Help us improve Answers HQ! Take Survey No, Thanks

Virus in Origin Client?

by Slave-Master2u
Reply

Original Post

Accepted Solution

Virus in Origin Client?

★★★★★ Novice

I use Avast Anti-virus. It just gave me notice that a threat was found in "Users/MYUSERNAME/AppData/Roaming/Origin/update.vbe" Says it is a "VBS:Agent-BCX" which is a Trojin. It's embeded: MSEncoded. I looked this up and turns out it's a type of spyware sending users computer info back to it's source. So, my question is real simple. Why is EA doing this? or better yet. Who is ordering or paying them for this? Another order by the NSA from an invisible court?

Message 1 of 8 (7,609 Views)

Accepted Solution

Re: Virus in Origin Client?

★★★★★ Novice

Sorry for not posting update.

The culprit was found.

It was a mod I downloaded from Nexas, the mod had a exe in the zip file. Which somehow was executed via a script installed in DAO when mod was installed. The script launched the exe in the background. The mod has been removed by nexus and the author banned.

So warning anti-virus didn't see it until the game was launched. Not sure how it all works, since I don't write these things. And turns out it wasn't a virus,

but spyware, that once executed sends your Origin account data to a data collection server. So since have changed my account details, including user name for Origin client. Also learned I don't have to run Origin client with DAO or DA2. Only need it for DAI and a few other games.

So problem solved, and the mod is gone. A lesson learned. Now I unzip all mods and carefully check their contents.

 

View in thread

Message 5 of 8 (8,193 Views)

All Replies

Re: Virus in Origin Client?

[ Edited ]
Community Manager

@Slave-Master2u Hi,

 

While the information available on third party websites indeed points towards a Trojan, you are making wrong assumptions regarding how it would have gotten there.

 

EA would have nothing to gain and everything to lose from spreading malware.

 

I would strongly suggest to follow your antivirus software's advice and nuke this file. As other parts of your system may be infected, make sure to run a deep scan and remove any other files reported as affected.

 

If you want to play it safe, you might want to consider wiping the hard drive and reinstalling the system from scratch.

 

As for Origin itself, please ensure to always install it from our https://www.origin.com/download webpage.

 

Cheers,

Nils

 

Message 2 of 8 (7,591 Views)

Re: Virus in Origin Client?

★★★★★ Novice

Did a deep scan. No other problems found. Avast deleteed the file then had it do a boot scan. Which is a through scan that is done before loading Windows.

Have never not had anti-virus running. And everything that is downloaded or installed is scan in real time. Plus if I get anything from people on a disk or USB Storage I scan the individual items before opening them. This includes things like movies, videos, or any documents. etc. Have been using computers since 1990s and this is only the third virus occurance. So if Origin did not install this, then a real mystery is created. Also have all backdoor access points disabled through firewall advanced settings. Remote connection types, as one example. Also do not use public Wi-Fi ever. Anyhow, going to do a clean reinstall of Origin client and see if the file gets reinstalled. If it does, then there will be no mystery. If it doesn't, then I got some searching to do, don't like unsolved mysteries. I'll let you know the outcome shortly.

Message 3 of 8 (7,583 Views)

Re: Virus in Origin Client?

★★ Newbie

I found a trojan virus in FIFA 15 and it was found in my Program files.  I copied from the log report I received this afternoon:

 

Trojan detected Trj/Debeski.A          7/4/2015 1:17 PM          Deleted                              Location: C:\Program Files (x86)\Origin Games\FIFA World\data\sceneassets\kit\kit_81_2_0.rx3

 

I used Panda Antivirus 2015 and it appears to be taken care of but just wanted to let others know that this has been on my pc for quite some time but did no harm to it.  I have yet to find anything that involves the client or other games in Origin.

Message 4 of 8 (6,960 Views)

Re: Virus in Origin Client?

★★★★★ Novice

Sorry for not posting update.

The culprit was found.

It was a mod I downloaded from Nexas, the mod had a exe in the zip file. Which somehow was executed via a script installed in DAO when mod was installed. The script launched the exe in the background. The mod has been removed by nexus and the author banned.

So warning anti-virus didn't see it until the game was launched. Not sure how it all works, since I don't write these things. And turns out it wasn't a virus,

but spyware, that once executed sends your Origin account data to a data collection server. So since have changed my account details, including user name for Origin client. Also learned I don't have to run Origin client with DAO or DA2. Only need it for DAI and a few other games.

So problem solved, and the mod is gone. A lesson learned. Now I unzip all mods and carefully check their contents.

 

Message 5 of 8 (8,194 Views)

Re: Virus in Origin Client?

Community Manager
Thanks for coming back and providing that update. I am glad to hear that you figured out what it was and were able to get it all sorted (as well as helped in removing the mod from the Nexus so no one else will fall prey).
Message 6 of 8 (6,925 Views)

Re: Virus in Origin Client?

★★★ Newbie

HI, i just recently bought the sims 4, and when i started to update it (june 16 update) my scanners indicated that the digital signatures for origin has changed, should i be concerned. Hitman pro alert is what detected the change.

Message 7 of 8 (5,668 Views)

Re: Virus in Origin Client?

★★★★★ Novice

You need not be concerned. Many companies have got new Digital signatures. Mainly because of recent forgeries of company certificates. As long as your only updating through

Origin client, then no need to worry. The client only connects with EA servers.

Message 8 of 8 (5,643 Views)
Twitter Stream