CAN RPG MAKER GAMES FALSE FLAG VIRUS SCANNERS?

Posts

Pages: 1
Yesterday, someone claimed to get a virus from downloading my game: "My virus scanner found this ...\Aladdin\Game.exe: Win.Trojan.Agent-5759995-0 FOUND"

Apparently there is a Trojan with the name game.exe, if that's the case it wouldn't be surprising for RPG Maker games to pick up on virus scanners.
https://www.oshidefender.com/how-to-remove-wiki/trojan/win-trojan-agent-5759995-0.html

Just thought I'd post this as a heads up. The Trojan seems to be pretty recent, I think.

EDIT: He/she tells me they found the false positive by manually running a virus scan. So it's not something that happened on its own.
If it's a VX Ace game and you're distributing through the EXE generated by RPG Maker, some antivirus programs pick it up as a false positive.

You can always just distribute the games through a ZIP or RAR file and most users should be fine. If your game is encrypted, you can generate the EXE, unpack it, and repack the contents in a ZIP/RAR file.

Unless it's the launcher itself that's causing the issue... then you may definitely have a problem. (What the heck kind of antivirus looks for any file named game.exe anyway???)
If it's the regular installer that comes with RPG Maker, you shouldn't really be distributing that anyway. Use something like install creator instead to make your own distribution package.

Create distribution package with RPG Maker to some folder, then install this distribution package yourself to new folder. Now, this installed folder you want to make installer about. It'll have the encryption already in place and all that stuff you need, while benefitting from a more robust and better installer.
Ara Fell has this problem with a certain version of Norton Antivirus, so it can definitely happen. I'd do due diligence and try to be safe and fix it on your end, but if you're not getting multiple reports of this, it's probably fine.

I emphasize the word probably here.

Incidentally, not to be pedantic, but false positive is the word you're looking for here, not false flag, which is a very different thing...
author=Tuomo_L
If it's the regular installer that comes with RPG Maker, you shouldn't really be distributing that anyway.

I shouldn't? Why? :<
author=SgtMettool
(What the heck kind of antivirus looks for any file named game.exe anyway???)

Well the Trojan in question uses that filename.
Guys and gals, I have a question. If hypothetically the game produces a false positive, wouldn't that prove there is no Trojan? For there to be a Trojan there would have to be not one but two (or more) files named game.exe in the download. Am I right? Or it possible for the trojan to be contained in the game?

EDIT: They said they detected the "trojan" by manually scanning the folder with Clam AntiVirus.

So I downloaded ClamWin Free Antivirus and downloaded my game and scanned it, and it came up safe.
However I am unable to update the antivirus for some reason. It keeps timing out, pretty weird. Each time I have no choice but to click stop.


Damn, I was so close to beating this... stupid updater. I guess in the meantime I'll proceed with making my game as though this never happened.

Wait, I know, I can push the burden of proof on the person. Rather than me proving there is no trojan, they should provide a screenshot of the false positive.
author=zeello
Wait, I know, I can push the burden of proof on the person. Rather than me proving there is no trojan, they should provide a screenshot of the false positive.

No, please, no. Don't do that. That sounds super fishy and really poor decision from developer to do so. You'll burn bridges with all people who were interested in your game by doing that!


You shouldn't be distributing using the RPG Maker installer because it's very bad. You should instead make your own installer in the way I said.

author=Me
Create distribution package with RPG Maker to some folder, then install this distribution package yourself to new folder. Now, this installed folder you want to make installer about. It'll have the encryption already in place and all that stuff you need, while benefitting from a more robust and better installer.

There's many free installer programs. I used to use http://www.clickteam.com/install-creator-2 myself.

Also use

https://www.virustotal.com/

To scan your file.
Just to clarify, a trojan is a type of malware which is supposedly a benign program but which is in fact malicious, completely different from a virus which is code that parasites a legit program. For example, a free program that says that converts from one video format to another but it is programmed to instead erase your hard drive is a trojan. Having Windows Media Player suddenly decide to hijack your OS is a virus. So, unless you are a hacker trying to deceive us, no, there is possibly no trojan in your games unless some shady script you're using is. And even then I doubt it.

It's not uncommon to get false positives of that kind with lesser known programs, so don't worry that much about it and just try scanning it with different antiviruses to see if, in fact, there is something wrong with it.
author=Tuomo_L
author=zeello
Wait, I know, I can push the burden of proof on the person. Rather than me proving there is no trojan, they should provide a screenshot of the false positive.
No, please, no. Don't do that. That sounds super fishy and really poor decision from developer to do so. You'll burn bridges with all people who were interested in your game by doing that!

But if there is no Trojan then there's no way for me to prove there isn't one. Well, except by scanning the file myself, which I did.

Also after I asked the accuser to provide a screencap of the false positive *or* to run the scan with a different RPG Maker game, she never replied. It should have been no trouble to do either of those things, in fact I even provided a link to a game hosted on this site with a filesize of only about 40 MB, which is even smaller than my game.

You're saying it's bad publicity for me to do this, but the message I take away from reading that is that I shouldn't say anything when someone claims there to be a Trojan, I should just ignore it because bringing attention to it will make everyone afraid of trying my game. In other words, I should treat all accusations as bogus. Which is probably a good idea, otherwise any troll can derail me from finishing my game or keep others from playing it. If I feel doubt I can still run a scan in private. That's all I can do, I now realize it is foolhardy to expect to receive follow-up or closure from the other party.

author=Tuomo_L
You shouldn't be distributing using the RPG Maker installer because it's very bad.
Still don't want to elaborate what makes it bad? Damn, I scarcely know why installers exist let alone what makes one good or bad. All I know is the default installer makes a single file that unpacks the game in two clicks, no hassle whatsoever, or third-party programs required, I don't see what's bad about it. I might try other installers someday, because why not. But not a priority for me at the moment.

author=EDPVincent
It's not uncommon to get false positives of that kind with lesser known programs, so don't worry that much about it and just try scanning it with different antiviruses to see if, in fact, there is something wrong with it.
I will try that virustotal link Tuomo_L posted above.
author=zeello
You're saying it's bad publicity for me to do this, but the message I take away from reading that is that I shouldn't say anything when someone claims there to be a Trojan, I should just ignore it because bringing attention to it will make everyone afraid of trying my game. In other words, I should treat all accusations as bogus. Which is probably a good idea, otherwise any troll can derail me from finishing my game or keep others from playing it. If I feel doubt I can still run a scan in private. That's all I can do, I now realize it is foolhardy to expect to receive follow-up or closure from the other party.

I never said this. I said it's a bad idea to treat a player as liar and asking for proof for the virus. You as a developer have to prove that there isn't. Put it through Virustotal and screencap it and share a link to the result.


It's really bad publicity if a game maker demands people to show evidence of viruses, most makers take this sort of a thing very seriously and asking for them to "prove it" is a very, very bad idea and may put you into a really bad light.


Honestly, if a maker I reported a virus alarm said that, I'd probably want to do as little as possible with them and their game in future. It sounds super fishy and like you're delibaretely spreading said trojans.

Still don't want to elaborate what makes it bad? Damn, I scarcely know why installers exist let alone what makes one good or bad. All I know is the default installer makes a single file that unpacks the game in two clicks, no hassle whatsoever, or third-party programs required, I don't see what's bad about it. I might try other installers someday, because why not. But not a priority for me at the moment.

The executables don't have digital signatures and therefore stuff like Microsoft smart screen and many virus scanners may flag them as it's usually not a good idea to run unverified executables.

A trusted installer software can provide a verified digital signature which will help solve this problem.


There's many other reasons too, such as better packaging and installing, stuff like uninstallers and auto launch after installation and ability to customize the installer and make it look all fancy.
Ok now ClamWin does detect a trojan. It also detects a trojan in the game I downloaded from rpgmaker.net, therefore I assume it thinks all rpg maker games are trojans.

As for why it didn't detect a trojan before whereas suddenly now it does, it must be because the AV updated itself since then. It no longer asks to update when I start it, it says it was last updated on the 19th, the website says I have the latest version, and when I try to update manually it actually works.

ESET Security still says the file is safe, so that hasn't changed.

I tried virustotal.com, weird site! I did not expect this, I thought it would be a download. Anyway it shows 61 AVs and they all come up safe except for ClamWin. "Probably harmless! There are strong indicators suggesting that this file is safe to use."

Edit: Is it just me or is the game.exe file the exact same across all RPG Maker VX Ace games? Both my game and the other person's game have a game.exe file with the exact same filesize of about 140 kb. I guess this means the false positive is not specific to my game or anyone's game for that matter. All VXA-made games will come up as false positives and only if ClamWin is used to scan the file.

I remove the game.exe file from the folder and scan the folder and it comes up safe, then put game.exe back in and scan it again and it detects a trojan.
Scanning the file itself also detects a trojan.
So it really is just that file, nothing else about the game is malicious.
Mirak
Stand back. Artist at work. I paint with enthusiasm if not with talent.
9300
Most obscure antiviruses almost always detect exe files as viruses/trojans.
Please!Help!
Can someone can make a list of a "verified digital signature" installer programs
for use on RPG Maker VX Ace?
yes it does because unknown exe file is always tagged as a virus by a lot of antiviruses but always double check by scanning. I have malwarebytes and it's working fine for me.
Pages: 1