RPGM Completed Breeding City Welcomes you [v1.0.1] [meteo.H]

[wolflagang]

Just to be extra clear, it's just the latest updated version thats compromised right? the ones in the time frame on the OP? The Infected files where public from 2025-08-19 T04:16 PM - 2025-08-20 T01:54 PM (GMT). i remember downloading this game earlier in the year before there was english i think, i 100% it and all, when it got changed to the translated version the game got turbofucked? my condolences to fellow pirates...

It literally says current links are fine so no unless mods are jesters

 

[Fuwawalover69]

Shit. Yeah. I downloaded the infected file, played for 5 or so hours, went to bed, booted it up again today and Eset caught a weird thing being sent through powershell (windows' file explorer or edge, I guess). Thought it was weird but whatever. Then, I checked this thread for the walkthrough cuz I like 100%ing games, only to find this out. Checked my SHA and my stomach dropped. Checked Eset's logs, and sure as shit, the interception linked back to (and was cleaned by Eset) the aforementioned "C:\Users\<username>\AppData\Local\MySupergame" file.

It seems like it also installed a fake file in "C:\Users\<username>\AppData\Local\Breeding City Welcomes You!" and in that folder's default folder(shown below), it just lists all the shit it was collecting in an unknown file format. I can't remember which, but one folder had some ini that seemed to look like the game's. In addition to deleting MySupergame, you should probably check for this file and delete it too, because it might still be logging your shit regardless of which version you download after the fact.


View attachment 5168528
Maybe it only runs the send-off of what it collects on the second time you play the game? Eset hasn't really ever not caught something like this before for me, especially for what I think is an unfortunately fairly common virus nowadays. Perhaps the first time you open the game is when it installs the above fake files and opening it a second time runs the ini in them? Hopefully? Either way, that's insidious as fuck.

Regardless, I just deleted those folders and am scanning through anything in appdata that doesn't seem kosher, and resetting my important passwords, but the cached ones that are saved in my browser or like steam that I didn't manually access should be fine, right? I'm kinda freaking out about that rn tbh. Anyone here know how that virus actually functions?

I just wanted to play my stupid little porn game, man.

EDIT: Found another file with basically the same stuff in it: "C:\Users\<username>\AppData\Local\User Data".
EDIT 2: AND ANOTHER TWO. "C:\Users\<username>\AppData\Local\w8i225jz" and "C:\Users\<username>\AppData\Local\zfefsooa". Man, whoever wrote this was persistent. I've only just gone through local so far, I'm getting somehow even more annoyed.
miniedit: Nothing in AppData\LocalLow so far. Will update again after I go through roaming.
Final Edit: Nothing in Appdata\Roaming either. Looks like these were limited to Local. Still frustrating. Good luck out there. Really hoping that the only time it sent out what it logged was after running the game a second time.

So I had the C:\Users\<username>\AppData\Local\zfefsooa file on my PC and yet it was created on 5/12, so does that mean that another file was infected on this site or is this a false positive? I'm not sure what the file was, so I deleted it, but so far, I have not had any attempts to breach my accounts. Also, I downloaded this game back in July, not August, so I assume it was safe then if the mods are to be believed. I'm wondering if anyone else has found this file and if there were more infected games or if this isn't something to worry about.

 

[shmurfer]

So I had the C:\Users\<username>\AppData\Local\zfefsooa file on my PC and yet it was created on 5/12, so does that mean that another file was infected on this site or is this a false positive? I'm not sure what the file was, so I deleted it, but so far, I have not had any attempts to breach my accounts. Also, I downloaded this game back in July, not August, so I assume it was safe then if the mods are to be believed. I'm wondering if anyone else has found this file and if there were more infected games or if this isn't something to worry about.

If you download a bunch of games on this site, have a look in \local\ for game names you recognise, and check if they have similar userdata\default folders. I think this folder in particular is a false flag, or the uploader uses a common library to get this data, but then uploads it. I've got a bunch of these files, one random letters folder like that, and a bunch of other games with recognizable names. Common thread I'm seeing so far is it tends to be rpgmaker games.

 

[Sinfall]

I havent had any login attempt on any accounts, to be fair i only use this PC for games and i dont have social media.

Maybe i got filtered because im from Latam, which would be hilarious and kinda rude at the same time.

 

[Mrezo]

I havent had any login attempt on any accounts, to be fair i only use this PC for games and i dont have social media.

Maybe i got filtered because im from Latam, which would be hilarious and kinda rude at the same time.

Same. I've spent the day resetting passwords and full scanning, but found no unusual activities. I don't have IG though.

Good exercise to refresh security, and I found things I've been lax on.

 

[anotherAccount789]

I know OP already says current links are fine, but has anyone ran the game using the current links yet? Only see posts talking about the malware that was in it before.

 

[soundengineer]

I think im fine now, i had malwarebytes scan and quarantine it alr? Hope it didn't get anything cuz i only ran that shit like for 30 secs

How long it's run for doesn't matter. Because the moment you run it, it executes the bad exe. What matters is when you ran it. If it was after the 20th (your time), the virus did its job.

This isn't the 5 second rule when you drop a fucking french fry on the floor and it's still good because the germs didn't get to it yet my guy lol

 

[Deleted member 7851459]

All the publishers games on here are sus

 

[loverlove]

i need help with something

 

[T4t0rt]

Guys, how i can get the console for Nanae?

 

[cooperdk]

FFS! WE NEED NEW TAGS!!!

Yes, some of us wrote that about seven years ago, too. It feels like the mods/admins only add their own kinks.

 

[EstrangeNS]

I'm confused... Is this really the translation from 072Project? It's terrible.

 

[dehope]

Guys, how i can get the console for Nanae?

taneon in claw machine

 

[yocuandoelpepeetesech]

I downloaded the game during the time the malware was in the program, opened it for about 5 minutes, and closed it. Today I found out about the lummastealer and checked my files. I didn't find "mysupergame" or the other files mentioned, and Kaspersky and Malwarebytes say there's nothing after a full scan. Obviously, there are no attempts to log into my Instagram, Steam, Gmail, crypto wallets, etc. I should mention that I downloaded the game about 10 minutes after the link with the virus was published, so it's been several days of normal computer use. Because of this, it appears that the malware actually installs after a certain amount of time in the game.

 

[MetalKamen]

Might be a stupid question (actually 100% is, but better to be safe than sorry), but if one downloaded the game after the warning was already put on the page, then all the links were fine as the warning says and there's no risk of infection correct? So the game is currently utterly safe to download?

 

[Sosisochka]

Shit. Yeah. I downloaded the infected file, played for 5 or so hours, went to bed, booted it up again today and Eset caught a weird thing being sent through powershell (windows' file explorer or edge, I guess). Thought it was weird but whatever. Then, I checked this thread for the walkthrough cuz I like 100%ing games, only to find this out. Checked my SHA and my stomach dropped. Checked Eset's logs, and sure as shit, the interception linked back to (and was cleaned by Eset) the aforementioned "C:\Users\<username>\AppData\Local\MySupergame" file.

It seems like it also installed a fake file in "C:\Users\<username>\AppData\Local\Breeding City Welcomes You!" and in that folder's default folder(shown below), it just lists all the shit it was collecting in an unknown file format. I can't remember which, but one folder had some ini that seemed to look like the game's. In addition to deleting MySupergame, you should probably check for this file and delete it too, because it might still be logging your shit regardless of which version you download after the fact.


View attachment 5168528
Maybe it only runs the send-off of what it collects on the second time you play the game? Eset hasn't really ever not caught something like this before for me, especially for what I think is an unfortunately fairly common virus nowadays. Perhaps the first time you open the game is when it installs the above fake files and opening it a second time runs the ini in them? Hopefully? Either way, that's insidious as fuck.

Regardless, I just deleted those folders and am scanning through anything in appdata that doesn't seem kosher, and resetting my important passwords, but the cached ones that are saved in my browser or like steam that I didn't manually access should be fine, right? I'm kinda freaking out about that rn tbh. Anyone here know how that virus actually functions?

I just wanted to play my stupid little porn game, man.

EDIT: Found another file with basically the same stuff in it: "C:\Users\<username>\AppData\Local\User Data".
EDIT 2: AND ANOTHER TWO. "C:\Users\<username>\AppData\Local\w8i225jz" and "C:\Users\<username>\AppData\Local\zfefsooa". Man, whoever wrote this was persistent. I've only just gone through local so far, I'm getting somehow even more annoyed.
miniedit: Nothing in AppData\LocalLow so far. Will update again after I go through roaming.
Final Edit: Nothing in Appdata\Roaming either. Looks like these were limited to Local. Still frustrating. Good luck out there. Really hoping that the only time it sent out what it logged was after running the game a second time.

After seeing all this information about the virus, I felt one place shrink. After 3-4 days. I don't remember exactly when I downloaded the game. During the virus period or not. But I started it exactly during this period for 2 hours. I didn't have a MySupergame folder. Have I escaped a bad fate? But I found a similar folder as in this message and deleted it.

 

[lnomsim]

I'm confused on how to clean my computer, I had the infected file, I had the directory My super game in appdata, I deleted all that, no weird .exe file though.

I ran a complete scan from multiple antivirus and they didn't detect anything. how can I know if I have bad files to remove?
I saw that someone had some weird folders with infected files on their computer, I don't have those.

Fortunately, i don't have any password stored on my computer, and i hadn't to log in anywhere since I launched the game, but I would like to be sure the computer is safe before doing anything.

 

[Ragnir7798]

Does someone have the location of all stamina UPS? monstly because im stuck on 7 and the int is look at the black box at dusk

 

[ToasterReiz]

I'm confused on how to clean my computer, I had the infected file, I had the directory My super game in appdata, I deleted all that, no weird .exe file though.

I ran a complete scan from multiple antivirus and they didn't detect anything. how can I know if I have bad files to remove?
I saw that someone had some weird folders with infected files on their computer, I don't have those.

Fortunately, i don't have any password stored on my computer, and i hadn't to log in anywhere since I launched the game, but I would like to be sure the computer is safe before doing anything.

If you ever select "Remember me" in any login, the virus could steal your browser cookies and login that way, even if you never login since then nor store any password

 

[FinalZero]

wow this game is danger why they keep it not remove it yet ?