RPGM Completed Breeding City Welcomes you [v1.0.1] [meteo.H]

[Hitman Kazama]

I downloaded the infected game zip but never extracted or ran it, so I'm good right?

It doesn't matter if you extract it, as long as you haven't played it nothing happens, it's when you play it that it starts

 

[calpz]

Fuck, I wouldn't have known if I didn't come back for the walkthrough.
I didn't get the defender flag up, should I still assume I got logged?

 

[IHaveNoIdea1]

No...
I don't remember when i dowloaded it, except it was 19/08.... I definitely launched it after 04 : 16 pm but i don't remember if i downloaded it before that time....
I have already deleted all files related to this game and also this "MySuperGames"in appdata/Local that someone mentionned and i'm doing a full scan

 

[pokiestick]

No...
I don't remember when i dowloaded it, except it was 19/08.... I definitely launched it after 04 : 16 pm but i don't remember if i downloaded it before that time....
I have already deleted all files related to this game and also this "MySuperGames"in appdata/Local that someone mentionned and i'm doing a full scan

It sounds like if you have that directory of MySuperGames then assume you were compromised.

 

[I just want lewds]

I ran the game but I barely got through the starting dialogue cause I had things to do, never got any detects and I checked my appdata folder and didn't find anything, did a full scan, found nothing, what are the odds that nothing had the time to download and I'm in the clear

AGAIN, is there a chance that I did not run the game for long enough to download the aforementioned virus, I am sure I downloaded the infected game, but a full scan didn't give me anything, and I don't have the "mysupergame" folder in my appdata, I checked for any new exes in my appdata folder and haven't found anything, already full scanned, is there a chance I'm in the clear

 

[Mrezo]

Same. I came looking for a walkthrough only to find that the zip was infected. AV didn't detect it (scanned zip or running), and mysupergames folder is there. Doing full scans now.

I do see some errors in event viewer and if it's tied to edge there's a chance it didn't download the virus. I don't know what is that exe in mysupergames, but windows defender did not detect it as the virus.

 

[shmurfer]

Same. I came looking for a walkthrough only to find that the zip was infected. AV didn't detect it (scanned zip or running), and mysupergames folder is there. Doing full scans now.

I do see some errors in event viewer and if it's tied to edge there's a chance it didn't download the virus. I don't know what is that exe in mysupergames, but windows defender did not detect it as the virus.

If you have the directory I'd assume you're compromised. Way too close for comfort.

 

[Mrezo]

If you have the directory I'd assume you're compromised. Way too close for comfort.

I agree. I don't understand why my version of windows defender does not detect it. The computer is offline and will go through deeper scans and cleanup. Resetting passwords as well even though I don't save passwords, but I assume they got the browser cache.

 

[Daddums]

If you have the directory I'd assume you're compromised. Way too close for comfort.

What if you don't have it but ran an infected copy? I'm scanning regardless and deleted my cache. Changing passwords is a bitch on mobile right now, since it doesn't make sense to change it on desktop until you know it's clean.

 

[Rapist666]

ok so, is it safe now guys? I am kind of a retard when it comes to safety, and I just found out about this from when looking at the walkthrough as I downloaded it.

 

[shmurfer]

What if you don't have it but ran an infected copy? I'm scanning regardless and deleted my cache. Changing passwords is a bitch on mobile right now, since it doesn't make sense to change it on desktop until you know it's clean.

If you don't run the compromised game again and delete the exe you should be fine on cleanup. This isn't something super robust that re-runs on restart or anything. Compromised game connects to internet and downloads a file, then runs the file, that file scoops your data and uploads it. By the time you've found out about the malware it's probably not even running.

If it was something a bit harder to get rid of people would be screaming from the rooftops how you need to disconnect from the internet now, get a specific antivirus onto a USB drive and triple scanning or something until every trace is gone.

ok so, is it safe now guys? I am kind of a retard when it comes to safety, and I just found out about this from when looking at the walkthrough as I downloaded it.

Did you download the infected copy.Look up the hash in the thread for pixl.js and see if you match, maybe look at the directory and see if it exists.

 

[Rapist666]

If you don't run the compromised game again and delete the exe you should be fine on cleanup. This isn't something super robust that re-runs on restart or anything. Compromised game connects to internet and downloads a file, then runs the file, that file scoops your data and uploads it. By the time you've found out about the malware it's probably not even running.

If it was something a bit harder to get rid of people would be screaming from the rooftops how you need to disconnect from the internet now, get a specific antivirus onto a USB drive and triple scanning or something until every trace is gone.




Did you download the infected copy.Look up the hash in the thread for pixl.js and see if you match, maybe look at the directory and see if it exists.

I immediately deleted the downloaded file after reading the walkthrough post, so I didn't really open it up at all.

 

[Daddums]

If you don't run the compromised game again and delete the exe you should be fine on cleanup.

Already did that after verifying since I didn't have the folder or file showing up in appdata. I don't think I'm compromised, but better safe than sorry.

 

[damek]

Shit. Yeah. I downloaded the infected file, played for 5 or so hours, went to bed, booted it up again today and Eset caught a weird thing being sent through powershell (windows' file explorer or edge, I guess). Thought it was weird but whatever. Then, I checked this thread for the walkthrough cuz I like 100%ing games, only to find this out. Checked my SHA and my stomach dropped. Checked Eset's logs, and sure as shit, the interception linked back to (and was cleaned by Eset) the aforementioned "C:\Users\<username>\AppData\Local\MySupergame" file.

It seems like it also installed a fake file in "C:\Users\<username>\AppData\Local\Breeding City Welcomes You!" and in that folder's default folder(shown below), it just lists all the shit it was collecting in an unknown file format. I can't remember which, but one folder had some ini that seemed to look like the game's. In addition to deleting MySupergame, you should probably check for this file and delete it too, because it might still be logging your shit regardless of which version you download after the fact.



Maybe it only runs the send-off of what it collects on the second time you play the game? Eset hasn't really ever not caught something like this before for me, especially for what I think is an unfortunately fairly common virus nowadays. Perhaps the first time you open the game is when it installs the above fake files and opening it a second time runs the ini in them? Hopefully? Either way, that's insidious as fuck.

Regardless, I just deleted those folders and am scanning through anything in appdata that doesn't seem kosher, and resetting my important passwords, but the cached ones that are saved in my browser or like steam that I didn't manually access should be fine, right? I'm kinda freaking out about that rn tbh. Anyone here know how that virus actually functions?

I just wanted to play my stupid little porn game, man.

EDIT: Found another file with basically the same stuff in it: "C:\Users\<username>\AppData\Local\User Data".
EDIT 2: AND ANOTHER TWO. "C:\Users\<username>\AppData\Local\w8i225jz" and "C:\Users\<username>\AppData\Local\zfefsooa". Man, whoever wrote this was persistent. I've only just gone through local so far, I'm getting somehow even more annoyed.
miniedit: Nothing in AppData\LocalLow so far. Will update again after I go through roaming.
Final Edit: Nothing in Appdata\Roaming either. Looks like these were limited to Local. Still frustrating. Good luck out there. Really hoping that the only time it sent out what it logged was after running the game a second time.

 

[shmurfer]

I just wanted to play my stupid little porn game, man.

Did a little test, opening the clean game and making a save asap doesn't create these files. You might be right.

[edit] but then a clicked around and found a few other game folders in my appdata/local that have basically the same things inside of it. It might be a common game dependency.

 

[damek]

Did a little test, opening the clean game and making a save asap doesn't create these files. You might be right.

[edit] but then a clicked around and found a few other game folders in my appdata/local that have basically the same things inside of it. It might be a common game dependency.

Yeah. I was able to find 4 total files that all had the same log-type shit in it. Posted them in the edits. What a fuckin pain in the ass.

 

[shmurfer]

Yeah. I was able to find 4 total files that all had the same log-type shit in it. Posted them in the edits. What a fuckin pain in the ass.

Might be a bit of a false positive at this rate. Other games that have never had any malware complaints have those log files. I'm waiting for a specific folder to reappear that was modified last week before I could guess what it actually is.

 

[H4CK3RJCTT]

Might be a bit of a false positive at this rate. Other games that have never had any malware complaints have those log files. I'm waiting for a specific folder to reappear that was modified last week before I could guess what it actually is.

Oh my god, I installed the game and got a warning from Kaspersky about a Trojan that was removed by them from my system. What do I do? Format it or what?

 

[damek]

Might be a bit of a false positive at this rate. Other games that have never had any malware complaints have those log files. I'm waiting for a specific folder to reappear that was modified last week before I could guess what it actually is.

Oh my god, I installed the game and got a warning from Kaspersky about a Trojan that was removed by them from my system. What do I do? Format it or what?

This guy in the main thread about this virus laid it out pretty simple: https://f95zone.to/threads/recent-malware-infected-games.207437/post-17882227

The affected game only includes a localtime-based downloader for the virus, not the virus itself (most likely the "mysupergame" bullshit). If your antivirus catches it before the trojan downloads, you're good. (Most likely.)

I went down a rabbit hole and couldn't find any issues with my firewall allowing access to anything untoward so all seems well.

Biiiiiig sigh of relief. Whew.

 

[Senm]

Yeah. I was able to find 4 total files that all had the same log-type shit in it. Posted them in the edits. What a fuckin pain in the ass.

How exactly does this work? I started this game without an internet connection and didn't use it after. (Didn't delete it, but didn't use it after it created the file in the location you said)
*"C:\Users\<username>\AppData\Local\Breeding City Welcomes You!"


I noticed a warning about the virus today and deleted the game folder. I also checked the computer with AdwCleaner and AVG; nothing was found.

*Thank you for the info!