Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

Sign up now!

Resolved Trojan:Script/Wacatac.H!ml

Joined
May 19, 2022
Messages
6
toady i turned on my computer and started runemate (after clicking yes, i trust this aplication, basically giving the app administrator access to my pc), instantly a windows defender antivirus notification popped out and said that a thread was found on my computer, when i see the source of it i got surprised, turns out that comes from runemate, i inmediately quarentine it and delete all runemate stuff that was left in my pc, the malware that was instaled and executed caught up by windows defender was:
Trojan:Script/Wacatac.H!ml
i want an explanation of this, if posible, because i might now be in danger of a posible malware attack where they steal all my information posible
 
Client Developer
Joined
Oct 12, 2015
Messages
3,760
toady i turned on my computer and started runemate (after clicking yes, i trust this aplication, basically giving the app administrator access to my pc), instantly a windows defender antivirus notification popped out and said that a thread was found on my computer, when i see the source of it i got surprised, turns out that comes from runemate, i inmediately quarentine it and delete all runemate stuff that was left in my pc, the malware that was instaled and executed caught up by windows defender was:
Trojan:Script/Wacatac.H!ml
i want an explanation of this, if posible, because i might now be in danger of a posible malware attack where they steal all my information posible

Someone reported this to me earlier today, I'm investigating.
 
Joined
May 19, 2022
Messages
6
Someone reported this to me earlier today, I'm investigating.
idk it this helps you but here is the directory of the file where the thread was found, in runemate-game-api.jar: file: C:\Users\*\RuneMate\resources\runemate-game-api.jar
 
Mod Automation
Joined
Jul 26, 2013
Messages
3,046
The leading theory is that it is a false positive caused by a bad Windows Defender update for this particular detection type that went out this week. Other legitimate software, like CrystalDiskMark, is also being flagged and someone even got it to, allegedly, flag a couple of jpg pictures (!), ref: https://www.reddit.com/r/computerviruses/comments/x1af2y/comment/jdcmurl/.

Kindly report the false positive to Microsoft @ Submit a file for malware analysis - Microsoft Security Intelligence, so that they can get this fixed.
 
Joined
Apr 23, 2019
Messages
31
toady i turned on my computer and started runemate (after clicking yes, i trust this aplication, basically giving the app administrator access to my pc), instantly a windows defender antivirus notification popped out and said that a thread was found on my computer, when i see the source of it i got surprised, turns out that comes from runemate, i inmediately quarentine it and delete all runemate stuff that was left in my pc, the malware that was instaled and executed caught up by windows defender was:
Trojan:Script/Wacatac.H!ml
i want an explanation of this, if posible, because i might now be in danger of a posible malware attack where they steal all my information posible
I've been using Runemate for almost 4 years, Never had any security issues.

Make sure your email and your OSRS account both have 2fa If they don't have it already.
 
Joined
May 10, 2022
Messages
9
so, this says resolved. are we able to use the bot again or is it still going to deny use due to extension errors and Trojans?
 
Client Developer
Joined
Oct 12, 2015
Messages
3,760
so, this says resolved. are we able to use the bot again or is it still going to deny use due to extension errors and Trojans?

I had to add an exclusion to Windows Defender and then restart my PC to get it to work again, but we did release an update today which (hopefully) isn't flagged so it should work again with no intervention.
 
Joined
May 10, 2022
Messages
9
I had to add an exclusion to Windows Defender and then restart my PC to get it to work again, but we did release an update today which (hopefully) isn't flagged so it should work again with no intervention.

awesome to hear!
 
Top