Jump to content
SacredWiki

Steam 140 version of Community patch

siddham

By siddham,
in Sacred 2 General Discussion

Recommended Posts

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

siddham
siddham

There is a thread over on Steam to the effect there is a Korean virus in the 140 version of the community patch. Anyone know anything about that?

BigBodZod
BigBodZod

I have the Steam version of Sacred 2 Gold.   I have also applied the community patch v1.4xx that was posted and I too have scanned with MS Security Essentials/Spybot/Malwarebytes without any errors.

wolfie2kX
wolfie2kX

Thinking it might be a good idea to update the version of the CM Patch on FDM to the 140HF version. Currently, we only got the 130 build up.     That would tend to make the most sense.   If we r

wolfie2kX

wolfie2kX 528

Posted
Posted (edited)

There is a thread over on Steam to the effect there is a Korean virus in the 140 version of the community patch.

Anyone know anything about that?

 

The question is where the OP on that thread picked up the copy of 140HF.. Was it a legit source? or was it somewhere else - somewhere less reputable...?

 

EDIT: OK.. Just for the sake of grins and giggles.. I grabbed the latest version of Malwarebytes Antimalware and updated to the latest and greatest definitions. I scanned my C: drive as well as the CM Patch enabler/disabler files that I got from here.

 

The C: drive scanned clean as did the CM Patch installer/uninstaller.

 

Ergo: I gotta ask again: WHERE did the guy get the CM Patch?

 

I'm thinking 1 of 3 things is going on here...

 

1.) The guy picked it up from some site that was compromised

2.) The guy got a false positive (It happens sometimes)

3.) The guy is just out to spread FUD.

 

As always - get your files from REPUTABLE sites and SCAN them anyway for malware anyway.

 

Edit 2: Again, just for grins and giggles.. I grabbed the file - again - from the link where Czevak and Marcus store it which can be gotten to from the link in the first CM Patch post...

 

And again, I scanned it with MSE and with Malwarebytes AntiMalware. And again, it came up cleaner than a NASA clean room.

 

Someone with access over there - can you ask the OP where he got the file? Cause my results make me wonder just where he got it.

 

Edit 3: I checked the link that I used (the one from the post here on DM) and the one listed on the Steam page - and they are identical.

 

Now I'm really wondering WTH is going on...

Edited by wolfie2kX
Link to comment
Ysne58

Ysne58 236

Posted
Posted

Message posted. Have I told you that I sometimes f******* hate the way logging into steam is so messed up? Hopefully the original poster will add the link where he/she found it.

Link to comment
wolfie2kX

wolfie2kX 528

Posted
Posted

Message posted. Have I told you that I sometimes f******* hate the way logging into steam is so messed up? Hopefully the original poster will add the link where he/she found it.

 

No.. But DO tell how much you hate it.. :D

 

I also posted a request in the other forum on Steam asking for the link where that person got it, because it sounds like that person is having the same problem.

 

Cool...

 

 

Interesting. It's the SAME link found here on DM as well as the one linked to in the Steam post.

Link to comment
wolfie2kX

wolfie2kX 528

Posted
Posted

No.. The post on DM and the post he linked to on Steam both point to the same place.

 

http://xmas.ancaria.net/patches/cm-patch0140hf.zip

 

Note: I do believe I saw a post on the MantisBT that says there's an issue with the uninstaller. There even seems to be a 'fix' for it - the S2Reset tool - which, if I'm not mistaken is also posted in the Post covering the CM Patch on DM...

Link to comment
wolfie2kX

wolfie2kX 528

Posted
Posted

Eh. Doubt it. Steam has too much to lose if people lose faith in the stuff they are SELLING. They want happy campers out there buying and downloading their stuff - and the related content which is a big incentive to buy the product. The happier the campers are, the more likely they will be to buy MORE stuff, therefore increasing their profits. Business 101.. :D

 

Yeah, I suppose they could be doing something hinky but that just isn't very likely.

Link to comment
BigBodZod

BigBodZod 3

Posted
Posted

I have the Steam version of Sacred 2 Gold.

 

I have also applied the community patch v1.4xx that was posted and I too have scanned with MS Security Essentials/Spybot/Malwarebytes without any errors.

 

It could be a false positive or the person/persons having this issue have been comprimised and infected with malware already, maybe a DNS redirector ?

  • Like! 1
Link to comment
siddham

siddham 19

Posted
  • Author
Posted

The problem is not a Steam issue. If it is a real problem at all it is the community patch; which has nothing to do with Steam.

I have the patch and have had no pop-ups etc or unusual behavior in my system.

Thus far I think it was either a false positive or a troll maybe.

I will wait to see what gogo has to say.

Link to comment
Ysne58

Ysne58 236

Posted
Posted (edited)

It has been my experience that Steam does have pretty lousy customer service. While it is unlikely that would be the source of the problem, it is even less likely that there really is a virus from the commumnity patch.

 

If the guy did pick up a virus, it was from something other than the patch itself.

Edited by Ysne58
Link to comment
gogoblender

gogoblender 3,072

Posted
Posted

I'm going to go by the testing here that Wolfie has completed. He can't reproduce a positive finding of a virus anywhere from the patches

 

Can anyone here then reproduce that person on steam's findings of getting a virus warning?

 

I believe he could have gotten a virus, but all our testing confirms that we're unable to get a warning from any of the Sacred patches for a virus

We have members here reporting that they have downloaded and installed the patch with no virus.

Anyone else want to confirm as well for additional corroboration?

 

:)

 

gogo

 

p.s. Thanks to Wolfie and Ysne for the great work here with working on Sidham's post, and really happy everyone has posted findings so quickly on this, BigZodBod, as well, you have this downloaded and no virus

Link to comment
wolfie2kX

wolfie2kX 528

Posted
Posted (edited)

Thinking it might be a good idea to update the version of the CM Patch on FDM to the 140HF version. Currently, we only got the 130 build up.

 

It has been my experience that Steam does have pretty lousy customer service. While it is unlikely that would be the source of the problem, it is even less likely that there really is a virus from the commumnity patch.

 

If the guy did pick up a virus, it was from something other than the patch itself.

 

That would tend to make the most sense.

 

If we really think about it for a moment, it's not very likely at all.

 

1.) Hackers and virus authors these days are in it for the money.

2.) Most all malware these days revolves around making money somehow.

3.) The more computers a virus infects, the more likely the author will make money.

 

While we all would like to think that Sacred 2 is the Best Game...EVAR! Let's be realistic for a moment. Sacred 2 wasn't all that BIG a seller. If it had sold more copies, who knows - Ascaron might have actually stayed in business.

 

Sacred 2 is also an older game. People have moved onto other games - Guild Wars 2, Diablo III, etc...

 

So you gotta ask yourself - why would any properly greedy hacker waste 5 seconds of his time infecting the CM Patch? That might net him maybe 50,000 infected PCs worldwide. Meanwhile he can take his resources and use tactics that do actually work - fake porn sites offering to show you naughty bits of whichever actor/actress leaked his/her naughty home video accidentally on purpose, fake pharmacies that offer deep discounts on Viagra and such, and all of the other usual suspects on the seedy side of the internet that some people can't help but visit and get infected - where the numbers can reach into the MILLIONS of infected PCs.

Edited by wolfie2kX
  • Like! 1
Link to comment
SoulSpeed

SoulSpeed 0

Posted
Posted

Same here though :)

Someone just posted a detail about it. I use Avast as well didn't got anything on my end.

Maybe some coding that has been flagged as harmfull?

 

Post #12
Okay, so I just tried to install the 140hf which I did not have before, I only had the 130 community patch. Upon installing, my Avast! Antivirus detected the file "diff_000126.dif" as WIN32:Malware-gen. I did not have any malware, viruses, spyware or anything on my PC, so I believe that there is something within the 140hf that is triggering this.

 

 

Link to comment
wolfie2kX

wolfie2kX 528

Posted
Posted

Hmm.. Just had a look in my Sacred 2 folder. There's no such file as diff_000126.dif... Bing and Google have no information on that file either. Somehow, I don't think this file has anything to do with the patch.

Link to comment
SoulSpeed

SoulSpeed 0

Posted
Posted (edited)

The guys posted some more about it though let me quote his posts =O

 

 

Just tried to install the 140hf again. Same result, same file flagged as malware. However, I'm going to give it the benefit of the doubt and report it as a false positive. It would not be the first time I've seen Avast! act up in this manner for a false positive. Hence why they provide an action to report one. If I notice anything weird I'll report back.

 


I extracted the file and ran it through a meta scanner. Here are the results. Only 5 obscure scanners detected it as a threat...

https://www.metascan-online.com/en/scanresult/file/5164c9e329814dee8659824724c959a2


 

 


I disabled Avast to install it with success. Re-enabled Avast afterwards. When I started up Sacred 2 I got the same blocked malware message. Sacred 2 crashed upon loading. I started it up again with success. the only difference now is that "Sacred2Updater.exe" is in the virus chest instead of the "diff_000126.dif" mentioned earlier. So, this .dif file is part of the Sacred2Updater.exe I believe.

I opened the .dif file with OpenOffice. No error or malware warnings. Among all the gibberish, I saw something like "This program cannot be run in DOS mode". Again, this opened with no blocked malware message.

I extracted the Sacred2Updater.exe, tried to open it, and I got the WIN32:Malware-gen warning.

This is definitely reproducable on my end.

 

Dunno if this helps you guys to know what to look for. It's weird imo. I've had nothing :dntknw:

Edited by SoulSpeed
Link to comment
siddham

siddham 19

Posted
  • Author
Posted

Therre are some new posts and tests on the Steam thread

http://steamcommunity.com/app/225640/discussions/0/864958451517898066/

looks like there is a file in the 140 patch which is being identified as malware by Avast and a few other scanners....but not by all.

The file is diff_000126.dif

Here is the report from Metascan Online

https://www.metascan-online.com/en/scanresult/file/5164c9e329814dee8659824724c959a2

Can anyone else reproduce this result?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...
Please Sign In or Sign Up