RPGM Completed Breeding City Welcomes you [v1.0.1] [meteo.H]

[TempestLaaL]

actually yeah, now i'm gonna have a hard trusting it even if those two antiviruses in the image above are garbage

i'd check myself... if i knew how...

 

[damek]

I think I'm in the clear, but in a different way. I think I got lucky it didn't actually download final virus.

I did several full scans and didn't detect anything, and so far nothing detects the virus.

I do have the files in "C:\Users\<username>\AppData\Local\MySupergame", but it's a different trojan:
View attachment 5169634
(ignore the DLLxyz, it's just me being stupid trying to rename extensions so that it won't trigger the virus while I'm scanning)

DLL is infected, but not the exe.

My guess is that it does this first, and then eventually downloads the virus that others experienced after a while.

This is the same file my AV bonked, but someone in the main malware thread said that it could possibly still be a problem. Something about the virus being the exe installing the loggers (they were installed, hence the \mysupergame and other files existing), but the outgoing bit getting caught before it gets sent out to mcshitstain virus guy.

"The virus sends the collected information at the very end, and there is hope that it did not manage to do so and its activity was intercepted by the antivirus, but I would not count on it too much. There was a case described here where the virus deleted itself (or something like that) after completing its work, so in your case, it may not have completed its work properly."
-colobancuz

Which may or may not imply it's either the deletion or the send-out. I'm just not sure what to think or how hard it's worth going. Either way, reset your passwords and enable 2FA on everything for the time being at the very least.

 

[damek]

View attachment 5170125 uh im dumb when it comes to these things but, this is bad right?

as long as you haven't unpacked the zip and run the game, you should be fine to just delete the 7z. supposedly

 

[PokemonMan66]

Shit. Yeah. I downloaded the infected file, played for 5 or so hours, went to bed, booted it up again today and Eset caught a weird thing being sent through powershell (windows' file explorer or edge, I guess). Thought it was weird but whatever. Then, I checked this thread for the walkthrough cuz I like 100%ing games, only to find this out. Checked my SHA and my stomach dropped. Checked Eset's logs, and sure as shit, the interception linked back to (and was cleaned by Eset) the aforementioned "C:\Users\<username>\AppData\Local\MySupergame" file.

It seems like it also installed a fake file in "C:\Users\<username>\AppData\Local\Breeding City Welcomes You!" and in that folder's default folder(shown below), it just lists all the shit it was collecting in an unknown file format. I can't remember which, but one folder had some ini that seemed to look like the game's. In addition to deleting MySupergame, you should probably check for this file and delete it too, because it might still be logging your shit regardless of which version you download after the fact.


View attachment 5168528
Maybe it only runs the send-off of what it collects on the second time you play the game? Eset hasn't really ever not caught something like this before for me, especially for what I think is an unfortunately fairly common virus nowadays. Perhaps the first time you open the game is when it installs the above fake files and opening it a second time runs the ini in them? Hopefully? Either way, that's insidious as fuck.

Regardless, I just deleted those folders and am scanning through anything in appdata that doesn't seem kosher, and resetting my important passwords, but the cached ones that are saved in my browser or like steam that I didn't manually access should be fine, right? I'm kinda freaking out about that rn tbh. Anyone here know how that virus actually functions?

I just wanted to play my stupid little porn game, man.

EDIT: Found another file with basically the same stuff in it: "C:\Users\<username>\AppData\Local\User Data".
EDIT 2: AND ANOTHER TWO. "C:\Users\<username>\AppData\Local\w8i225jz" and "C:\Users\<username>\AppData\Local\zfefsooa". Man, whoever wrote this was persistent. I've only just gone through local so far, I'm getting somehow even more annoyed.
miniedit: Nothing in AppData\LocalLow so far. Will update again after I go through roaming.
Final Edit: Nothing in Appdata\Roaming either. Looks like these were limited to Local. Still frustrating. Good luck out there. Really hoping that the only time it sent out what it logged was after running the game a second time.

How the hell do I have three antiviruses and still have all these suspicious files as if nothing happened?

This is what I get for being cheap.

 

[100kgWife]

i couldn't find any MySuperGame files and i deleted the game like 1 or less than 5 minutes in, am i safe?

 

[PokemonMan66]

I found it as "mygame" but what I had was the same as Damek's screenshot.

 

[I just want lewds]

i couldn't find any MySuperGame files and i deleted the game like 1 or less than 5 minutes in, am i safe?

assuming you didn't run the game, yes, if you did run the game then scan your gosh darn pc my guy

 

[100kgWife]

assuming you didn't run the game, yes, if you did run the game then scan your gosh darn pc my guy

fuck i just wanted to play a porn game in my list

 

[Daddums]

This is the same file my AV bonked, but someone in the main malware thread said that it could possibly still be a problem. Something about the virus being the exe installing the loggers (they were installed, hence the \mysupergame and other files existing), but the outgoing bit getting caught before it gets sent out to mcshitstain virus guy.

"The virus sends the collected information at the very end, and there is hope that it did not manage to do so and its activity was intercepted by the antivirus, but I would not count on it too much. There was a case described here where the virus deleted itself (or something like that) after completing its work, so in your case, it may not have completed its work properly."
-colobancuz

Which may or may not imply it's either the deletion or the send-out. I'm just not sure what to think or how hard it's worth going. Either way, reset your passwords and enable 2FA on everything for the time being at the very least.

I was under the impression this doesn't clean up after itself. Also the files in Breeding City Local are in some others, they read NUL a lot, but fuck if I know why.

EDIT: Deep scanned with MalwareBytes and Defender, didn't find anything. I wish I could find a command to look up file history when it's turned off.

 

[100kgWife]

assuming you didn't run the game, yes, if you did run the game then scan your gosh darn pc my guy

I think im fine now, i had malwarebytes scan and quarantine it alr? Hope it didn't get anything cuz i only ran that shit like for 30 secs

 

[Copy.Cat]

Hello fellow Fappers,
I am saying this from own experience now.... that even if you delete the file , if it has been for 2 days like in my case it already starting to do it's curse.

So..... change ALL passwords you got for good measure and monitor further if you noticed any activity.
After I deleted and quarantined the game with MalwareByte and Windows Defender , around 3 hours after that my IG account got hacked in the process by a bot (supposedly due to this Malware), and started posting random shit and preventing access. Recovered account , changed passwords and sent it to deletion.
Do the needful .... before it escalates further unnoticed.

 

[centrifugal]

I found it as "mygame" but what I had was the same as Damek's screenshot.

I have the mygame folder but nothing like the screenshot.
should I delete it?

 

[adwawadaw]

Shit. Yeah. I downloaded the infected file, played for 5 or so hours, went to bed, booted it up again today and Eset caught a weird thing being sent through powershell (windows' file explorer or edge, I guess). Thought it was weird but whatever. Then, I checked this thread for the walkthrough cuz I like 100%ing games, only to find this out. Checked my SHA and my stomach dropped. Checked Eset's logs, and sure as shit, the interception linked back to (and was cleaned by Eset) the aforementioned "C:\Users\<username>\AppData\Local\MySupergame" file.

It seems like it also installed a fake file in "C:\Users\<username>\AppData\Local\Breeding City Welcomes You!" and in that folder's default folder(shown below), it just lists all the shit it was collecting in an unknown file format. I can't remember which, but one folder had some ini that seemed to look like the game's. In addition to deleting MySupergame, you should probably check for this file and delete it too, because it might still be logging your shit regardless of which version you download after the fact.


View attachment 5168528
Maybe it only runs the send-off of what it collects on the second time you play the game? Eset hasn't really ever not caught something like this before for me, especially for what I think is an unfortunately fairly common virus nowadays. Perhaps the first time you open the game is when it installs the above fake files and opening it a second time runs the ini in them? Hopefully? Either way, that's insidious as fuck.

Regardless, I just deleted those folders and am scanning through anything in appdata that doesn't seem kosher, and resetting my important passwords, but the cached ones that are saved in my browser or like steam that I didn't manually access should be fine, right? I'm kinda freaking out about that rn tbh. Anyone here know how that virus actually functions?

I just wanted to play my stupid little porn game, man.

EDIT: Found another file with basically the same stuff in it: "C:\Users\<username>\AppData\Local\User Data".
EDIT 2: AND ANOTHER TWO. "C:\Users\<username>\AppData\Local\w8i225jz" and "C:\Users\<username>\AppData\Local\zfefsooa". Man, whoever wrote this was persistent. I've only just gone through local so far, I'm getting somehow even more annoyed.
miniedit: Nothing in AppData\LocalLow so far. Will update again after I go through roaming.
Final Edit: Nothing in Appdata\Roaming either. Looks like these were limited to Local. Still frustrating. Good luck out there. Really hoping that the only time it sent out what it logged was after running the game a second time.

shout out to this guy for posting his findings and helping us all

 

[Rink0956]

Hello fellow Fappers,
I am saying this from own experience now.... that even if you delete the file , if it has been for 2 days like in my case it already starting to do it's curse.

So..... change ALL passwords you got for good measure and monitor further if you noticed any activity.
After I deleted and quarantined the game with MalwareByte and Windows Defender , around 3 hours after that my IG account got hacked in the process by a bot (supposedly due to this Malware), and started posting random shit and preventing access. Recovered account , changed passwords and sent it to deletion.
Do the needful .... before it escalates further unnoticed.

Can confirm, that the game (or MLT, idk) has some stealer in it. I have the same situation - launched game yesterday, deleted suspicious folder, sleept, and today i'm looking with the pikachu face on my stolen IG account. I hope it will be only IG, but I've already changed passwords
But I am waiting for support answer. Change your account passwords NOW. Enable 2FA and make clean windows install.

 

[H4CK3RJCTT]

EDIT: 2028-08-20 MALWARE ADVISORY -
If you downloaded the game from F95, or from someone who shared the same source, the game (ZIP SHA256: 10AFACB6CB6BBC7ADA46D70DFB91EB9555238D52B5E5F7EA73DC998486B05923) is equipped with the Lumma Stealer malware thats doing the rounds right now. Check this thread's OP for up-to-date information.
I know you're coming here because you either searched for a walkthrough or someone linked you here, but be careful, as it was also spotted in other RPG Maker and python/Ren'py games shared on F95.

All information below is for the MTL, and uses the MTL names. The official 072 version fixed the missing naked menu option.

Original post:
I can't unlock the menu option either, for some reason. Even with the former number 1 giving it to me. [EDIT: This was a bug in the MTL, documented later in the thread, 072 works fine]
Here's a very quick of the areas/girls from my notes:

Notes:

• "Repeat" means "come back tomorrow at the same time".
• Hours are not all strict, most of them are actually ranges. Check the girl's entry in the menu.
• To get points, and raise your rank, come in/on the girls you come across at least once per sex session. I don't know if coming more than once in the same sex session wil increase it further.
• Impregnation is a fixed 25% chance after coming in/on a girl, evaluated once at tne end of the sex session (so coming multiple times won't do anything).
• Pregnancy doesn't actually do anything beyond increasing the daily money you get, and increasing a counter in the girl menu.

Areas always available:

• Tanena Station (05:00-10:00)
• Seeding center (09:00-20:00)
• Apartment (always open)
• TANEON (10:00-22:00)
• Seikou Mart (always open)
• Seikou Girls' School (08:00-20:00)

Unlocked areas:

• Coin parking (always open): Blue NPC at Seikou Mart, 20:00, or Blue NPC at TANEON, 12:00-14:00, 16:00
• Samway (08:00-00:00): Girl at Tanena Station 15:00
• Pleasure CLUB Internet Cafe (always open): Purple NPC at Samway, 16:00
• City Hotel (Bar) (17:00-00:00): Yoshino at Seikou Mart, 08:00 (repeat)
• Shrine (always open): Mei at Seikou Girls' School, 17:00, then Coin Parking, 18:00 (repeat both until you get a message)
• School gymnasium and Classroom (08:00-20:00): Mei at Shrine, 07:00, then School, 16:00, talk to the receptionist
• Library (09:00-20:00): Shiori at School, 16:00
• VIPECHO (13:00-07:00): Blue NPC at Library, 17:00
• Tanena Onsen (06:00-23:00): Marika and Noa at School Gymnasium, 16:00 (repeat)
• Yamataneya (10:00-20:00): Shiori at Library, 18:00 (repeat)
• Tanabe Shinsui Park (always open): Shiori at Yamataneya, 17:00, with gacha cow n°7
• Bus (06:00-23:00): Blue NPC at Yamataneya, 15:00, or Red NPC at Pool, 13:00
• Taneda Cafe (06:00-22:00): Yuna at Library, 15:00 (repeat), then wait until she messages you next day at 18:00
• Izumi's apartment: Yuna at Taneda Cafe, 18:00
• Pool (09:00-22:00): Meet Yoshino and Momoko, then check on both at Samway, 12:00 (repeat)

Main girls (in menu order, top to bottom first):

• Ruka: Samway, 21:00(repeat); Classroom, 15:00; advance, go to sleep and wait for message, then Taneda Cafe, 20:00 (repeat), wait for message, then Tanabe Shinsui Park, 23:00, then Taneda Cafe, 20:00
• Shiori: School, 16:00; Classroom, 15:00; Library, 18:00 (repeat); Yamataneya, 17:00, with gacha cow n°7
• Mei: Seikou Girls' School, 17:00, then Coin Parking, 18:00 (repeat) to unlock Shrine, then Shrine, 07:00
• Kotomi: Samway, 09:00 (part-time job), City Hotel (Bar), 18:00 (part-time job), Tanena Onsen, 14:00 (part-time job), then go back home, then come home at 12:00
• Nanae: Pleasure CLUB, 14:00, VIPECHO, 16:00; TANEON purikura, 19:00; then Pleasure CLUB, 14:00 with a Game console from the prize machine, then home, 23:00
• Chiho: School, 12:00; Shrine, 17:00; TANEON, 18:00; Tanabe Shinsui Park, 19:00; Tanena Onsen, 20:00; Repeat until she gives you the questionnaire; go to sleep; go home; then home, 18:00
• Momoko: Tanena Station 15:00, then Samway, 12:00 (with Yoshino) (repeat), then Pool, 21:00
• Yoshino: Seikou Mart, 08:00, meet multiple times to unlock City Hotel (Bar), then City Hotel (Bar), 22:00, then Samway, 12:00 (with Momoko), repeat, then again after getting Momoko
• Noa and Marika: School gymnasium, 16:00 (repeat), then Tanena Onsen, 19:00, VIPECHO, 17:00
• Izumi: Talk to her (e.g. clinic 10:00) to add her, then progress Yuna, then Izumi's apartment
• Yuna: Library, 15:00 (repeat), wait until she messages you, then Taneda Cafe, 18:00, then Izumi's apartment

Other girls (in menu order, top to bottom first):

• Kasumi and Kurumi: Tanena station, 12:00
• Suzuko and Seika: After fucking Yukari and Sumire, go to sleep, then go to the Seeding center clinic, then go to sleep and come back again
• Chihiro and Tae: Shrine during the morning after getting 2nd place,
• Haruka, Nozomi and Natsu: Bus, 17:00; come back again later for Nozomi, then come back twice after Haruka and Nozomi
• Mao and Mio: Pool, 17:00, check on them again once you have all 8 Hearts
• Sayaka and Aki: Seikou Mart, 15:00-18:00, repeat three times,
• Asako-sensei: After getting 2nd place, get a message from Seikou Girls' School, then school receptionist, then school gymnasium, 14:00
• Konomi and Shion: Tanabe Shinsui Park, 13:00; get all 7 gacha cows, then come back
• Manami, Akane and Yukiko: Pleasure CLUB Internet Cafe, 00:00
• Ruri and Yuri: TANEON purikura, 20:00-22:00, come back many times after getting high enough (5th/4th or above?)
• Yukari and Sumire: Coin parking, 00:00
• Anonymous 1, 2 and 3: Seeding center/Seeding room, 09:00, 13:00 and 19:00 respectively

Hearts:

• Pleasure CLUB 17:00
• VIPECHO 23:00
• Taneda Cafe 11:00
• Pool 13:00
• Library, 10:00

Some other optional scenes not mentioned:

• Classroom 15:00 after fucking Mei (with Ruka and Shiori joining when unlocked)
• Tanena Station 09:00 after fucking Izumi
• Apartment 20:00 after fucking Kotomi, Nanae and Chiho

Hey did you recommend me to install the exact game but in ryuu games? i heard that version is free stealer

 

[Marphey]

Hello fellow Fappers,
I am saying this from own experience now.... that even if you delete the file , if it has been for 2 days like in my case it already starting to do it's curse.

So..... change ALL passwords you got for good measure and monitor further if you noticed any activity.
After I deleted and quarantined the game with MalwareByte and Windows Defender , around 3 hours after that my IG account got hacked in the process by a bot (supposedly due to this Malware), and started posting random shit and preventing access. Recovered account , changed passwords and sent it to deletion.
Do the needful .... before it escalates further unnoticed.

Fucking hell man. I guess this is what we get for being pirates lol.

 

[ElieCobit]

Hello Guys,
I just falled victim of the virus too.
Since this afternoon, I had my Instagram account hacked (got it back), and someone managed to connect from hong kong to my steam without me validating AdGuard. I don't know if they tried anything else but that wouldn't surprise me.

They don't only target cryptos.

If you downloaded the game before the patched version, change ALL your passwords, yeah it will be long, I'm already 5h deep in it, but better safe than sorry.
If your credit card details are also stored in your browser, I'd suggest changing it too.

 

[varanmaaaa]

Just to be extra clear, it's just the latest updated version thats compromised right? the ones in the time frame on the OP? The Infected files where public from 2025-08-19 T04:16 PM - 2025-08-20 T01:54 PM (GMT). i remember downloading this game earlier in the year before there was english i think, i 100% it and all, when it got changed to the translated version the game got turbofucked? my condolences to fellow pirates...

 

[tacodog]

Just a question regarding instagram but i had an alert for a login only on that and i hadnt even downloaded anything from anywhere. I changed everything and no further issues, was there a chance that IG just had passwords leak or something. just seems odd for IG to be popping up alot in this thread

 

[shmurfer]

Just a question regarding instagram but i had an alert for a login only on that and i hadnt even downloaded anything from anywhere. I changed everything and no further issues, was there a chance that IG just had passwords leak or something. just seems odd for IG to be popping up alot in this thread

could be, but there was actual malware happening here.