[TERA PC] Summersilk season is here! Pick up Summersilk Robes in the TERA store until August 3. Plus, earn a free Summersilk Robe in our leveling event: https://bit.ly/TERA_summersilk
[TERA Console] To celebrate the launch of the Awakening update, participate in the Awakening Leveling Event! Plus, get free items upon your first post-update log-in. Details: https://bit.ly/awkn_events
[TERA Console] The Awakening update (v84) is now live on all console servers! Read the patch notes here: https://bit.ly/v84notes

XIGNCODE with next patch? Hello EME announce atleast that we are installing malware with this game!!

13840424344

Comments

  • ElinUsagiElinUsagi ✭✭✭✭✭
    sum1 wrote: »
    If uninstalling the game won't get rid of it will rolling back windows first work?

    You dont need to roll back, you can delete the folder and reg entries manually or use the removal tool provided from Xigncode developers.

    It is like removing an antivirus from your computer, yeah, those malware like avast, esset, norton, mc affe, kaspersky and many others of the same kind u_u
  • CassandraTRCassandraTR ✭✭✭✭✭
    STORM33 wrote: »
    That was a quote from MistyTera, and I am glad she mentioned it

    FWIW, though, you don't have turn off Windows Defender or other anti-virus software for this to work, and it only flags rather than do anything to any files it finds, so I'm truly not too sure what they mean.

    Except that this has absolutely been the case in other games and other security software:

    https://old.reddit.com/r/blackdesertonline/comments/42yy1c/xigncode_error_0xe019101a_bd_kr/

    What they mean is they can't log in until they remove or disable their security software. GREAT ANTI CHEAT, RIGHT GUYS? JUST TURN OFF YOUR ANTI VIRUS.
  • vkobevkobe ✭✭✭✭✭
    Dokibun wrote: »
    you need to go outside and stop caring so much

    ElinUsagi supposedly works 50 hours a week and makes bank, but also has Time to play TERA 8 hours a day. How do I know this? Because they say it all the [filtered] time. They have to make sure YOU KNOW not only is their opinion always the right one, but their life is better than yours also.
    ElinUsagi wrote: »
    I am at my office at the moment, can't leave until I finish to check on some files I need for my tax declarations or whatever is called in english e.e

    See? Lol. So sad. Such thin skin.

    Also, how do you have such a good job when you are on the TERA forums ALL DAY LONG, EVERY SINGLE DAY. lol

    it is a good job, because you can stay in tera at your job :p
  • sum1 wrote: »
    If uninstalling the game won't get rid of it will rolling back windows first work?

    I read the only way to get rid of it is to take your computer back to factory settings if you didn't delete Tera before the patch and then you happened to open the game and the patch went through. The only reason I even know about any of this was in global chat while in game last night.
  • sum1 wrote: »
    If uninstalling the game won't get rid of it will rolling back windows first work?
    If you have a system restore point, that should bounce you back to any registry changes before the XIGNCODE rootkit virus was installed. But the folder will probably still be there, you should delete that as well after you restore you PC to an earlier point.

    I'd check your windows services as well, make sure the XIGNCODE virus service isn't running. Not sure how their version works, from the looks of the registry its an actual service so could easily take control of your entire system if its not turned off and removed in the registry.

    I haven't updated my TERA, nor do I intend to because I won't risk it. I may put it on an old laptop to do some tests and see how much data they try to steal off the pc and how much damage it does to the hard drive and cpu.
  • CassandraTRCassandraTR ✭✭✭✭✭
    edited June 2018
    sum1 wrote: »
    If uninstalling the game won't get rid of it will rolling back windows first work?

    Search for xhunter1.sys delete it. Open your regedit and search for the other files. There are multiple how-to's/FAQs on how to do this:

    https://forums.mmorpg.com/discussion/446453/xigncode3-remains-on-your-pc-after-black-desert-client-uninstall-easy-uninstall-procedure

    https://steamcommunity.com/app/102700/discussions/0/364042703864007223/

    And just in case they get mad, one from EME's own former game and their own forums:

    https://forums.enmasse.com/ava/discussion/984/xigncode-usa-error
  • clfarron4clfarron4 ✭✭✭✭
    STORM33 wrote: »
    That was a quote from MistyTera, and I am glad she mentioned it

    FWIW, though, you don't have turn off Windows Defender or other anti-virus software for this to work, and it only flags rather than do anything to any files it finds, so I'm truly not too sure what they mean.

    Except that this has absolutely been the case in other games and other security software:

    https://old.reddit.com/r/blackdesertonline/comments/42yy1c/xigncode_error_0xe019101a_bd_kr/

    What they mean is they can't log in until they remove or disable their security software. GREAT ANTI CHEAT, RIGHT GUYS? JUST TURN OFF YOUR ANTI VIRUS.

    Didn't Windows Defender stop TERA running for a load of people sometime early last year?
  • DL6JEAMTMRDL6JEAMTMR ✭✭
    edited June 2018
    this is a copyed redit post
    https://www.reddit.com/r/DFO/comments/306vq7/okay_i_pretty_much_confirmed_it_xigncode3_is_a/
    Okay, I pretty much confirmed it: Xigncode3 is a joke.
    I discovered that my issues with Xigncode3 killing the game were related to it now somehow being able to retroactively peek at what was running during the launcher. Well then, looks like my clipboard paste script won't work anymore. But, what will?

    Acting on a hunch, I wrote up a very simple keystroke injection testcase; you can see the code here. It's as simple as it gets while still doing what it needs to -- wait ten seconds, then synthesize keystrokes to produce "1aoeuaoeu" in a focused text entry. Using the exact same API AutoHotkey uses to do its thing, mind you.

    I compiled this with MinGW GCC, just a simple "g++ -o injectiontest.exe injectiontest.cpp", with env CXXFLAGS="-O0 -march=native -ggdb" (on a Haswell i7). No optimization, no obfuscation; even the most primitive and basal heuristic analysis will be able to immediately deduce what it's supposed to do.

    On to the testing. I started the launcher, started the testcase as an elevated process, and put the password field in focus. Pasted right in; okay, AHK did that fine, but XC3 would flag it once the game started... nope. Didn't even notice. I hopped into a channel and walked around; this is WAY farther than XC3 would ever let AHK get, even if AHK had been killed off before hitting Play in the launcher.

    But what about ingame, now that XC3 is open and actively monitoring? Nope again. The testcase dumped its string into the chatbox without any interference or notice from XC3. The game continued to run until I manually quit.

    So, Xigncode3 appears to be a simple blacklist scanner, checking for specific programs and killing off the game if they're found. [filtered] poor. Circumventing it is as simple as obfuscating whatever it uses to fingerprint programs, which would be trivially easy, or even simply writing a custom program, which as I have proven would be completely passed over without any additional effort whatsoever on the coder's part. If this is supposed to be a first-line defense against botting, it's a miserable failure right out of the gate. Any skiddie with half a working knowledge of any of C/C++/C#/VB (and more!) could write a bot that'll go unnoticed by XC3. Perhaps there's hidden heuristics to catch new botting/scripting tools and ban accounts using them, but that will only put you at a miserably hopeless disadvantage in an escalating arms race.

    Neople, if you want even half a prayer of beating the gold farmers, you better be using a smarter tool under the surface. Xigncode3 is doing you no favors and only causing headaches for legitimate players. Far as I can tell, there's a significant chance you currently have higher priorities, but this really needs to be addressed at some point, before ending OBT.

    EME probably dosent want this post up here but what ever just to prove what there spyware there adding is a [filtered] joke
  • edited June 2018
    STORM33 wrote: »
    That was a quote from MistyTera, and I am glad she mentioned it

    FWIW, though, you don't have turn off Windows Defender or other anti-virus software for this to work, and it only flags rather than do anything to any files it finds, so I'm truly not too sure what they mean.

    Except that this has absolutely been the case in other games and other security software:

    https://old.reddit.com/r/blackdesertonline/comments/42yy1c/xigncode_error_0xe019101a_bd_kr/

    What they mean is they can't log in until they remove or disable their security software. GREAT ANTI CHEAT, RIGHT GUYS? JUST TURN OFF YOUR ANTI VIRUS.

    Honestly, that's happened temporarily with TERA itself before, even without this program, because compatibility breaks between some update, and the scanner decides to interact with the program in a different way and one party (or both) needs to fix. Disabling your antivirus is just a temporary workaround until the bug gets fixed for people who absolutely don't want to wait (or who want to help identify the root cause), although it would be better for people to wait for the real fix. This is basically a temporarily exception case, though, not any sort of rule. Of course, it's still a negative situation when it happens.
    clfarron4 wrote: »
    STORM33 wrote: »
    That was a quote from MistyTera, and I am glad she mentioned it

    FWIW, though, you don't have turn off Windows Defender or other anti-virus software for this to work, and it only flags rather than do anything to any files it finds, so I'm truly not too sure what they mean.

    Except that this has absolutely been the case in other games and other security software:

    https://old.reddit.com/r/blackdesertonline/comments/42yy1c/xigncode_error_0xe019101a_bd_kr/

    What they mean is they can't log in until they remove or disable their security software. GREAT ANTI CHEAT, RIGHT GUYS? JUST TURN OFF YOUR ANTI VIRUS.

    Didn't Windows Defender stop TERA running for a load of people sometime early last year?
    Yeah this is what I was referring to above. It happened a few times for different people, and they had to get the compatibility fixed.
  • CassandraTRCassandraTR ✭✭✭✭✭
    edited June 2018
    clfarron4 wrote: »
    Didn't Windows Defender stop TERA running for a load of people sometime early last year?

    I believe that was a problem specific to windows 10. I didn't have that specific problem, so I'm just going off of my memory here, so I could be incorrect.
  • MeningitisMeningitis ✭✭✭✭
    > Check forums
    > 107 new posts
    > Still nothing from EME
    > h a h
  • CassandraTRCassandraTR ✭✭✭✭✭
    edited June 2018
    Meningitis wrote: »
    > Check forums
    > 107 new posts
    > Still nothing from EME
    > h a h

    There's not going to be anything. The final word is what was posted by SeanDynamite in the News forum. It's installed, without your consent, without you signing a EULA, without you accepting terms and conditions, and automatically has kernel access. You can accept it or not play. I'm still debating on whether to update, and I probably will for a week or longer.

    (Did you know XINGCODE3 does this same thing on Android devices, and that is totally against Google store policy to install without user consent? Fantastic company we are dealing with.)
    Also for those not aware I found XingCode installed along with Nexon Titles on my android phone, it completely modified my android phones files, caused the device to fail to the point where I had to replace the SD card, restore a backup, and lost all data. It was also against Googles Policy, for these apps to be on the Google Play store as they did not properly inform the customer and are not safe as they don't respect privacy.

    https://forums.bladeandsoul.com/profile/1145851-lilithdragonflower/content/?type=forums_topic_post
  • MeningitisMeningitis ✭✭✭✭
    edited June 2018
    @CassandraTR Yeah, I know there won't be. We all knew before this thread even hit page 20. It's just sad.
  • So... I know someone who tried the UN PATCHED UN "BYPASSED" proxy, and works 100% fine. XC cant see nothing :p
  • Things like hackshield, gameguard, xigncode are notorious for being a privacy threat to your system. They are a highly intrusive, elevated process which logs and collects a lot of potentially sensitive information, which most likely has write access to your local filesystem. Those kinds can also monitor all your network ports and most likely access anything you have authenticated access to. They also monitor your system's memory (to prevent memory hacks) and god knows what else it can find there. I've also heard rumors about xigncode having access to every recently changed file in windows and stroke keylogging. They will also crash the game the moment they find any remotely 'threatening' program in your file system, dropbox or any cloud you have access to. It once crashed my game when I was using Visual studio (maybe it even reads whatever source code you're writing, who knows). They will also routinely [filtered] up if they find you using VMs or anything too different from an average consumer computer.

    What they do with this information remains to be seen. I don't think they use it for explicitly dishonest purposes (it's probably just looking for known signatures like your antivirus would), but the issue remains that it's still a rootkit and could potentially be compromised by a third party that would literally grant full access to your machine.

    Unfortunately, due to how games in Korea work (you have to authenticate your account with a valid KSSN/phone number), this actually cuts down any kind of hacking for them, which in return means their games can get away with offloading more and more things client side. This isn't the case when those games get ported to the West, since anyone can create free accounts anonymously and start abusing their poor client server architecture.

    I recently read this in the web
This discussion has been closed.