Windows Defender detected Trojan:Script/Oneeva.A!ml, page 1 - Forum

CalAlaera Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

CalAlaera

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Oct 2013

From United Kingdom

Posted August 07, 2019

1

I installed the game from setup_automachef_1.0_(64bit)_(31093).exe which I downloaded from my GOG account page.

The game installed fine, but when I tried to play it, Windows Defender anti-virus stopped the game from running and showed me this message:

Trojan:Script/Oneeva.A!ml

Detected in:
startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Automachef [GOG.com]\Automachef.lnk
file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Automachef [GOG.com]\Automachef.lnk
file: D:\GOG\Automachef\Automachef.exe

Is this a false positive?

Attachments:

20190807175643.png (24 Kb)

No posts in this topic were marked as the solution yet. If you can help, add your reply

PO3T1985 Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Comment buried. Unhide

PO3T1985

New User

Sorry, data for given user is currently unavailable. Please, try again later. View profile View wishlist Start conversation Invite to friends Invite to friends Accept invitation Accept invitation Pending invitation... User since {{ user.formattedDateUserJoined }} Friends since {{ user.formattedDateUserFriended }} Unblock chat User blocked This user's wishlist is not public. You can't chat with this user due to their or your privacy settings. You can't chat with this user because you have blocked him. You can't invite this user because you have blocked him.

Registered: Sep 2019

From Switzerland

Posted September 19, 2019

2

CalAlaera: I installed the game from setup_automachef_1.0_(64bit)_(31093).exe which I downloaded from my GOG account page.

The game installed fine, but when I tried to play it, Windows Defender anti-virus stopped the game from running and showed me this message:

Trojan:Script/Oneeva.A!ml

Detected in:
startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Automachef [GOG.com]\Automachef.lnk
file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Automachef [GOG.com]\Automachef.lnk
file: D:\GOG\Automachef\Automachef.exe

Is this a false positive?

Hi there

Since there is no reply to your question yet, I though I quickly register to give you some info :)
I suggest you upload the detected file to https://www.virustotal.com/gui/home/upload
That will give you an idea if its just a false positive from MS Defender, of if there is other vendors who detect it as malicious.

I never downloaded anything from this site, hence I can't say whether the site might be compromised or how the downloads even work. At least the domain does not seem to be on any blacklist.
If the software comes with an installer, that might be the reason some AV solutions give you alerts, as those installers sometimes come bundled with adware/PUA.

If you nedd help with the analysis you can PM me on my twitter account: https://twitter.com/PO3T1985

Cheers
P.

Discover CD PROJEKT RED games

Highlights

Featured