RetroPie forum home
    • Recent
    • Tags
    • Popular
    • Home
    • Docs
    • Register
    • Login
    Please do not post a support request without first reading and following the advice in https://retropie.org.uk/forum/topic/3/read-this-first

    Emulationstation Ransomware?

    Scheduled Pinned Locked Moved Help and Support
    emulationstaionvirus
    7 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      suff22886
      last edited by

      Hi guys i have been setting up emulationstation over the past few days and everything is working great. Got to N64 scraping and all of a sudden a message "file system full" allthough i have plenty of space on the harddrive, then it crashes. Anti-virus pops up saying ransomware detected in emulationstation and removing emulationstation.

      Anybody else had this or know why this would have happened? i havent added any new roms ive just done some scraping today

      KN4THXK mituM 2 Replies Last reply Reply Quote 0
      • KN4THXK
        KN4THX @suff22886
        last edited by KN4THX

        @suff22886 Would you mind giving more information about your system? The requested info is here right under the first five steps:

        https://retropie.org.uk/forum/topic/3/read-this-first

        "If you're gonna play the Game Boy, You gotta learn to play it right" - https://www.youtube.com/watch?v=FYLGl92ETNQ

        1 Reply Last reply Reply Quote 0
        • madmodder123M
          madmodder123
          last edited by madmodder123

          I assume you are running Windows...
          Can you post the title of the virus it says it finds?
          Examples:
          Adware.IntelliDownload
          Adware.ISearchHelpW
          Adware.ISMonitor
          Adware.KMGuide
          Adware.Kraddare
          Malmsey.806
          Maltese Amoeba (2)
          MalwareCrush
          Mammoth (b)

          ETC

          1 Reply Last reply Reply Quote 0
          • mituM
            mitu Global Moderator @suff22886
            last edited by

            @suff22886 Please give more info about your setup - https://retropie.org.uk/forum/topic/3/read-this-first. Where did you get the Emulationstation binary ?

            1 Reply Last reply Reply Quote 0
            • S
              suff22886
              last edited by

              Hi yes its windows, sorry i dont have much more information :-( that is what is annoying me. my anti virus, detected it and immediately removed the .exe i still have everything else. all i can find is this

              04/08/2018 00:05:25
              Behavior Blocker detected suspicious behavior "CodeInjector" of "C:\Users\suff2\Desktop\emustation\emulationstation.exe" (SHA1: 3242EB7322F5D7628EA719D03B48514559670662)

              its the latest version of emulationstation
              https://retropie.org.uk/forum/topic/9094/updated-emulationstation-for-windows

              is it suspicious of the gameslist.xml its creating?

              mituM 1 Reply Last reply Reply Quote 0
              • mituM
                mitu Global Moderator @suff22886
                last edited by mitu

                @suff22886 I ran the 2 .zip files provided by the @jdrassa in his repository through VirusTotal and the result is they're both clean:

                • EmulationStation-no-deps-Win32.zip report at https://www.virustotal.com/#/url/cb638ac523fabd5b1a1a07824f59b0947148689d34898b20270fb104337098f3/detection
                • EmulationStation-Win32.zip, report at https://www.virustotal.com/#/url/eeae7ba6dc059a207b2e16cbb47b066f8fa1e04b3947912fefd1be8a172c0f01/detection

                Whatever virus/malware you have now on your PC, it's not from the Emulationstation binaries.

                1 Reply Last reply Reply Quote 0
                • S
                  suff22886
                  last edited by

                  i did put the same .exe back and everything is working again. i think my anti virus just got abit paranoid about the gameslist.xml it was creating perhaps

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Contributions to the project are always appreciated, so if you would like to support us with a donation you can do so here.

                  Hosting provided by Mythic-Beasts. See the Hosting Information page for more information.