I’ve got all my files correctly installed from the epic games launcher, yet it still says my hitman version is modified/cannot find game foulder. Is it because I bought the game via a key? Or because I run admin perms over another account? I can’t find the issue!
So what can I do about that then? I still bought the game, but can’t use the mods
How did you buy the game? Was it through the Epic store?
When you said it was via a key made me think it was from a key gen or some other shady method to get the game without going through official channels. If so, then you won’t be able to use SMF.
1 Like
I bought the key on MMOGA and then redeemed the code in the Epic Games Store. (Where I downloaded Hitman then)
2 Likes
And the game works perfectly fine; I can access online mode and made an IOI Account. So what can I do?
1 Like
Can I ask here? I’m a newbie and a code buyer in the Epic Games Store, I want to know where can I access these mods? I can’t use the mod.
1 Like
We’ll have to wait for the response of Atampy26
3 Likes
Thank you for your answer. So maybe I have to wait right? This doesn’t matter if I play another party game like techloky until I get the correct answer right?
1 Like
Do you have any files in C:\ProgramData\Epic\EpicGamesLauncher\Data\Manifests?
Same goes for @JeriStacy
1 Like
By “access” do you mean download? If so, google Nexus Mods. You’ll need an account.
1 Like
I do, a bunch of files with random letters and numbers and a “Pending” folder (nothing inside)
Try this file: https://file.io/O8zEUjMoiy0n
Running it should flash a console window and then create a file called data.json next to the EXE file; it should have a list of all the detected EGS games on your computer, which if you send here should help to debug this.
“The transfer you requested has been deleted.”
This one should work: https://gofile.io/d/ZBRGfA
Yeah no, I’m not going to execute that file. Both windows defender and virustotal flagged this file as Trojan.
They should make it official
1 Like
Well, you’ve already executed one file I made so I don’t see how this is exposing you to any additional risk.
In addition to that, if you actually look at the VirusTotal report you’ll see this:
Let’s look at those three engines which detected it:
Searching that first one will bring you these results:
Notice how one of those image results is a report with 2 detections? That’s pretty similar to this case, and would either mean that Cynet is better than the ~68 other antiviruses, or that it’s a false positive. You’ll also notice that the last result in the list refers to Cynet accusing rustup-init.exe of being “malicious (score: 100)”. That file is a programming tool developed by the Rust programming language foundation. Guess what language quite a bit of the SMF and its tools are developed in? Unless Cynet has discovered a conspiracy that even Microsoft doesn’t know about, I doubt that it’s particularly trustworthy.
DeepInstinct is not a very well-known company, and you won’t really find much googling for it and VirusTotal. You will find this though:
Symantec, the company who creates Norton (the antivirus which once flagged Spotify as a trojan, though that was a while ago, the company which deliberately whitelisted a keylogger made by the FBI and the company who “has been criticized by some consumers for perceived ethical violations, including allegations that support technicians would tell customers that their systems were infected and needed a technician to resolve it remotely for an extra fee”), is not necessarily bad at their job. You will however notice that the detection note is “ML.Attribute.HighConfidence”. The ML here stands for “Machine Learning”; this detection was made by an AI purely based on how the program seems. My only guess here is that it flags anything which reads the registry and system files, though that is a lot of programs.
I’m not sure why your Defender flagged it as a trojan, given this:
It may however have flagged it as being uncommonly downloaded, which usually triggers a scary warning intended to protect people from little-known malware and in practice usually happens to anything whatsoever.
If you don’t trust the 67 antiviruses that say it’s safe, you could also verify it yourself by looking at the 88 total lines of code which make up the program:
use std::fs;
use anyhow::{Context, Result};
use registry::{Data, Hive, Security};
use serde_json::{to_string, Value};
fn main() {
let mut errors = vec![];
(|| -> Result<()> {
let mut bla = vec![];
if let Ok(hive) = Hive::CurrentUser.open(r#"Software\Epic Games\EOS"#, Security::Read) {
match hive.value("ModSdkMetadataDir") {
Ok(Data::String(d)) => {
if let Ok(entries) = fs::read_dir(d.to_string_lossy()) {
for entry in entries
.filter_map(|x| x.ok())
.filter(|x| x.file_type().ok().map(|x| x.is_file()).unwrap_or(false))
{
if let Ok(manifest_data) = serde_json::from_slice::<Value>(
&fs::read(entry.path()).with_context(|| {
format!("Reading EOS manifest {}", entry.path().display())
})?,
) {
bla.push((
manifest_data
.get("AppName")
.context("AppName")?
.as_str()
.context("as_str")?
.to_owned(),
manifest_data
.get("AppName")
.context("AppName")?
.as_str()
.context("as_str")?
.to_owned(),
manifest_data
.get("DisplayName")
.context("DisplayName")?
.as_str()
.context("as_str")?
.to_owned(),
manifest_data
.get("MainGameAppName")
.context("MainGameAppName")?
.as_str()
.context("as_str")?
.to_owned(),
));
} else {
errors.push(format!(
"Could not manifest with contents '{}' as JSON",
fs::read_to_string(entry.path()).with_context(|| {
format!("Reading EOS manifest {}", entry.path().display())
})?
))
}
}
} else {
fs::write(
"data.json",
"[\"Could not read entries of mod SDK metadata dir\"]",
)?;
panic!("Wrote error to data.json")
}
}
_ => {
fs::write(
"data.json",
"[\"Could not read ModSdkMetadataDir as string\"]",
)?;
panic!("Wrote error to data.json")
}
}
}
fs::write("data.json", to_string(&(bla, errors))?)?;
Ok(())
})()
.unwrap_or_else(|e| {
fs::write("data.json", to_string(&[e.to_string()]).unwrap()).unwrap();
panic!("Wrote error to data.json")
});
}
Then why is it reporting it as Trojan:Win32/Wacatac.H!ml on the maximum level? And I doubt that the code would get reported for that.
I’ve also read several articles and websites about the trojan, so I’m still not sure.
Maybe there’s a way to run the program without an .exe file?
Trojan:Win32/Wacatac.H!ml · Issue #2222 · ninja-build/ninja · GitHub
Microsoft Defender Antivirus detected a Trojan in Odoo 16 | Odoo
Known issue: Windows Defender flagging products as Trojans — Community (native-instruments.com)
You’re free to compile and run the program yourself using standard Rust, or manually look through the Registry and files to follow what the code would do automatically.
Alright, I’ll download and execute the file. What do you want me to do afterwards? Also, does the program collect any sensitive information? And can I just delete the .exe after I’ve done everything required? Or does it plant itself somewhere?