Many thanks valeros to share that with us.
Hi. I had already given it up. Thanks to your explanation, I finally got it. Thanks mate.
Nevermind. Just saw the prior post with a possible solution.
Attachment 33754
Positive malware detection on "MINIS GALLERY TOKENS.EXE"
That positive is from Malwarebytes Pro. Windows Defender identifies the malware as "Trojan:Win32/Occamy.C".
Here's a thread about people having trouble removing this exact trojan. It also includes verified instructions to remove it.
This isn't a false positive for a script. This is trojan malware.
Thanks for raising this.
The link you provide is for a very specific malware Trojan:Win32/Occamy.C whereas the screenshot you provide shows Generic.Malware/Suspicious which is this: https://blog.malwarebytes.com/detect...re-suspicious/ a catch all for anything that might be slightly suspicious.
I would expect this to happen sometimes with this specific application as it does connect to the Internet and download files - which is what it's designed to do. Malwarebytes has even tagged Fantasy Grounds as such in the past.
I would say that this is indeed a false positive. But, as usual, if you have any concern using software then don't use it.
Yes, it is a program (not a script) that reads web pages, downloads from the internet, reads the windows registry, and writes to your hard drive. That is definitely going to trigger some anti-virus as suspicious. Check virustotal.com, it runs against a variety of anti-virus and last I checked something like 4 of 72 marked it as suspicious. But as always, be careful. If you don't trust, don't use it.
Windows Defender identifies the specific trojan when you attempt to run it. This isn't a false positive. I'd take a screencap of that too, but it's already gone from my system.
But your risk is your choice ¯\_(ツ)_/¯
edit: Screw it. It's not like I'm not protected. Here's your screen cap. @Trenloe
@valeros I'm a Unity programmer. I know what a script is. And if every script that downloads data triggered antivirus, that alarm would never stop ringing. By your reasoning, my Malwarebytes and Defender should be blaring alarms every time I compile, because I use the Unity DOTS and have run upwards of 8,000,000 entities. I'm not mystified by tech terms, but I'm not here to argue either.
Attachment 33755
I'm not accusing the author of the program. Nor anyone else in particular. The infection could have happened anywhere that file passed along the line. But people should check, to be safe.
Kaspersky rates it safe.
I downloaded it to scan it.
Interesting. My copy shows as clean with MWB. So was it infected when you downloaded it? Or did it become infected while on your machine? I wonder if they updated it with a bad copy after I downloaded it. Hmmm.
dmdaddy, if you downloaded the previous version I posted (on March 21), that will definitely identify in Windows as a virus. I am not sure why but I got exactly what you get for that one. Windows immediately quarantines it. That was the last version I built and posted using .Net 4.x. But once I migrated to .Net Core 3.1, I posted a new one on March 30 and then another on March 31. That one shows as suspicious by "SentinelOne (Static ML)" and clean by the other 71 virus engines.
The old one was identified by 26 of 72 anti-virus engines as a virus. It was one of the reasons (not the only) that I converted this to .Net Core 3.1. (I even mentioned this concept in an earlier post in this thread.) (Although as you say, who knows, maybe that version did get infected somehow.)
valeros, thank you for clarifying. Also, thank you for rebuilding!
Antimalware scanners work (usually) using some combination of hashing and heuristics. It's possible for a perfectly safe file to somehow identify as something completely different. Either it got infected along the way somewhere, or it has to be that. It has been since 2004 or so since last time I saw that happen! It surely can't be that something in .NET 4.x assemblies is doing it. There'd be so many games triggering alarms that it would be well known (and surely patched by now).
I'll try the newer version. Thank you for your work.