Download

Infected File Blocked

Hello

I’m not sure if this is the right place to put this.

I got a virus warning for a UE4 Engine file. I wasn’t using VS or UE4 at all at the time.

jaIzWHi.png

This is the details:

Infected object: BootstrapPackagedGame-Win32-Shipping.exe

Malware: Gen:Variant.Kazy.767225
Path: C:\Program Files\Epic Games\4.10Source\UnrealEngine\Engine\Binaries\Win32\BootstrapPackagedGame-Win32-Shipping.exe
Infected process: [6904] C:\Windows\system32\CompatTelRunner.exe

This was for 4.10.0 so maybe it doesn’t matter anymore but I thought it was odd.

Interesting, I saw a post just like this today where someone had the same virus warning.

Which OS?.. Win-10 upgrade? … Is this the only warning from the AV?

The interesting part is here Infected process: [6904] C:\Windows\system32\CompatTelRunner.exe
Quick google search give following results.
https://www.google.de/?gws_rd=ssl#q=Infected+process:+[6904]+C:\Windows\system32\CompatTelRunner.exe
Not ue specific, a redirector, but seems to be a fresh problem, be prepared.
You grabbed somewhere else on warez site, or while surfing unprotected on untrusted websites, most times with minimal cloth. ^^

I do surf a TON of websites each day, time for a full system scan :smiley:

I use FF with noScript addon for some years now, and it really limited the incoming attack rate.
It limits it so far, i give temporary access to a site, to use all those eyecandyfunctions there… ^^

CompatTelRunner.exe is part of M$ Win10 upgrade… What’s not comforting is this: Malware: Gen:Variant.Kazy.767225. But with only one warning you need to rule out red-herring virus-signature misdiagnosis… Is this the only warning on the entire PC? Its possible its a false alarm, due to Windows forced updates being enabled and M$ trying to do a scan of “BootstrapPackagedGame-Win32-Shipping.exe” to check if its Win10 compatible. Confirm Bootstrap EXE path matches the UE4-Launcher also as its not specified above…

So I’m on win7 x64. I deleted that entire unreal install and today got this warning.

Infected object: BootstrapPackagedGame-Win32-Shipping.exe

Malware: Gen:Variant.Kazy.767225
Path: D:\UnrealEngines\UE4_10\Engine\Binaries\Win32\BootstrapPackagedGame-Win32-Shipping.exe
Infected process: [1408] C:\Windows\Explorer.EXE

b4fcd090a91a94443db543fe6c3c6e92e1ff560e.png

This is now the latest 4.10 version from GIT and installed on a different drive. I don’t use this computer for much at all besides work and video editing so I’m not sure what I could have gotten on here. Since it’s a different infected process it probably is something bad. I’m going to start running some scans and things but any other advice would be appreciated. Not sure why it is referencing things inside UE4.

In the Engine\Binaries\Win32 directory
4a70db03c4d4707199718435521be414f6913032.png

but the BootstrapPackagedGame-Win32-Shipping_XP.target.xml file in the Engine\Build directory points to the \Binaries\Win32 directory for BuildProduct.

False alarms are quite common so its best to verify the reliability of the AV (as per the doctor get a 2nd opinion etc)…

Is Bullguard up to date with no conflicts? I would download an instant scanner (self-contained exe, no installer) from one of the other AV companies, and / or zip+rar the offending exe and send it via gmail i.e. leverage Google’s scanners…

The problem file is still the same, its just that another windows process is accessing it. How could that be? If automatic updates are enabled, Windows will try and vet your system automatically for Win-10 (CompatTelRunner.exe / explorer checking Win32’s especially) and then force a Win-10 download on you, read: here and here

Bullguard is all up to date and I did full scans with that and mbam. Nothing but two ad cookies. Auto updates aren’t enabled either. I’ll keep looking and post if I get any more alerts or find something.

It’s just weird that it happened in two different engine installs when neither were being used at the time.

Not so, the existence of CompatTelRunner.exe indicates that part of the Win-10 vetting process was run at some stage (its not a subsystem of Win7 by default). Its designed to scrutinize existing apps and particularly query things like 32-bit apps for compatibility.

I suspect something (an event) is triggering the scan. For that look to scheduled tasks, run / runonce reg keys, startup processes, services.msc etc. So what’s the virus warning about? Its probably a bogus virus signature and the virus definitions just need to be updated with an exception made for UE4’s Bootstrapped exe. This happens from time to time, see the article I linked about Steam…