SF5 ROOTKIT

Latest SF5 patch installs a LITERAL ROOTKIT on your computer

theregister.co.uk/2016/09/23/capcom_street_fighter_v/

>Wait 5 months for an update
>Capcom gives you a virus

Other urls found in this thread:

reddit.com/r/Games/comments/545cjy/sfvs_new_pc_update_is_accessing_kernel_level_in/d7z4eev
fuzzysecurity.com/tutorials/16.html
twitter.com/AnonBabble

It's been rolled back yesterday already.

Oh its fine then! Good on them!

too late im already infected

Why do companies keep thinking they can get away with this? I thought Capcom was smarter than this.

The PC port is probably outsourced to some chink or poo in loo who thought they could slip this in. Don't see what Capcom would really stand to gain from it.

restart and you can delete it

They didn't, they removed it.

>install malware on people's computers
>"but we changed our minds!"

How can one company be so incompetent?

you cant and it loads into the system every time you boot

how much is capcom paying you?

You're kinda missing the whole part where it's a rootkit. Unlike regular malware a rootkit hooks into the actual OS and forces the OS to load it on startup. This makes it far more annoying to remove and if you don't remove it then it can cause the OS to become unstable and also cause vulnerabilities with the OS. This is not even mentioning the fact that the rootkit could be doing basically anything it's running with root/administrator level privileges. Rootkits are not legitimate which is why they're all considered a form of malware

>Fighting games
>on PC
Many Keks

>capcom released a rootkit to every SFV owner

What the fuck?

Why?

What were they thinking?

restart in safe mode

money

the entire pc team is probably outsourced to some random chinese firm with little to no supervision by capcom themselves

either that or literally everyone at capcom is retarded

>the PC port is still kind of functional
>we must remedy the situation

Are you two tech illiterates?

restart in safe mode
delete it


wooooooooooooooooooooooow

>everyone literally forgot what sony did a couple of years ago
>shocked that a sony funded game does the same shit again

Fucking retards. You should know already that sony quite literally wants to destroy PC gaming.

Now including rootkit defense.

reddit.com/r/Games/comments/545cjy/sfvs_new_pc_update_is_accessing_kernel_level_in/d7z4eev


>Since this driver is so small, it's also extremely easy to tell what it does. After taking a look, I would never let this product run on my machine.

>1. The driver first registers itself using a pseudo-randomly generated name. That's kind of suspicious. It also doesn't specify any security, so any user at any privilege level can attempt to open and control the device. That's bad.
>2. It sets up custom handlers for opening the device object, closing the device object, and performing ioctls on the device object. This is pretty normal, although a driver that didn't set up basic security when creating its device should perform security checks when opening the device. This driver does not.
>3. The ioctl handler is where everything "interesting" happens. It checks for control codes 0xAA012044 and 0xAA013044, does some buffer size checks, disables supervisor-mode execution protection and then runs the arbitrary code passed in through the ioctl buffer with kernel permissions.

>In short, this driver creates a back door which can allow a non-privileged user to run code with permissions of the kernel.

>edit: correction to what the driver does with cr4, thanks /u/Mona3000. SMEP is a security feature designed to prevent kernel mode code from ever running user mode code. The driver restores the original value of the bit after running the user code, but that doesn't really improve the situation.
Straight up malware. Defeats security features built into the OS and allows anyone to execute code with kernel level privileges.

just delete it

And Denuvo is a literal trojan. And publishers and developers still sanction it, and consumers still defends it.

Are you really that surprised?

>You're not allowed to complain because you can fix their fuck ups!

>You're not allowed to complain
who are you quoting

The fuck does this whole thing mean though? Is some stranger on the other side of the world able to take control of my computer now? How likely is this to happen?

>whoops it was an 'accident' you found us out guys -capcom

I don't know if it makes the system more vulnerable across the net but it does allow any user to elevate their privileges to root level. If your system were compromised by something else and they took over your user account they could use the rootkit to elevate their privileges and affect other parts of the system now that everyone knows it exists.

Nothing, sonyggers overreacting again to tell everyone that their version is superior.

it means literally nothing because its been removed. if it hadnt been removed, it would mean "potentially" someone could figure out a way to exploit it, eventually, maybe. in other words, nothing to worry about. since its already gone.

Normally there is multiple levels of security preventing malware or even straight up computer viruses from doing anything too bad to your computer. This allows someone to do absolutely anything to your computer if you so much as click the wrong link on the internet.

Implication-kun

The fact that it even happened in the first place is ridiculous. Sony got sued for doing the exact same thing, but capcom gets a free pass right?

It's fairly obvious that this 'anticheat' strategy was developed by the Chinese teams they outsourced much of the rest of the game to.

This really smells like contract chinese code.

>costs money to play online
>superior
I seriously wish that neo-Sony would just fucking die. It's beyond me why anyone ever accepted their bullshit.

It's completely mind boggling to me how people could be upset at the Xbox One while welcoming the PS4 with open arms. If you accepted the PS4 you had no damn right to be upset over the Xbox One.
At this rate the PS5 will be just as bad as the Xbox One was initially going to be, but I am sure people are going to meet it with cheers again. Fucking scum.

They then said:
1) Run the game in admin mode.
2) Disable UAC

Both on Twitter and on the Steam Community support forums.

So they effectively encouraged very dangerous behavior.

>locked ini forced to play 8f-lag-edition
it's basically is now

>it means literally nothing because its been removed

Having the inclination to do this and the lack of technical prowess to implement a remotely safe solution is very bad.

This kind of behavior should not be tolerated on Steam, and would not be acceptable on most other marketplaces.

>it means literally nothing because its been removed.
You mean they stopped distributing it. People still have it on their system if they installed it prior to them pulling it.

Sony was just riding on that the fact that Xbox was shooting themselves in the fucking foot, so they went along and said "Look, we're not them, buy a PS4 instead! "and it worked.

but everyone complained and they removed it in hours. whats this free pass youre talking about?

>PC version of a game literally has a rootkit build in
>better deflect to sony

But it's the same fucking shit. It's just the start.
How fucking naïve don't you have to be to pay for restrictions on online play, and not think it will pave the way for future restrictions on used games in addition to other restrictions?

If I was Gabe I'd be suing their asses for distributing literal fucking rootkit malware over my service.

>he entire pc team is probably outsourced to some random chinese firm with little to no supervision by capcom themselves

Hell if they outsourced their own fucking character models I wouldn't be surprised if they outsourced the PC version. Buncha hired chinks no doubt waiting for the appropriate western individual to buy a Capcom game with their malware on it.

I didn't play so I don't have Capcom.sys, can I play it now or will still install that?

Has capcom apologized for it yet?

As he should.

They said apologized for the inconvenience before they rolled out the fix, but after that nothing. Doubt they'll even bring it up again.

Typical PR cut and paste. "We apologize for the inconvenience"

I'd much prefer it if whoever were in charge of the patch committed sudoku on stage.

Whoever had this brilliant idea is probably having his skin flayed right now.

>PC gaming
>Fighting games on PC


Toppest of all keks

>Hell if they outsourced their own fucking character models
It gave us Chun-Li and Cammy, so I'm not complaining.

Funny thing is that ARK also uses a rootkit to stop cheating, and that one is probably in more computers than SFV, even then most people aren't even aware.

Ya'll jocks don't even comprehend what a rootkit is

>paying to use an internet connection you're already paying for

Toppest of all keks.

I don't get it. What's the issue with fighters on PC?

#PCGamerProblems

>being poor

keks. of all Toppest

Okay, let's assume that you're right, we don't. So explain it to us so we are enlightened.

>spending money just because you have it like a retard

keks. of all Toppest

>paying to play games you've already paid for online with internet you've already paid for
How can anyone justify paying for PS+ or Xbox Live Gold?

>user, I know I ate your sandwich, but look, I bought you a burrito!

>Hey bro I fucked your wife but you can have her back

filtered

jealousy is not good for your health

...

>have a gaming PC that outperforms consoles by a large margin
>I am somehow poor

Okay.

>Why do companies keep thinking they can get away with this?
Because they can and they do? They reverted it or w/e but they'll see no real backlash from it.

th....thanks capcom....

i appreciate how you didn't take too long with her this time

Nothing, he's a console turd.

I-it's ok.

I'm guessing the "rollback" didn't remove the rootkit for people who already got it

Isn't that just amazingly slimy

That's exactly what happened. If you got it you still need to go in and remove it manually. You might need to go into safe mode to do so.

But if I didn't got it, now I can play without getting it right?

Yes. The rootkit installed itself if you started up the game during the Urien update. If you didn't since before that you should be fine, but if you did get the newer update restart in safe mode and remove capcom.sys manually.

Also be sure to show hidden files.

kek. I hope it tastes good.

I know the person who made that tweet irl. He is one of the best players in the world at Arcana Heart.

Can I refund the game because of this?

Nothing, he's probably just being an elitist because the tournament standard for fighting games are on console.

kek
a dev's pc just got infected or w/e, someone just fucked up pretty badly

Are rootkits normal in china?

Watching Capcom botch this piece of shit game harder and harder is such a sight to see.

How does this company keep fucking up even after porting Dragons Dogma and Dead Rising to PC?

So much good and then so much bad, it's like a bi-polar person.

Am I infected if I haven't launched the game in a couple weeks? I had it installed, but when I looked at it in my library it said update queued and I uninstalled immediately. Didn't see any Capcom file in my device manager.

please elaborate on this. I have ARK installed, how do I remove battleye? TDSSkiller isn't finding anything

People have tried and got rejected. You need to have less than 50 hours. Even so some people got rejected. Some did succeed.

imagine if your computer was a house

The only way for someone to come inside is to knock on the door. Then you let them in and can watch what they do

A rootkit is like if someone installed a second door to your house. Except you don't have the key to it or control who can come inside.

>UAC

That should be disabled already if you're the only user of your PC. There is no reason to have it on.

>That should be disabled already if you're the only user of your PC. There is no reason to have it on.
are you for real?

Often rootkits don't have an actual key at all because the person who placed them doesn't give a fuck. In that case the only thing stopping other people from using them is the fact that it's not usually noticeable. If someone knows it exists(like in this case) then all bets are off.

no, that's a backdoor
a rootkit is malware that modifies the kernel to hide it's existence
according to it's just a privilege escalation backdoor.
It allows regular code to run as kernel.
So that's not too much of an issue by itself, it just weakens your security slightly because it allows regular non-admin software to get admin rights but it won't allow someone to do anything remotely to your computer(by itself that is).

However, i doubt this is all it did.

>goign with the false analogy
fuck you

anybody want to play gg#Reload?

>persisting with a game that's clearly the worst in the franchise's history
>by doing so, endorsing Crapclown's every action
>literally condemning SF to a future MMO-esque, pay-to-play model (which it already resembles)
>...and the casual pandering gameplay that's inherent in such games and, indeed, 'V' already exhibits
>complaining about rootkits to stop circumventing P2P ransomed content

wake my up inside

>weakens your security slightly
That's an understatement.

>However, i doubt this is all it did.

schadefreud is one thing, but it's actually sad, if you love the genre -- SF [WAS] the best FG franchise out there ...now it's just a piss-poor pale shadow of even its worst prior entries into the series

'IV' took years to refine into something playable, and they just dumped the game overnight for this MMO-like shit-smear and its plodding, casual pandering shit fiesta... I don't think I've seen a more boring Evo top-8 - for ANY game - than SFV this year... shit was excruciating to witness

nor have I seen iteration-to-iteration screw-ups this bad since the Ps2 to Ps3, then Ps3 to Ps3.5 transition... all these nips want now is to milk their IP's to their most profitable, yet they end up killing goose that laid its eggs for so long

yes, i doubt that the analysis posted on reddit was comprehensive as that seems like a really useless backdoor
how so, it's just privilege escalation if that is indeed all it does

Terry Bogard just warned me about this. Fortunately, I never bought the game.

my guess would be it's was for (i) blocking "fight points" work-arounds and (ii) for sending info back to Crapclown re. cracked versions of the game being played

these fuckers care only about fleecing plebes with their ransomed """""content"""", instead of offering a game up that is even remotely worthy of 'IV's' legacy, much less that of the better examples the IP has thrown up

the worst part: shills will still defend this faeces of a fighter and lap up whatever the pin-cock slopes vomit up... thereby condemning the series to shtiware status

no amount of Daigo this and Tokido that will save a game that's fundamentally boring to play, lacks even a fraction of the content of it's predecessor/s and is clearly a vehicle for content ransoming, nay refinement of the genre

>how so, it's just privilege escalation if that is indeed all it does
Privilege escalation is a huge problem.

>browser compromised
>malware searches the disk for "capcom.sys" and if it finds it takes advantage of existing gaping hole in your OS to install itself nicely in the kernel

Capcom is literally Shadowloo

Fighters that aren't Skullgirls and Melty Blood don't really have large scenes on PC.

I have 10, there's still hope

the main issue here is browser being compromised, privilege escalation is comparatively easy.
"some 3rd party drivers, even by reputable companies, contain more holes
than Swiss cheese." from fuzzysecurity.com/tutorials/16.html
But again, i doubt that's all it did because that seems useless.
see

For what fucking purpose would you keep UAC on?

There is no reason to have it on unless you're new to the internet.

There's no reason for using it unless you are literally retarded.

is the drm anything to do with the 8 frame buffer?

it's the OS saying: Hey, this requires special privileges, do you really want this?
it can be slightly annoying at times, but it's rare enough and it tells you when software asks for admin permissions which is a good thing(tm)

Why would you have to worry about that unless you are a retard that actually downloads malware shit?

Because there's always the potential you could download some application from a site you otherwise trusted and had no problems with, and said app needing admin privs for no good reason would be the only red flag that the file was infected, doi.

it doesn't matter how large the scene is on one platform if there's crossplay.

The left doesn't happen in any game, don't kid yourself.

this kind of shit is always massively exaggerated, but it gets the point across

lawsuits when?

common sense

This. Any time a major company does something absolutely retarded (Like Windows 10 sharing your wi-fi to Facebook) it's because they let some chinese or indian dev make major design decisions.

Really, I'm fine with the ones I know in the states, but the ones in China and India are mental. I've even had coworkers that were fine to work with locally turn into absolute shitheads once they relocated to the Indian offices. At the very least they should wait for them to hit the "You know, I like to visit my family but I'm never moving back." stage before they let them make decisions on shit.

use Sandboxie if you're paranoid, offers WAY more protection than UAC