Jump to content

Scyto

Platinum Member
  • Content Count

    5
  • Joined

  • Last visited

  • Days Won

    1

Scyto last won the day on December 21 2018

Scyto had the most liked content!

Community Reputation

6 Neutral

About Scyto

  • Rank
    Newbie

Profile Information

  • Location
    Seattle

Converted

  • Location
    Seattle, WA, USA
  1. Scyto

    Scyto

  2. don't beat yourself up, I have an unfair advantage, I live near zip 98052 and worked for MS for a decade so tend know what can and can't be done.... I even once emailed Balmer (this was a couple years after i left MS) and told him he needed to fix liveIDs/xboxID not being geographically portable - and he put someone on it... the assigned a director to solve it and keep it updated and me as guinea pig, took 12 mo but they did it - I don't mind banging my head against walls until it hurts 🙂 here is the link to use https://www.microsoft.com/en-us/wdsi/filesubmission I politely asked told them it had been misidentified for years, linked to this thread and asked them if they would mind scanning both files for actual malicious code. As a community we may have to do this each time there is a new release. Of course if the devs improve their code and sign their code that would help... also TIP: don't submit a file anonymously use a long lived liveID to do it.
  3. Umm I think the person I quoted was one of the devs of hyperspin so pretty sure I am targeting the right person, well maybe? they certainly sounded authoratitive. Either way that person was a liltle arrogant and unhelpful, they are a little obtuse took me all of a few hours to get this fixed for y'all. Anyhoo, I got Microsoft to update the signatures, as of now window 10 defender won't report as malware, aint rocket science to get this stuff changed and hilarious this community has been living with this for so many years - lol. Latest definitions The latest antimalware definitions file is as follows: Version: 1.283.1107.0 Released: Dec 20, 2018 08:53 PM UTC Submission ID: a0bba16b-824c-41b6-8ca5-<redacted> Status: Completed Submitted by: <redacted> Submitted: Dec 20, 2018 4:05:44 PM User Opinion: Incorrect detection Analyst comments: We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions. 1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures” Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions Thank you for contacting Microsoft.
  4. No I would honestly think you would take the very simple steps that would get it unflagged. Oh I see why you get flagged - why the heck would you need to hook the windows station DLL or look at boot options registry, no wonder you are getting flagged. also WTF would you be touching the DW branch of the registry - highly suspicious, I am not saying you intended to do these things from a malicious perspective, but I am no clear why you are annoyed at the AV vendors, fix up your code like everyone else, this has got nothing do with using scripts to run the games like is being claimed. I submitted an incorrect detection submission to MS on your behalf. File system actions Files opened C:\WINDOWS\system32\winime32.dll C:\WINDOWS\system32\ws2_32.dll C:\WINDOWS\system32\ws2help.dll C:\WINDOWS\system32\psapi.dll C:\WINDOWS\system32\imm32.dll C:\WINDOWS\system32\lpk.dll C:\WINDOWS\system32\usp10.dll C:\Documents and Settings\Administrator\Local Settings\Temp\EB93A6\996E.exe C:\WINDOWS\system32\faultrep.dll C:\WINDOWS\system32\winsta.dll Registry actions Registry keys opened \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\996E.exe \Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option \Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AeDebug \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VERSION.dll \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USERENV.dll \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local Settings Registry keys deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\ \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
  5. No I would honestly think you would take the very simple steps that would get it unflagged.
Ă—
Ă—
  • Create New...