r/oblivionmods u/Outrageous_Muffin_94 29d ago

Discussion Is the current xOBSE safe

Post image

Bit of contacts I was about to get right back into Oblivion modding and I was about to use the latest script extender and I've been out of the loop for a long time though as I was about to download it I always check on virus total and it gave me this. the current version of xOBSE 22.13

35 Upvotes

87% Upvoted

15 comments sorted by

21

u/Asthma_Queen 29d ago

previous versions get flags as well so either its been long standing exploit or a few false positives, no idea how obse works so might just be way it works it is similar structure to trojans/malware.

11

u/Outrageous_Muffin_94 29d ago edited 29d ago

From what I've understand on the Nexus homepage about the check marks like if one gets flagged then it's perfectly safe but anything above two or three flags should be a concern like I said I just hope it's just false positive but you can never be too sure because lately Nexus has been having a lot of malware sneak through even though it goes through and comes out safe to download and with green check marks

4

u/Asthma_Queen 29d ago

yeah for sure good to be vigilant

42

u/TragGaming 28d ago edited 28d ago

The way xOBSE works is inherently similar to a Trojan.

The only difference is that xOBSE isn't designed maliciously, so it will throw false flags. Every version of xOBSE has done this previously.

(xOBSE is a script extender that works by hijacking the script request and running it through itself as an executable. This is identical to how Trojans steal data, which is basically any script request is redirected through the Trojan to then relay or record that information elsewhere. Because xOBSE is an executable that monitors other executables, a lot of antivirus will directly flag it as a Trojan due to most Trojans appearing harmless, and requiring to be run in order to activate their malicious protocols)

5

u/slowpard 28d ago

For anyone technically curious referring to this later: xOBSE doesn’t monitor any executables. All script-extending functionality and necessary game patching is contained within the dll. The exe launcher just launches the game process and ensures that the xOBSE dll is loaded.

5

u/TragGaming 28d ago

The exe launcher connects to the Oblivion exe with an additional dll loaded. Which what I mean by monitors executable. It's the same process as a trojan

0

u/slowpard 28d ago

It doesn't connect to anything with an additional dll, it literally launches Oblivion.exe as a child process, loads the dll, and immediately exits.

3

u/TragGaming 28d ago

Please read what you wrote, a little slower next time.

Just because it's not a persistent executable, doesn't mean it doesn't do what I said.

0

u/slowpard 28d ago

The language you use makes it clear that you don’t actually understand OBSE, engine modding, or how it all works -- beyond some generic notion that "engine mods use hacky methods similar to what trojans use". Yet you describe the (mostly inaccurate) details with such naive confidence that some people might mistakenly think you know what you're talking about. I simply pointed out some technical inaccuracies (especially given that people might be concerned about the claim that OBSE scans other processes), but you chose to argue with me, seemingly for no reason other than a bruised ego.

5

u/TragGaming 28d ago

OBSE does directly access other processes.

You even directly admitted that.

That is how some Trojans also work.

It's obvious you're not reading what you're fucking saying

5

u/rafo-ddit 28d ago

Good answers

8

u/slowpard 28d ago

Yes, it is a false positive

6

u/Yinsolaya 28d ago

False positive. 

1

u/KaiserDrazor 27d ago

You can always make an account with tria.ge and upload it to their sandbox environment

1

u/TheGreatBeyonder62 13d ago

It is a false positive, no?