It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
EVERSPACE 2Warning: malware suspicion for 0.5.18385 hotfix(4 posts)(4 posts)
(4 posts)
Pages:
1
This is my favourite topic
Posted May 05, 2021
Hotfix 0.5.18385 is reported by some (not all) users (in discord and/or steam) of causing the following issues:

- "drive is working a bit strange"
- taking excessive time to install
- requiring administrator rights
- requiring disabling of antivirus software

Those are the signs of a rootkit being installed. This does not mean this hotfix contains any malware. This means there is a suspicion it might.

As an IT specialist, i recommend full anti-virus scan for all users who installed this hotfix, and doing it during system boot up sequence if your antivirus allows it (one free AV which has this functionality - is Avast). Over-night scan is the best time to do it.

Also, if full antivirus scan does not detect anything, there is still the possibility of a rootkit in the system (one which is potent enough to avoid detection), so i also recommend to keep a keen eye for any strange behaviour of your PC. Potential signs include:

- unidentified network traffic (using some sniffer software to see it is the best)
- frame rate drops
- unusual high disk activity
- higher than usual fans speeds
- strange errors popping up which did not occur before
- blue screens of death
Posted May 06, 2021
Some background info on this:

As you pointed out, this is an issue only affecting Steam users and it is related to the way in which steam updates games. So it doesn't belong into this forum. For transparency reasons I'll give some insights:

On Steam existing game packages can be updated by merging smaller patches into the existing package.
During the update process, disk space equal to the already existing package needs to be reserved. Even though it wont be used completely.
We assume this is exclusive to encrypted game packages to perform the decryption step.
(We might be wrong and it could also be related to the file compression that we are using or is just a usual necessity for package merging on Steam)

Anyways, if there isn't enough space available, Steam will try to copy the game to the users temp files on the OS partition and perform decryption and merging there. Afterwards the game will be copied back.

Considering that our game ist currently at 65GB (which will be optimized!!) Even a small patch of 300MB takes a considerable amount of time to be merged. If you aditionally run into the disk space issue, the update process gets bottlenecked by copying 130GB around; plus some behaviour detecting AVs might light up if encrypted files are copied to temp and unpackaged there.

We are considering to break the one big package that we are currently using up into several smaller ones to have a faster update process in the future. More details on this issue can be found over at the Steam forums.

Best regards
Ingmar
Posted May 06, 2021
I had the issue with slow update in GOG too, fixed it by adding an exception for GOG Galaxy in Avast. Before i did that, the 49MB update was taking about 30 minutes and was stuck at '72,6% verifing data'.

So it might be an Avast issue with GOG. The last big content update installed fine though.
Posted May 06, 2021
avatar
morses: I had the issue with slow update in GOG too, fixed it by adding an exception for GOG Galaxy in Avast. Before i did that, the 49MB update was taking about 30 minutes and was stuck at '72,6% verifing data'.

So it might be an Avast issue with GOG. The last big content update installed fine though.
Adding an exception can speed up things all by itself: obviously, antivirus software then won't spend system's time doing its job, freeing more system resources for patching process itself.

But it also may be Avast issue, yes. It also may be all kinds of software conflict, and/or bug somewhere in updating routines. It can be many things. But in _theory_, it can also be malware.

I keep recommending full on-bootup scan in this case. For all users _and_ for all Rockfish machines involved.

P.S. Ingmar, as a systems administrator, i've seen malwares you wouldn't believe... Ones which survive low-level drive formatting. Ones which survive complete drive replacement with a bran new HDD, even - they manage to root into flash BIOS of the system all by themselves and without user ever noticing. I've seen ones which cypher all user files (.doc, .jpg, etc) and extort money for giving those files back, i've been collaborating with one of leading AV labs to break that code. Etc. There is whole big world of hackers out there and at times, bad things just happen to sneak in without anyone's fault. Best be over-cautious in such issues, if at all possible.
Post edited May 06, 2021 by Fins_FinsT
Pages:
1
This is my favourite topic
Community
EVERSPACE 2Warning: malware suspicion for 0.5.18385 hotfix(4 posts)(4 posts)
(4 posts)