RPGM Completed Amelie falls over and over again ~ An endless week in Magic Academy [v1.24] [AVANTGARDE]

[Zastinx]

The virus is deleting itself because it did it's job and that's stealling all your credentials, once that is done the virus is deleting itself to prevent the host realizing it was infected in the first place ( lumma stealer have been a thing for a while and is still very active )

What credentials does it get access to?

 

[draxy]

What credentials does it get access to?

Their usual target are the stored credentials in your browser (saved password, session cookie, emails, ect.. ) and crypto wallet information. there's been a rise of attack using this tool so it wouldn't surprise me if other games are infected

 

[Zastinx]

Their usual target are the stored credentials in your browser (saved password, session cookie, emails, ect.. ) and crypto wallet information. there's been a rise of attack using this tool so it wouldn't surprise me if other games are infected

What a pain, I downloaded it just outside the timeframe, I think, but am not certain of

 

[Helz]

What a pain, I downloaded it just outside the timeframe, I think, but am not certain of

From what I have gathered so far
If you just downloaded the zipfile, that doesnt necessarily mean anything. Whether or not you ran the contaminated .exe file and whether or not did antivirus catch it matters more.
As far as I know you can check users/appdata/local/ for a "MySupergame" folder. If the payload(virus) ran its course, you should find an empty folder since it deletes itself (though we dont know what else it may or may not have left behind). If it didnt succeed entirely but got itself onto your computer, the folder has update.exe and something else in it. I wouldnt go fiddling with the files.

 

[dandanna]

From what I have gathered so far
If you just downloaded the zipfile, that doesnt necessarily mean anything. Whether or not you ran the contaminated .exe file and whether or not did antivirus catch it matters more.
As far as I know you can check users/appdata/local/ for a "MySupergame" folder. If the payload(virus) ran its course, you should find an empty folder since it deletes itself (though we dont know what else it may or may not have left behind). If it didnt succeed entirely but got itself onto your computer, the folder has update.exe and something else in it. I wouldnt go fiddling with the files.

It should also be noted that the virus is downloaded after a certain date. If you started the game before the 20th, you are relatively safe. Since the virus was downloaded to your PC starting on the 20th, which was Wednesday, which is when the positive cases began to be detected.

What I don't know is how it would affect mobile users. I understand that there are quite a few who use their mobile instead of a PC.

 

[tomasturbado]

Interesting

 

[Zastinx]

From what I have gathered so far
If you just downloaded the zipfile, that doesnt necessarily mean anything. Whether or not you ran the contaminated .exe file and whether or not did antivirus catch it matters more.
As far as I know you can check users/appdata/local/ for a "MySupergame" folder. If the payload(virus) ran its course, you should find an empty folder since it deletes itself (though we dont know what else it may or may not have left behind). If it didnt succeed entirely but got itself onto your computer, the folder has update.exe and something else in it. I wouldnt go fiddling with the files.

Found the folder but didn't touch, just put the cursor over to see if it had contents, and it does. Is it safe to just delete it, or do I need to take extra steps?

 

[blackangel199]

where to find record stone anyone ?

 

[Helz]

Found the folder but didn't touch, just put the cursor over to see if it had contents, and it does. Is it safe to just delete it, or do I need to take extra steps?

Then at least portion of the virus scheme most definitely got onto your computer. From what ive gathered here Its supposedly written to trigger on certain date, download the lumma stealer, take what it came for and delete itself, I cant say anything about whether or not did the malicious actor receive the data this scheme was after.. and you have cleaning, then password changing ahead of you just to be safe. In that order.

What ive heard from here its designed to download malicious material, if user has activated the infected exe file, on certain day. In this case it was apparently 20th of august. Note that as long as your computer is infected, changing passwords dont necessarily help at all since virus might just keep just sending them to whoever is behind this. You need to clean the virus off, then change your passwords and restore whatever changes it has tried to make, like exceptions in windows defender or other antiviruses, so it can operate free.. out of interest check windows defenders list of folders set as exceptions if the virus set its own folder as exception from scans.

I cant really tell what advices in regards to cleaning effective since my case was different. I didnt have a folder and files wasnt there despite definitely running the file. Even still there is one at least one user who received notification that their instagram account was being fiddled (whether or not it was unrelated activity.. who knows). I still went through my entire system with whole circus of tools, changed passwords and raked through defender and antivirus for exceptions..
https://f95zone.to/threads/recent-malware-infected-games.207437/

 

[NekoBrother]

where to find record stone anyone ?

you need to go to boys dormitory when your alone and talk to the guy at counter to left side of map

 

[skyris_88]

is it safe to download now ?

 

[Reven23]

Then at least portion of the virus scheme most definitely got onto your computer. From what ive gathered here Its supposedly written to trigger on certain date, download the lumma stealer, take what it came for and delete itself, I cant say anything about whether or not did the malicious actor receive the data this scheme was after.. and you have cleaning, then password changing ahead of you just to be safe. In that order.

What ive heard from here its designed to download malicious material, if user has activated the infected exe file, on certain day. In this case it was apparently 20th of august. Note that as long as your computer is infected, changing passwords dont necessarily help at all since virus might just keep just sending them to whoever is behind this. You need to clean the virus off, then change your passwords and restore whatever changes it has tried to make, like exceptions in windows defender or other antiviruses, so it can operate free.. out of interest check windows defenders list of folders set as exceptions if the virus set its own folder as exception from scans.

I cant really tell what advices in regards to cleaning effective since my case was different. I didnt have a folder and files wasnt there despite definitely running the file. Even still there is one at least one user who received notification that their instagram account was being fiddled (whether or not it was unrelated activity.. who knows). I still went through my entire system with whole circus of tools, changed passwords and raked through defender and antivirus for exceptions..
https://f95zone.to/threads/recent-malware-infected-games.207437/

Do all games in this site have the virus or only the selected ones posted in this thread?

 

[dandanna]

Do all games in this site have the virus or only the selected ones posted in this thread?

For now, those are the ones that have been detected. There may be more. I would be wary of links that are not provided by the creators themselves because you can no longer trust anyone. Those who have found out can take action, but those who have no idea are cooked.

 

[Zastinx]

Then at least portion of the virus scheme most definitely got onto your computer. From what ive gathered here Its supposedly written to trigger on certain date, download the lumma stealer, take what it came for and delete itself, I cant say anything about whether or not did the malicious actor receive the data this scheme was after.. and you have cleaning, then password changing ahead of you just to be safe. In that order.

What ive heard from here its designed to download malicious material, if user has activated the infected exe file, on certain day. In this case it was apparently 20th of august. Note that as long as your computer is infected, changing passwords dont necessarily help at all since virus might just keep just sending them to whoever is behind this. You need to clean the virus off, then change your passwords and restore whatever changes it has tried to make, like exceptions in windows defender or other antiviruses, so it can operate free.. out of interest check windows defenders list of folders set as exceptions if the virus set its own folder as exception from scans.

I cant really tell what advices in regards to cleaning effective since my case was different. I didnt have a folder and files wasnt there despite definitely running the file. Even still there is one at least one user who received notification that their instagram account was being fiddled (whether or not it was unrelated activity.. who knows). I still went through my entire system with whole circus of tools, changed passwords and raked through defender and antivirus for exceptions..
https://f95zone.to/threads/recent-malware-infected-games.207437/

Well, I started playing it on the 22nd. I'll reboot in safe mode, disconnect from the internet, quarantine, then track and delete. Windows Defender has no exceptions.

 

[DarkBahamuth]

I wonder why Peoples still screaming virus alert honestly

 

[Helz]

Well, I started playing it on the 22nd. I'll reboot in safe mode, disconnect from the internet, quarantine, then track and delete. Windows Defender has no exceptions.

Im heavily paraphrasing.
If it works the way ive understood, the key risk was on 20th august when the malwares download condition was set to trigger. Those with the Mysupergame folder and the files in it have figuratively a "bomb" in that folder which goes off if you play run the games infected version exe file.
edited.

 

[Userz]

Im heavily paraphrasing.
If it works the way ive understood, the key risk was on 20th august when the malwares download condition was set to trigger. Those with the Mysupergame folder and the files in it have basically a "bomb" in that folder which didnt detonate because infected exe file smuggled it into system post the critical date. Its launch conditions werent met. I suppose it means some people dodged the bullet but caught casing on the forehead.

Basically if you set your system clock to 20th august 2025 with those files on computer, it would trigger the download, working antivirus would go apeshit, it would try to run the lumma stealer and then self delete (+ whatever else it was designed to do..), leaving only empty folder behind (if even that..).
If date is way before or after that, it just lies there ticking and waiting if there is some other trigger for it.
When talking about malwares and viruses its better to err on safe side.. considering its your passwords, cryptowallets and credentials on the line.

The game had included a script that after the specified date, it would download and run the malware, but it was needed to run the game when the conditions are met, if someone dowloaded the game but didn't run it then nothing happened because the game itself didn't have the virus, it downloaded the virus in the Appdata Folder and ran it

 

[Helz]

The game had included a script that after the specified date, it would download and run the malware, but it was needed to run the game when the conditions are met, if someone dowloaded the game but didn't run it then nothing happened because the game itself didn't have the virus, it downloaded the virus in the Appdata Folder and ran it

So its always chained to tampered game files, stuff in Mysupergames folder cant trigger on its own if its placed onto a system without those tampered files to trigger it and doesnt have other timer related features other than checking is it 20th or post 20th?

 

[Userz]

So its always chained to tampered game files, cant trigger on its own if its placed onto a system without those tampered files to trigger it and doesnt have other timer related features other than checking is it 20th or post 20th? I mean this infected version was spread from 19th, was noticed on 20th when antiviruses started shooting fireworks.

You can check the script they added here in the malware thread, the virus can be downloaded in and after August 20th but you need to run the game.

 

[Zastinx]

Im heavily paraphrasing.
If it works the way ive understood, the key risk was on 20th august when the malwares download condition was set to trigger. Those with the Mysupergame folder and the files in it have basically a "bomb" in that folder which didnt detonate because infected exe file smuggled it into system post the critical date. Its launch conditions werent met. I suppose it might mean some people dodged the bullet but caught casing on the forehead.

Basically if you set your system clock to 20th august 2025 with those files on computer, it would trigger the download, working antivirus would go apeshit, it would try to run the lumma stealer and then self delete (+ whatever else it was designed to do..), leaving only empty folder behind (if even that..).
If date is way before or after that, it just lies there ticking and waiting if there is some other trigger for it.
When talking about malwares and viruses its better to err on safe side.. considering its your passwords, cryptowallets and credentials on the line.

I don't use crypto, and for banking, I don't link to an autofill or keep it on PC. However, there are services I've had linked with credentials, so I still needed to take action. Well, that shits taken care of.

Amelie sucks as a character; she's a boring, barebones NTR slut. I hate her and couldn't identify with how the protagonist is so infatuated by her, and I also felt detached due to his actions at times. I will say to be fair, she was sabotaged by the story itself since her character development was all just becoming more and more slutty, the dev never thought to give any other character development to her. The other girls were pretty good. Elena was definitely the best by far, everything good, nothing bad.