RPGM Completed Breeding City Welcomes you [v1.0.1] [meteo.H]

[colobancuz]

my AV caught it when it created that exe file so I assume I am fine.

Most likely yes, but you know - better safe than sorry. Personally, I advise you (and everyone else on this site) to at least review your overall approach to security - don't work as an administrator, don't store passwords in your browser, use 2FA wherever possible, and have a firewall. And for extra security, run games from untrusted sources at least in a sandbox. Because there have been cases where antivirus software reacted too late, and who knows what will happen in the future.

 

[khallyl]

I think the kimochi file seems fine. But am kinda lost rn to many windows and shit open

Sure.

Here Bob, hopefully more people buy from meteo.H and support him. i know some people have no money or that they want their money well spent and i'm a f95 user too. so here you go, should (hopefully) be perfectly fine.

You must be registered to see the links

if the problem is here, well, i'm gonna say i took a look at the file and see what 072 say.

 

[Bob69]

Here Bob, hopefully more people buy from meteo.H and support him. i know some people have no money or that they want their money well spent and i'm a f95 user too. so here you go, should (hopefully) be perfectly fine.

You must be registered to see the links

if the problem is here, well, i'm gonna say i took a look at the file and see what 072 say.

No that file is fine and the one from Kimochi too.

 

[icantdefeatmypornaddictio]

quick question, whats the best site to buy hentai, and what to do if your pc gets a bad bad virus? like pay for bitdefender, but what if shit goes down? is my whole pc just dead and i have to throw it out or can i just factory reset reinstal windows clean and its fixed even if i lose all my stuff

or do i have to turn pc off and throw the ssd away and buy a new one?

 

[khallyl]

No that file is fine and the one from Kimochi too.

gonna upload this one or kimochi then(maybe already did)? oh and in a way good to know the origin is fine and this was just some asshole altering the files.

 

[Bob69]

gonna upload this one or kimochi then(maybe already did)? oh and in a way good to know the origin is fine and this was just some asshole altering the files.

Like always this was not the only case, we are constantly under attack. Catching most of them but those 2 slipped through sadly.

 

[_raisin]

This is not a false alarm, that's for sure. Other infected games behave in the same way - they download an infostealer, which in turn steals your data (logins and passwords). There is a whole thread about this here. Everyone who downloaded and launched the game should run a full scan, especially of the %appdata% folder. It's best not to launch the game anymore and wait until a clean version is released. Information about the virus

You must be registered to see the links

(at the end, how to remove it). Since it steals passwords, you may need to change your passwords and enable 2FA.

Yet another reminder to ALWAYS sandbox everything you download from here.

 

[StapleComm]

Yet another reminder to ALWAYS sandbox everything you download from here.

I always rawdogged things i got from here and I will continue to do so, if I get my passwords stolen by the virus then so be it!

 

[Lerd0]

I always rawdogged things i got from here and I will continue to do so, if I get my passwords stolen by the virus then so be it!

...based....

 

[Gamerplay]

Hello, i downloaded the game in the timeframe but got lazy and didnt decompress it, am i safe?

 

[Silentce]

Hello, i downloaded the game in the timeframe but got lazy and didnt decompress it, am i safe?

Yes, if you did not run the game you are safe. just delete the compromised files and redownload.

 

[Carl42069180]

holy shit just narrowly dodged the upload window because i was busy doing dumb shit

note to self and everyone else USE VIRUS TOTAL

but fr everyone who thinks they may have gotten infected scan your system like there's no tomorrow better be safe then sorry

 

[Bob69]

note to self and everyone else USE VIRUS TOTAL

Would not have helped tho.

 

[ycbalabala]

Yup, it matches. I assume line 39292 is the malware launching point. It might be able to be removed, but I'm not going to mess with it; I don't have experience on that type of stuff. I'm not finding any leftover folders/files mentioned here in %localappdata%, so it might have run it's course and removed the tracks or gotten blocked. I honestly don't know which it is. I have malwarebytes if someone else has it and knows that it got blocked for them

Spot on!
I don't have any traces of the malware here either despite launching the game. Defender didn't wake up either. I won't be running detailed analysis on it, but for now, I only see this:
- My DNS servers logged abnormal queries. None of them were in any blocklists, but none of them succeeded either. Probably trying to check for a killswitch.
- Game.exe logged an Audit Failure against Windows at the same time (which I can see in the Event Viewer, Windows Logs, Security).
There weren't any additional DNS queries after that. I think I'm safe, but I can never be sure, unfortunately.

Sheesh. I'm really going to have to spin up a VM for F95 games.

 

[fafaqz]

Hi some link download are safe to use ?

 

[Shadow_S_129]

So, seeing what just went down here with this game (Saw the game updated, but was too lazy to even try to DL due to backlog organizing. Don't ask ), this is interesting at the least, and terrifying at the most.

As a Linux user, since I get mixed signals for security as a casual user, what tools could one use if they got compromised? I think I recall reading that Wine could still trigger said malicious code if present, but I don't remember how accurate that is.

Only reason I ask is not cause I got hit, but only as a footnote of knowledge for those not in the Windows ecosystem. Even googling these questions for a Linux answers have given me so many contradicting answers over the years since things change, at least for me.

 

[zertyx23]

How do we know if the malware worked ? Windows defender got a file named Trojan:Win64/LummaStealer!rfn and quarantined it while my google chrome closed automaticly. Quick analyse with windows defender didn't detected anything.

 

[SlidingSubject]

So, seeing what just went down here with this game (Saw the game updated, but was too lazy to even try to DL due to backlog organizing. Don't ask ), this is interesting at the least, and terrifying at the most.

As a Linux user, since I get mixed signals for security as a casual user, what tools could one use if they got compromised? I think I recall reading that Wine could still trigger said malicious code if present, but I don't remember how accurate that is.

Only reason I ask is not cause I got hit, but only as a footnote of knowledge for those not in the Windows ecosystem. Even googling these questions for a Linux answers have given me so many contradicting answers over the years since things change, at least for me.

Just keep your antivirus up to date, since most threats are identified or dealt with relatively quickly. If you're a bit more paranoid, do everything in this thread. If you're even more paranoid, always use a VM first. If you're even more paranoid, write your own custom code to check all files for CVE or known exploits.

 

[ycbalabala]

As a Linux user, since I get mixed signals for security as a casual user, what tools could one use if they got compromised?

If you're on Windows as your primary OS, from what I can gather, not much once you're infected. If the malware and sent your information, well, your browser history, your cookies and your passwords are in the cloud now. Time to kick the malware out of the curb and proceed to change them all.

If you want to prevent infection, see above and keep your antivirus up-to-date. Previous reports claim that Windows Defender blocked the executable from running, so you don't even have to pay out of pocket.

I recall reading that Wine could still trigger said malicious code if present, but I don't remember how accurate that is.

Only reason I ask is not cause I got hit, but only as a footnote of knowledge for those not in the Windows ecosystem. Even googling these questions for a Linux answers have given me so many contradicting answers over the years since things change, at least for me.

Lumma Stealer is going to be looking for things like your browser profile, and your Ethereum wallet - if you're running this within a Wine prefix (which should be sandboxed, but I'm not 100% positive on that), it's either not going to run (because Wine/Proton doesn't implement the Windows APIs that the malware is using), or it's going to run just fine and do... nothing (because you don't have your browser or Ethereum wallet running inside that Wine prefix, unless you're particularly weird), or it will panic-kill itself because it detected it's running in a sandbox.

Of course, there may be evolved malware that can break through a Wine prefix and nab what's in /home/ for itself, at least in theory, but I've never seen one in the wild yet.

 

[randomporngamer]

Quick question were the Old MLT files infected?