-
April 3rd, 2020, 08:47 #51
- Join Date
- Mar 2020
- Posts
- 1
-
April 7th, 2020, 22:41 #52
- Join Date
- Oct 2017
- Posts
- 22
Nevermind. Just saw the prior post with a possible solution.
-
April 15th, 2020, 19:23 #53
- Join Date
- Mar 2020
- Posts
- 4
00000000000000000.png
Positive malware detection on "MINIS GALLERY TOKENS.EXE"
That positive is from Malwarebytes Pro. Windows Defender identifies the malware as "Trojan:Win32/Occamy.C".
Here's a thread about people having trouble removing this exact trojan. It also includes verified instructions to remove it.
This isn't a false positive for a script. This is trojan malware.Last edited by dmdaddy; April 15th, 2020 at 19:35.
-
April 15th, 2020, 20:18 #54
Thanks for raising this.
The link you provide is for a very specific malware Trojan:Win32/Occamy.C whereas the screenshot you provide shows Generic.Malware/Suspicious which is this: https://blog.malwarebytes.com/detect...re-suspicious/ a catch all for anything that might be slightly suspicious.
I would expect this to happen sometimes with this specific application as it does connect to the Internet and download files - which is what it's designed to do. Malwarebytes has even tagged Fantasy Grounds as such in the past.
I would say that this is indeed a false positive. But, as usual, if you have any concern using software then don't use it.Private Messages: My inbox is forever filling up with PMs. Please don't send me PMs unless they are actually private/personal messages. General FG questions should be asked in the forums - don't be afraid, the FG community don't bite and you're giving everyone the chance to respond and learn!
-
April 15th, 2020, 20:18 #55
- Join Date
- Aug 2009
- Posts
- 261
Yes, it is a program (not a script) that reads web pages, downloads from the internet, reads the windows registry, and writes to your hard drive. That is definitely going to trigger some anti-virus as suspicious. Check virustotal.com, it runs against a variety of anti-virus and last I checked something like 4 of 72 marked it as suspicious. But as always, be careful. If you don't trust, don't use it.
-
April 15th, 2020, 20:38 #56
- Join Date
- Mar 2020
- Posts
- 4
Windows Defender identifies the specific trojan when you attempt to run it. This isn't a false positive. I'd take a screencap of that too, but it's already gone from my system.
But your risk is your choice ¯\_(ツ)_/¯
edit: Screw it. It's not like I'm not protected. Here's your screen cap. @Trenloe
@valeros I'm a Unity programmer. I know what a script is. And if every script that downloads data triggered antivirus, that alarm would never stop ringing. By your reasoning, my Malwarebytes and Defender should be blaring alarms every time I compile, because I use the Unity DOTS and have run upwards of 8,000,000 entities. I'm not mystified by tech terms, but I'm not here to argue either.
00000000000000000000000000000001.png
I'm not accusing the author of the program. Nor anyone else in particular. The infection could have happened anywhere that file passed along the line. But people should check, to be safe.Last edited by dmdaddy; April 15th, 2020 at 20:53.
-
April 15th, 2020, 21:17 #57
Kaspersky rates it safe.
I downloaded it to scan it.Last edited by Doswelk; April 15th, 2020 at 22:58.
My players just defeated an army, had a dogfight with aliens, machine-gunned the zombies, stormed the tower, became Legendary and died heroically
Yours are still on combat round 6
Get Savage
First GM to post a game for the original FG Con!
-
April 15th, 2020, 22:35 #58
- Join Date
- Mar 2020
- Location
- Sammamish, WA, USA
- Posts
- 36
Interesting. My copy shows as clean with MWB. So was it infected when you downloaded it? Or did it become infected while on your machine? I wonder if they updated it with a bad copy after I downloaded it. Hmmm.
-
April 16th, 2020, 00:14 #59
- Join Date
- Aug 2009
- Posts
- 261
dmdaddy, if you downloaded the previous version I posted (on March 21), that will definitely identify in Windows as a virus. I am not sure why but I got exactly what you get for that one. Windows immediately quarantines it. That was the last version I built and posted using .Net 4.x. But once I migrated to .Net Core 3.1, I posted a new one on March 30 and then another on March 31. That one shows as suspicious by "SentinelOne (Static ML)" and clean by the other 71 virus engines.
The old one was identified by 26 of 72 anti-virus engines as a virus. It was one of the reasons (not the only) that I converted this to .Net Core 3.1. (I even mentioned this concept in an earlier post in this thread.) (Although as you say, who knows, maybe that version did get infected somehow.)
-
April 16th, 2020, 01:40 #60
- Join Date
- Mar 2020
- Posts
- 4
valeros, thank you for clarifying. Also, thank you for rebuilding!
Antimalware scanners work (usually) using some combination of hashing and heuristics. It's possible for a perfectly safe file to somehow identify as something completely different. Either it got infected along the way somewhere, or it has to be that. It has been since 2004 or so since last time I saw that happen! It surely can't be that something in .NET 4.x assemblies is doing it. There'd be so many games triggering alarms that it would be well known (and surely patched by now).
I'll try the newer version. Thank you for your work.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Bookmarks