If you found the "mysupergame" folder it means that the malware was installed. Best advice, reinstall windows from an external device.
- Thread starter Bob69
- Start date
the link were changed, now it's safe. Check the info in the game's description
So i got the game on 20th on my time and immediately play on that date and finish it, i do get the mysupergame folder and other sus folder when i check this thread on 21st, but didnt open the game again and deleted all the game, download, and the sus folders, and my windows security give me warning about the mysupergame folder, did i need to do more action to remove the threat or im kinda save for now?
Most likely, windows security has stopped the virus from activating when it gave warning. It is rather aggressive like that.
It might be worth it to get a one-time use antivirus (I usually get them from Dr. Web) and have it scan your computer.
From what I understand of other people's comments, it might be worth it to log out of all the sites you're logged in, and then log back in again. Fortunately, most sites don't keep you logged in for too long.
i ran the game and it detects trojans. luckily my pc detected it immediately, it triggers when you open the game and spend a bit of time on it. Even if u deleted "mysupergame" in the appdata, once u launch the game again the trojan will activate again. Is any link even safe on this game? I downloaded in the main f95zone, are links in this thread different?
Word of advice, install a firewall. It doesn't have to be a paid one. I use Windows Firewall Control for example but there are others as well. I'm not sure if I downloaded the infected version or not but most of the games you download will try to connect to the internet, be it renpy, rpg or even unity. I always block those requests using the firewall so even if you do get infected, if said virus can't send any data from your PC it's just a resoursce hog at that point but not an actual threat to your security. Since most of them act as gateways for other malicious code to run if you stop that execution it will also be a lot easier to clean later on.
IMO if you are paranoid, the safest way is to just reinstall window from external USB drive. You can delete drive partition from there and reset from zero.
Should be okay now. I've downloaded a couple of days ago (once during malware, and once right after), and the one after was clean (didn't have the JS lines). If you know how to get SHA256, I would compare it with the above first quote. If it matches, it has the malware.
draxy
Newbie
- Dec 12, 2019
- 42
- 23
- 193
I decided to look into that as i did have similar folders in my appdata and considering the amount of file you had i thought it had to be a false positive, from what i was able to gather with other game who showed the same behavior and people thinking it was a virus too :
"NW.js is an app runtime based on Chromium and node.js"
1. The game is launched through the built-in web browser.
2. The web browser creates a new profile, where it later writes game saves.
so the files here should be remnant of the game built-in web browser and not the data from your own browser (info gotten from
Paradise Overlap thread which isn't infected ( at least i think so ) )
Someone got into my steam and I lost around 15 dollars lmao.
Thankfully I don't do internet banking on this PC.
Thankfully I don't do internet banking on this PC.
I am sitting here at 4 am and thinking do I have the virus or not?
Saw a lot of folders like that but no files that jump out as wrong. the strangest folder is one called mygame but I think its from a legit game, at least thumbnail reminds me of smth. Also did not download any of the known infected games, my AV is defender and free malwarebytes (I cannot purchase premium no matter how much I want to).
Whats the strange file? Name? extension?
To add on to the conversation, I also read up about this to figure out why there are so many folders like this.
Like the person in the other thread mentioned, rpgmaker is made with NW.js, which is based on Chromium and Node.js. Chromium in particular has a User Data folder where it stores info that would be useful for a web browser, which is mentioned in the Chromium documentation:
You must be registered to see the links
Also since Chrome obviously uses Chromium it has its own User Data and Default folders (which the docs mention is also located in Appdata/Local), and have a ton of files and folders, some of which are the same files seen in the other User Data folders that many people are worried about.
Also in the NW.js documentation it mentions where the data path for an NW.js app is located:
You must be registered to see the links
Just like Chromium, it's also located in Appdata/Local which likely means this was inherited from it. However, it has a <name> variable in the file path, which the docs say is located in a package.json manifest. If you look in any rpgmaker game folder where the exe for the game is, there is also a package.json file, and when opened with any text editor, a web browser, or even Notepad, it lists a few name/value pairs. The first in the list is almost always "name", and whatever value it has is what NW.js uses to name the data path.
For example, in some rpgmaker games that I've installed, the "name" value is "rmmz-game", which is probably a default name for rpgmaker MZ projects and explains why I have a rmmz-game folder in my Appdata/Local file path. Most games have empty quotations, which defaults to the file path Appdata/Local/User Data, some have random text which creates the Appdata/Local/<random-text> folder, and some actually have the name of the game, which also explains why game titles are in Appdata/Local.
This is why I don't think the existence of these folders is anything to be worried about, it's just files and folders that are made from rpgmaker games (unless the game was tampered with to include malicious files, like this game was during that time period). Also people worrying about the User Data folder seems to occur every now and then, since this was also brought up in the Daily Lives of My Countryside thread over a year ago.
Also feel free to correct me on any of this, I'm just trying to give myself and others some form of peace regarding these folders.
In addition to deleting MySupergame, you should probably check for this file and delete it too, because it might still be logging your shit regardless of which version you download after the fact.
Which files exactly?
Sinfall
Newbie
- Apr 11, 2021
- 41
- 112
- 157
draxy
Newbie
- Dec 12, 2019
- 42
- 23
- 193