Joshua Stream Pre
Page 6 of 7 First ... 4567 Last
  1. #51
    Many thanks valeros to share that with us.

    Quote Originally Posted by RickSaada View Post
    This is super cool, but in case anyone else runs into the same problem I did, be sure you download the *correct* version of .net. It tells you that you need to download .net, but it doesn't specify that to run this, you need the x86 version, not the 64 bit version. You also need the Desktop App version, not the Core version. I think I managed to do all the wrong combinations before I figured out the problem. Sigh. But now that it's running it's great!
    Hi. I had already given it up. Thanks to your explanation, I finally got it. Thanks mate.

  2. #52
    Nevermind. Just saw the prior post with a possible solution.

  3. #53
    00000000000000000.png

    Positive malware detection on "MINIS GALLERY TOKENS.EXE"

    That positive is from Malwarebytes Pro. Windows Defender identifies the malware as "Trojan:Win32/Occamy.C".

    Here's a thread about people having trouble removing this exact trojan. It also includes verified instructions to remove it.

    This isn't a false positive for a script. This is trojan malware.
    Last edited by dmdaddy; April 15th, 2020 at 19:35.

  4. #54
    Trenloe's Avatar
    Join Date
    May 2011
    Location
    Newcastle, UK (for a bit)
    Posts
    26,101
    Quote Originally Posted by dmdaddy View Post
    00000000000000000.png

    Positive malware detection on "MINIS GALLERY TOKENS.EXE"

    That positive is from Malwarebytes Pro. Windows Defender identifies the malware as "Trojan:Win32/Occamy.C".

    Here's a thread about people having trouble removing this exact trojan. It also includes verified instructions to remove it.

    This isn't a false positive for a script. This is trojan malware.
    Thanks for raising this.

    The link you provide is for a very specific malware Trojan:Win32/Occamy.C whereas the screenshot you provide shows Generic.Malware/Suspicious which is this: https://blog.malwarebytes.com/detect...re-suspicious/ a catch all for anything that might be slightly suspicious.

    I would expect this to happen sometimes with this specific application as it does connect to the Internet and download files - which is what it's designed to do. Malwarebytes has even tagged Fantasy Grounds as such in the past.

    I would say that this is indeed a false positive. But, as usual, if you have any concern using software then don't use it.
    FG Con 16 Fantasy Grounds Online RPG Convention - Postponed New date To Be Confirmed.
    Register at www.fg-con.com for all the latest info.

    Private Messages: My inbox is forever filling up with PMs. Please don't send me PMs unless they are actually private/personal messages. General FG questions should be asked in the forums - don't be afraid, the FG community don't bite and you're giving everyone the chance to respond and learn!

  5. #55
    Yes, it is a program (not a script) that reads web pages, downloads from the internet, reads the windows registry, and writes to your hard drive. That is definitely going to trigger some anti-virus as suspicious. Check virustotal.com, it runs against a variety of anti-virus and last I checked something like 4 of 72 marked it as suspicious. But as always, be careful. If you don't trust, don't use it.

  6. #56
    Windows Defender identifies the specific trojan when you attempt to run it. This isn't a false positive. I'd take a screencap of that too, but it's already gone from my system.

    But your risk is your choice \_(ツ)_/

    edit: Screw it. It's not like I'm not protected. Here's your screen cap. @Trenloe

    @valeros I'm a Unity programmer. I know what a script is. And if every script that downloads data triggered antivirus, that alarm would never stop ringing. By your reasoning, my Malwarebytes and Defender should be blaring alarms every time I compile, because I use the Unity DOTS and have run upwards of 8,000,000 entities. I'm not mystified by tech terms, but I'm not here to argue either.

    00000000000000000000000000000001.png

    I'm not accusing the author of the program. Nor anyone else in particular. The infection could have happened anywhere that file passed along the line. But people should check, to be safe.
    Last edited by dmdaddy; April 15th, 2020 at 20:53.

  7. #57
    Doswelk's Avatar
    Join Date
    Jul 2005
    Location
    Surrey, UK
    Posts
    2,169
    Kaspersky rates it safe.

    I downloaded it to scan it.
    Last edited by Doswelk; April 15th, 2020 at 22:58.
    My players just defeated an army, had a dogfight with aliens, machine-gunned the zombies, stormed the tower, became Legendary and died heroically

    Yours are still on combat round 6

    Get Savage
    Ultimate License Holder.
    First GM to post a game for the original FG Con!

  8. #58
    Interesting. My copy shows as clean with MWB. So was it infected when you downloaded it? Or did it become infected while on your machine? I wonder if they updated it with a bad copy after I downloaded it. Hmmm.

  9. #59
    dmdaddy, if you downloaded the previous version I posted (on March 21), that will definitely identify in Windows as a virus. I am not sure why but I got exactly what you get for that one. Windows immediately quarantines it. That was the last version I built and posted using .Net 4.x. But once I migrated to .Net Core 3.1, I posted a new one on March 30 and then another on March 31. That one shows as suspicious by "SentinelOne (Static ML)" and clean by the other 71 virus engines.

    The old one was identified by 26 of 72 anti-virus engines as a virus. It was one of the reasons (not the only) that I converted this to .Net Core 3.1. (I even mentioned this concept in an earlier post in this thread.) (Although as you say, who knows, maybe that version did get infected somehow.)

  10. #60
    valeros, thank you for clarifying. Also, thank you for rebuilding!

    Antimalware scanners work (usually) using some combination of hashing and heuristics. It's possible for a perfectly safe file to somehow identify as something completely different. Either it got infected along the way somewhere, or it has to be that. It has been since 2004 or so since last time I saw that happen! It surely can't be that something in .NET 4.x assemblies is doing it. There'd be so many games triggering alarms that it would be well known (and surely patched by now).

    I'll try the newer version. Thank you for your work.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
SWADE Playlist

Log in

Log in