Threat identified: Trojan:Win32/Wacatac.DC!ml

Started 28 Sep 2020
by AlistaireCrowley
in Support Center
My antivirus stops the game from starting as it have identified this Trojan in the gamefolder.

First time this have happened.

What to do?
Mon 28 Sep 2020 6:43 AM by hirox1336
Hey,

i have a similar Problem with the Launcher itself. Yesterday i played normally with no Login Problems or Launcher Problems. Now i get the error message which says: "Operation did not complete successfully because the file contains a Virus or potentially unwanted software"
The phoenix.exe also deletes itself after that message. Any ideas on how to fix it?


PS: I hope its okay that i posted my Problem in this Thread, because it souned so similar
Mon 28 Sep 2020 6:45 AM by Warjon
hirox1336 wrote:
Mon 28 Sep 2020 6:43 AM
Hey,

i have a similar Problem with the Launcher itself. Yesterday i played normally with no Login Problems or Launcher Problems. Now i get the error message which says: "Operation did not complete successfully because the file contains a Virus or potentially unwanted software"
The phoenix.exe also deletes itself after that message. Any ideas on how to fix it?


PS: I hope its okay that i posted my Problem in this Thread, because it souned so similar



This just happened to me ! Poof the Phx launcher is gone. Great way to start the morning. sigh
Mon 28 Sep 2020 6:52 AM by ExcretusMaximus
It's a false positive, and the launcher is missing because your antivirus quarantined it; go to your AV and set the launcher as an exception, then go to the quarantined files section and restore it.
Mon 28 Sep 2020 7:02 AM by Warjon
ExcretusMaximus wrote:
Mon 28 Sep 2020 6:52 AM
It's a false positive, and the launcher is missing because your antivirus quarantined it; go to your AV and set the launcher as an exception, then go to the quarantined files section and restore it.


Thanks. Any idea why this happened now after all this time?
Mon 28 Sep 2020 7:15 AM by Grunf
Windows Defender also detects the phoenix.exe as Trojan:Win32/Wacatac.DC!ml.

No other Antivirus at virustotal does that (yet).
Mon 28 Sep 2020 7:37 AM by gruenesschaf
There was a recent update to our anti cheat capabilities which, like all anti cheat tools with that feature, exhibit similarities to certain trojaners: a remote server can command the client to do certain things, the collection of certain data in case of suspicion in this case.
Some new radar bans will be happening later this week because of this.
Mon 28 Sep 2020 7:39 AM by Zartran
I would be very cautious about restoring Files from anti-virus in this situation. If it was my PC I would just delete the Phoenix Folder and do a fresh install.
My Friend had this happen we looked at the files in the quarrantine folder actually are Win32/Wacatac.D!ml Files.

Here is some information about the program your AV is detecting:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Wacatac.D!ml
https://malwarefixes.com/threats/trojanwin32-wacatac-dml/

It may not be a false possible.
Mon 28 Sep 2020 8:04 AM by gotwqqd
gruenesschaf wrote:
Mon 28 Sep 2020 7:37 AM
There was a recent update to our anti cheat capabilities which, like all anti cheat tools with that feature, exhibit similarities to certain trojaners: a remote server can command the client to do certain things, the collection of certain data in case of suspicion in this case.
Some new radar bans will be happening later this week because of this.
yea
Mon 28 Sep 2020 2:35 PM by AlistaireCrowley
Ok. Thank you all for replies and good answers.

Seems its fixed now.

Nice news with the radar bans
Tue 29 Sep 2020 6:37 AM by Sayuri
gruenesschaf wrote:
Mon 28 Sep 2020 7:37 AM
There was a recent update to our anti cheat capabilities which, like all anti cheat tools with that feature, exhibit similarities to certain trojaners: a remote server can command the client to do certain things, the collection of certain data in case of suspicion in this case.
Some new radar bans will be happening later this week because of this.

i hope i will not be part of this ban wave cause windows defender removed the launcher too
Tue 29 Sep 2020 11:31 AM by Bradekes
Sayuri wrote:
Tue 29 Sep 2020 6:37 AM
i hope i will not be part of this ban wave cause windows defender removed the launcher too

Windows removing phoenix file doesn't mean you've been targeted for cheating. It happened to me too, just follow the guide to fix it.

https://forum.playphoenix.online/server/support-center/26331-recent-launcher-update-and-false-positive-trojan-reports
Wed 30 Sep 2020 7:52 AM by Astaa
Had the same issue, and the guide worked.

Oddly I already had DAOC flagged to pass through the firewall to fix the zoning taking forever issue so you certainly have to have the entire folder flagged.
This topic is locked and you can't reply.

Return to Support Center or the latest topics