspersky Internet Security it finds a file that it considers a threat.

C:\Users\Me\Downloads\Patch.exe//File4260

It looks like it is a file in the installer/unpacker that it considers suspicious and not the .exe itself.

The search itself searched through roughly 25 000 files.

Kaspersky says the name of the object/threat is "not-a-virus:RiskTool.Win32.HideExec.bm"

Kaspersky also gave me a choice when i came to handling the threat, that i could actually add exception for it or ignore it. So it seems that kaspersky doesen't see it as super dangerous?

What does "HideExec.bm" mean?

Is there any way i can figure out what the object in question does?

I placed the suspicious file in quarantine and removed almost instantly after i searched through it and found the suspicious file.

As stated in the Background below alot of people, including myself, need the patch in order to run the game at all.

I will consider re-downloading the patch and using it depending on the feedback i get on this forum.

I have read the kaspersky website blog post about "Not-a-Virus" but i still do not know if i should trust the identified object in question. (https://www.kaspersky.com/blog/not-a-virus/18015/)


-Quick Background-

There is a somewhat old game in which alot of people NEED to use an unofficial patch in order to get to run/function.

The patch can be obtained from a well known website that alot of other modifications/patches can be downloaded from. There is nothing suspicious about the website itself. (https://www.moddb.com/)

On the forum dedicated to the game on Steam, alot of people have brought up the fact that their antivirus program treat the patch (.exe) as suspicious or even as a virus.

Many users ignore the warnings of their antivirus and run and use the program anyways. Because it's an easy way to get the game to run.

I think the .exe itself is an installer for the patch for the game. Probably an "unpacker" of sorts.
(User run program -> User selects game directory in the installer -> Program places a bunch of files and such in the game directory + a folder structure -> Patch Finished/Installed)

There is alot of people who say it is a false positive and there is nothing to be worried about, that the antivirus treat it as suspicious because it is an .exe file. That the creator is trusted and alot of people are using the patch etc...


Thank you for reading.

Sorry for the long post and bad English.
icon

Best answer by Wesly.Zhang 22 June 2019, 13:08

Hello,



HideExec,it maybe means the detected file contain a type of "execute code or file hidden in a file" technolgy.



The detected file is suspicious. You should delete this file.
View original

This topic has been closed for comments

3 replies

Userlevel 7
Badge +4
Welcome. Not a virus can be adware, or toolbar, or browser hijacker, or maybe a false positive?

The best way to resolve any question about the detection is to contact Tech Support:

Please contact Tech Support: https://my.kaspersky.com/support/

Please attach the following items to your Tech Support request:

a. Description of the issue.
b. Screenshot, as needed.
c. GSI
d. Other detection details.
Userlevel 7
Badge +7
Also,

If Kaspersky Internet Security prevents you from opening a file or using an application, you can add it to the exclusions list. This means the application will not scan it.
You should only add objects to the exclusions list if you are certain they are safe.
Userlevel 7
Badge +5
Hello,

HideExec,it maybe means the detected file contain a type of "execute code or file hidden in a file" technolgy.

The detected file is suspicious. You should delete this file.