Still, 4/56 on VirusTotal, with none of the trusted labs like Kaspersky flagging it, means a false positive. Not to mention that you cannot remove an actual virus simply by deleting a temp folder. This is not 1995.
Most likely you had a stuck process from the game or it ran some libraries that hogged the memory.
Comment has been collapsed.
It opens a backdoor. This is why I am saying it is false positive; you can actually use your computer to write here, not in panic mode because your desktop is filled with unwanted ads that don't go away or your network traffic being so slow that this site wouldn't load.
What you experience is just the result of some shoddy coding, not an actual infection.
At any rate, seems to be a game from a greenlight bundle, so my alt account will have it. Eventually. I may check it if I don't forget about this by then.
Comment has been collapsed.
Я не знаю как правильно описать еще народу, что троян какой-то извращенный, который основные антивирусы даже не видят %)
А вот как всё было примерно: http://steamcommunity.com/id/FanSH/recommended/545350/ т.е. уже сразу после запуска игры - систему нагрузило так, что сама игра не реагировала на нажатия кнопок в меню, а после выхода вообще полный трэш начался, который не прошел после перезагрузки.
И лишь зачистив основные скрытые папки, где уже по дефолту прятаются вирусы (не раз приходилось чистить системы у знакомых и в более тяжелых ситуациях) - только после этого отлегло.
Comment has been collapsed.
Самое забавное, мне уже в вк друзья автора игры писали, что "приедут и трахнут во все щели вместе с твоей жирной мамашей" . Сам же автор скрывается. Чел который указан (один из двух) в вк-группе к которой принадлежит эта игра (школьник 14 лет) пише в стиме мол - "я ваще не при делах, меня просто так добавили вконтакте туда" xDDD
Comment has been collapsed.
Наверное, плох не сам гринлайт, а пользователи голосующие за ключи или по знакомству. Вот когда Valve показательно забанит десяток-другой таких накручивающих голоса "разработчиков" и их друзей, тогда хотя бы на некоторое время все исправится. Но сегодняшняя ситуация , когда любая "шляпа" проходит гринлайт всего за неделю меня, как пользователя, немного удивляет
Comment has been collapsed.
Дак, да. Уже с первых минут стали писать "ТЫНИПАНИМАИШЬ ЭТА ГАЛАВАЛОМКА111" и заминусовывать обзор, + угрозы в вк от друзей разраба, и всплыл откуда-то чел который указан был в админке группы, мол "я ваще не при делах" %)) Сейчас вот из минуса в плюс вышел лог вирустотал о_О
Comment has been collapsed.
It's not possible to decompile and reverse-engineer every single bit they host on their servers. You can't really develop a system that automatically does that either, as there would be far too much false positives. The only way to fight with that apart from licenses and terms that explicitly say you can't upload malware, is to hire actual humans that would evaluate every single game on virtual machine, and in addition to that have specialized knowledge of how to detect malware being executed.
Since Valve can't even hire monkeys for their support team, I'm ALMOST SURE that nobody looks into this, and if they do, those are very small exceptions that are made probably after getting signals from customers, never before. Greenlight malware only proves that, I doubt anything changed since then.
Of course, you could in theory just run all of the files through a scanner, but let's be honest - scanners detect only known malware, and nobody would put a detectable and known backdoor in his title. If I was about to put a backdoor in ASF, I'd code it myself and nobody would know about it until it's too late.
Comment has been collapsed.
If I was about to put a backdoor in ASF, I'd code it myself and nobody would know about it until it's too late.
You would need to close source then. Because before first use I checked the source for suspicious places, and I think I'm not the only one. Of course, I tracked only at the start, so if you will add backdoor now - I would not notice.
Comment has been collapsed.
I don't need to, if I wanted to put a backdoor in ASF in a way that nobody would notice, I'd do that. It's not hard to put malicious code in one of the many DLL libraries ASF is using in pre-compiled form, or right in the generated executable file. That's why I repeat that open-source nature of the project guarantees nothing in terms of security if the developer wants to scam everybody. The difficulty of implementing the malware only increases from primary school to secondary one.
Comment has been collapsed.
It guarantees nothing globally, but in case of ASF - I may not see malware itself, but I would certainly see that it is obscure, and would not use it... well, until I see that many people used it without a problem. In common case you can't say "there is a malware in this project", but in particular case when project is small and simple - you can say "there is no malware". And, on the start, ASF was small and simple. Of course, it is because you want code to be clear and understandable. If you wanted otherwise - you could make it complex. As I said above - I would not use it in this case. Just to be on the safe side.
Comment has been collapsed.
For Real?
You recommend people download SpyHunter an out dated software and you have to pay?
Better use Malwarebytes Free Scan and Removal
Comment has been collapsed.
Well I bought it and scanned with Malwarebytes found nothing.
But when I uploaded to Virus Total found 5/55 : https://www.virustotal.com/en/file/32944ef8d4c0966c01482c9bef792b5d515a678a602b77a0f7d4648d42cdfcd2/analysis/1478773212/
Comment has been collapsed.
Ok I did but the game stays on Menu Screen and not responding any of my KB & Mouse or Game controller commands. Pressed Esc and game closed OMG what a trash xD. My PC is working fine, I run a "Hyper scan" and found nothing. Making a Full Scan of my C drive now...
Comment has been collapsed.
First run - too not responding any of my KB & Mouse or Game controller commands. I restart 2 times, and Third run - game worked. I play 6-7 min. exit - and windows, and soft (photoshop) worked so bad (not worked any windows buttons, cant' confirm any action). Picture with 5000px (big size) - open 30 second.
Restart PC - windows still bad worked. Any application long open. images too long open.
And after clean many folder and restart pc - worked fine.
Comment has been collapsed.
ok the complete scan is complete and found nothing. I tried to run the game a third time and still the same.
I already asked for a refund.
Comment has been collapsed.
You know, if I'd seen 4/56 on well-known and wide-used software - I would think it's false positive. But in case of some crappy-cheap-gl-game... I would not be that sure. Even if not intentionally - those type of developers could just have their workstation infected.
Comment has been collapsed.
1 review, nothing in discussion board, i think we shouldn't jump the gun so fast.
Potentially ruining someone with their game, even get reported on what might just as well be a false positive.
Or maybe unknowningly by accident he had a virus on his computer and it slipped through his own game files.
Comment has been collapsed.
Trojan.dropper with InstallShield application.
Well... InstallShield installs files, so...
May I ask you to upload file to https://malwr.com/ ?
or even better, could you upload the exe for me?
I'm into reverse engineering so I might unpack the file manually and see the file (and even decompile if MSIL)
Comment has been collapsed.
Okay. This might be more difficult than I though.
TRID resulted in 83% InstallShield, but it's not InstallSHield (I ran it in VM). Weird...
Tried 7z, but segments are messed up, tried exeInfoPE and ripped one DLL that is "MMFS2" (can't find what is this).
I5comp returned it's not InstallShield nor CAB/SFX
I opened it via IDA, it has extreme amount of exports
I'm going to open it up now with sysinternals Process Monitor (Pretty neat tool)
Comment has been collapsed.
I cannot find malicious algorithm, but indeed after running this app my OS worked extremely unstable. Even rebooted by itself and activated Windows 10 automatic repair function...
It's immune to my tools, I can't unpack it.
I'm sorry I failed you.
Comment has been collapsed.
MMFS2.dll is a part of the Clickteam Fusion 2 software suite -- the game was design and compiled with Clickteam Fusion 2.
The runtime library itself makes calls to: COMDLG32.dll, DDRAW.dll, DSOUND.dll, GDI32.dll, KERNEL32.dll, USER32.dll, and WINMM.dll; common behavior for a game.
Comment has been collapsed.
I'm guessing the exe is made to be hard to reverse engineer. Using something a trojan uses to hide.
Comment has been collapsed.
Confirmation of the presence of the virus AVAST
http://steamcommunity.com/sharedfiles/filedetails/?id=796950990
Добрый день,
Файл будет заблокирован при следующем обновлении вирусной базы данных.
У Вас есть еще вопросы к службе поддержки?
Good afternoon,
The file will be blocked on the next update of the virus database.
Do you still have questions to the support service?
Comment has been collapsed.
I hope this makes it on gaming sites.
Garbage from greenlight games is one thing.
But shit like this is unacceptable.
Comment has been collapsed.
Okay, I received the detailed report on this:
https://www.hybrid-analysis.com/sample/32944ef8d4c0966c01482c9bef792b5d515a678a602b77a0f7d4648d42cdfcd2?environmentId=100
It's hard to say, but looks safe (from IO and access operations). It has protecton against reverse engineering, debugger detection (it happens for games to protect from hacking). Drops executables into temp only and is not modifying any other file... I don't know, maybe I'm missing something.
Comment has been collapsed.
You're not missing anything. The game is clean. It was compiled by the free version of Clickteam Fusion 2 and includes a phone home to Clickteam.
Pattern match: "http://www.clickteam.com"
Pattern match: "www.clickteam.com/pub"
Heuristic match: "DzA7!.ky"
Heuristic match: "aO`+ql.MM"
Heuristic match: "4uO[V5.kg"
Heuristic match: "XwK~P?.tz"
Heuristic match: ">:unjxFv.lv"
Pattern match: "3.Uv/^/"
Heuristic match: "H{AZ.tc"
Heuristic match: "#t63)l.sl"
Heuristic match: "ndtO<.Mu"
Heuristic match: "s9&}DWZmls.Et"
Heuristic match: "_l8u(;.su"
Pattern match: "http://www.clickteam.com/pub"
Heuristic match: "w.clickteam.com"
Standard data collection with UID for the game/publisher.
Comment has been collapsed.
This game is not infected with any malware. All analysis of the included executables reinforce that conclusion. Anyone with heuristic analysis experience can confirm, as I have.
The files you are complaining about are included in every game compiled by Clickteam Fusion 2.
This thread should be considered calling out and OP should either delete/close thread or be suspended.
Comment has been collapsed.
P.S. The link you include in the OP to "http://www.wiki-security.com/wiki/Parasite/TrojanDropper" is not an actual security-related website. If you read it you'd see nothing in the link is anywhere near similar to what you've posted. It's owned by Blue Phantom Marketing LLC., a company licensed by the owners of Spyhunter to funnel downloads to their software via SEO trickery. Spyhunter itself is considered spyware by the security community.
Comment has been collapsed.
You don't seem to understand. The MMFS2.DLL is the only part of the game flagged as "malicious" or "suspicious". The file by itself is on many AVS for a year+ now because it is obfuscated and has lots of privileges -- it's a false positive. It's in every game compiled with Clickteam Fusion 2, specifically Clickteam Fusion 2.5 Free.
If your computer went slow after running this game, it's likely because the developer is not as good as he thinks and released a game with persistent issues (memory leaks, shoddy tmp file handling, wild processes, etc).
Comment has been collapsed.
In any case, you know yourself that the launch of the game - has harmful effect on the operating system.
And see next -> Restart system on windows 7 not helped. Only after remove many folders (and again resrart) - windows again good worked...
Windows 10 "OS worked extremely unstable. Even rebooted by itself and activated Windows 10 automatic repair function"
For the games created on the engine "Clickteam Fusion 2/2.5" - I have never had a claim.
Comment has been collapsed.
No, there is not. No one else has experienced what you've said. No one has removed "many folders" which are standard temporary file directories on Windows.
One person in this thread ran it and said nothing happened. https://www.steamgifts.com/go/comment/9RkXqR4
The person who said Windows 10 Automatic Repair ran after it rebooted by itself can be from a number of reasons -- including someone using tools they aren't entirely knowledgable of or possibly a pre-existing issue. Even then he did not mention he had to remove any files/folders to return to normal; only that it rebooted. https://www.steamgifts.com/go/comment/I1eN4qA
Your claims are unproven still. False positive due to a single DLL file from Clickteam Fusion that is marked as "malicious/suspicious" for over approximately a year because it is obfuscated and phones home.
Comment has been collapsed.
52 Comments - Last post 2 minutes ago by adam1224
206 Comments - Last post 3 hours ago by Joey2741
26 Comments - Last post 3 hours ago by Jarda
31 Comments - Last post 4 hours ago by Pika8
16,295 Comments - Last post 4 hours ago by Haplodh
1,519 Comments - Last post 5 hours ago by Tristar
1,798 Comments - Last post 5 hours ago by Cacciaguida
28,249 Comments - Last post 6 minutes ago by thephilosopher555
378 Comments - Last post 8 minutes ago by Tucs
98 Comments - Last post 15 minutes ago by cheeki7
109 Comments - Last post 20 minutes ago by chechomil
43 Comments - Last post 21 minutes ago by Ninglor03
95 Comments - Last post 23 minutes ago by samwise84
15 Comments - Last post 29 minutes ago by Lugum
Game with trojan: http://store.steampowered.com/app/545350/
NEW LOG (20161113) now 6/56: https://www.virustotal.com/ru/file/32944ef8d4c0966c01482c9bef792b5d515a678a602b77a0f7d4648d42cdfcd2/analysis/1479021719/
upd: Confirmation of the presence of the virus AVAST http://steamcommunity.com/sharedfiles/filedetails/?id=796950990
After run game - your windows worked very-very slow (example: images open ¬30 sec, mouse clicking with delay - 1.5-2 second, button windows worked/folders open after 2-5 sec). Restart not helped.
For remove virus need full clean folder-> user/app/temp/ windows/temp, user/app/cache browser (Chrome, Opera, IE, etc) folders.
After remove and restart pc - windows worked!
+for prophylaxis: need scan with "Malwarebytes"
NOT RUNNING GAME. And report please (hope Valve check again)
Comment has been collapsed.