Adlice forum

General Category => Malware removal help => Topic started by: cinder on April 29, 2023, 03:00:52 AM

Title: False Positive on BakkesMod for RocketLeague?
Post by: cinder on April 29, 2023, 03:00:52 AM

Hi, my son wants to put this on the PC for his RocketLeague, it gives him access to extra features in the game. None of my other AV triggers (Bitdefender, Malwarebytes) - just RogueKiller and upon launch of the program only (not doing a passive scan on the file). I believe this is due to the exe exhibiting malware-like behaviour as it injects into the RL executable upon launch. It comes up as adw.dealply. Please let me know what you need from me for analysis.

Here is a link to the installation zip file: https://github.com/bakkesmodorg/BakkesModInjectorCpp/releases/latest/download/BakkesModSetup.zip (https://github.com/bakkesmodorg/BakkesModInjectorCpp/releases/latest/download/BakkesModSetup.zip)

Plenty of support on why this happens, but doesn't mean I want to blindly add a rule for it:

https://docs.google.com/spreadsheets/d/1a-VUXfPUPS9S_OIOzdCC_tA6yyZ2ouj3OzTJnVkfD8I/edit#gid=0 (https://docs.google.com/spreadsheets/d/1a-VUXfPUPS9S_OIOzdCC_tA6yyZ2ouj3OzTJnVkfD8I/edit#gid=0)

As it doesn't trigger any of my other AV I presume those have it whitelisted, so wanting to verify with RK support.

Let me know if anything else is needed. Thank you.

Title: Re: False Positive on BakkesMod for RocketLeague?
Post by: Curson on April 29, 2023, 01:05:27 PM

Hi cinder,

Thanks for your feedback.

BakkesMod injects into process, that's why it was added as a detection.
However, on further inspection, it appears to be safe. We will remove the detection in a few days.

Regards.

Title: Re: False Positive on BakkesMod for RocketLeague?
Post by: cinder on April 30, 2023, 06:42:43 AM

Thank you Curson, figured as much. Will allow it to run :)

Title: Re: False Positive on BakkesMod for RocketLeague?
Post by: Curson on April 30, 2023, 11:13:08 AM

Hi cinder,

You are welcome.

Regards.