Ya I found it alarming in this instance as I've installed so many Ren'Py games over the last couple of years, and this is the first time I ever had one of the files get flagged. And I think it was a week or two back another member had mentioned coming across an infected file at one of the other file hosters (for a different game) so as soon as I saw that flag, I blew away the .zip that was downloaded and all decompressed files and then downloaded from another source.
I usually aim for torrents from places like RPDL but this one was struggling to find seeders last night so that's what led me to trying the fixed download sources for a change.
I have seen similar reports about Ren'Py games mostly, but in the past also RPGM and Unity games, several reports per year that I have personally read and answered to.
Pretty much all of them false flagged by Windows Defender, a few by Malwarebytes and then maybe some other AV's like Avira and Avast.
Since I joined F95,
only one report of those I've seen was correct and the file linked here in this case
was not uploaded by our dedicated uploaders and wasn't posted in the OP of a thread. I don't remember details any more, but it was downloaded from svscomics and reposted here in good faith.
In all other cases a simple check of the suspected file on
You must be registered to see the links
has proved it to be a false positive and completely safe.
Windows Defender false flagging executable files and even random plain text files of Ren'Py and other indie game engines is a
well known problem. A simple search on this forum for words like "trojan" or "virus" or "false positive", "windows defender" or "malwarebytes" will give you a lot of similar cases. Personal experience of one person (including myself) is just not good enough to draw conclusions. I'm just saying that I've seen many similar reports before and links in the OP are checked and so far proved to be safe.
Just "for fun" I downloaded the file from Racaty:
ChasingSunsets-0.5b.zip
MD5: 473E2F205A31FBB4B2E3EBF52E0E5879
SHA-256: DDA608E1038D43FAACB1FEB00BB5755B088DBB98D94F5EC7C5E411BB85106BAB
And compared both launcher exe files "Chasing Sunsets.exe" and "Chasing Sunsets-32.exe" with the ones from the previous release of v0.5 I downloaded from MEGA when it was released a while back. The files were identical. That alone should already be enough.
I also added file hashes sha256 and md5, so anyone can verify and compare with their own results, that these are in fact the same files.
Bash:
user@pc:/cygdrive/z/tmp/ChasingSunsets-0.5b-pc-to-check/ChasingSunsets-0.5b-pc$ diff -s "Chasing Sunsets.exe" "../../ChasingSunsets-0.5/Chasing Sunsets.exe"
Files Chasing Sunsets.exe and ../../ChasingSunsets-0.5/Chasing Sunsets.exe are identical.
user@pc:/cygdrive/z/tmp/ChasingSunsets-0.5b-pc-to-check/ChasingSunsets-0.5b-pc$ diff -s "Chasing Sunsets-32.exe" "../../ChasingSunsets-0.5/Chasing Sunsets-32.exe"
Files Chasing Sunsets-32.exe and ../../ChasingSunsets-0.5/Chasing Sunsets-32.exe are identical
user@pc:/cygdrive/z/tmp/ChasingSunsets-0.5b-pc-to-check/ChasingSunsets-0.5b-pc$ openssl dgst --sha256 "Chasing Sunsets.exe"
SHA256(Chasing Sunsets.exe)= 2134340d7701da114a757b38810829f658f144ed98db652d9d3e65f3c6214292
user@pc:/cygdrive/z/tmp/ChasingSunsets-0.5b-pc-to-check/ChasingSunsets-0.5b-pc$ openssl dgst --sha256 "Chasing Sunsets-32.exe"
SHA256(Chasing Sunsets-32.exe)= c75626d183eb9cb097e703b7c59fa809d42b6c2aef5c501555c505993a27bcf0
user@pc:/cygdrive/z/tmp/ChasingSunsets-0.5b-pc-to-check/ChasingSunsets-0.5b-pc$ openssl dgst --md5 "Chasing Sunsets.exe"
MD5(Chasing Sunsets.exe)= 75f8daac899ae771b4da3dcad3f9bc66
user@pc:/cygdrive/z/tmp/ChasingSunsets-0.5b-pc-to-check/ChasingSunsets-0.5b-pc$ openssl dgst --md5 "Chasing Sunsets-32.exe"
MD5(Chasing Sunsets-32.exe)= 9d6434b940c49beed37f7633bad7fc04
user@pc:/cygdrive/z/tmp/ChasingSunsets-0.5b-pc-to-check/ChasingSunsets-0.5b-pc$
Virustotal results for "Chasing Sunsets.exe" are:
You must be registered to see the links
A clean slate even by Jiangmin, the king of false positives.
And "Chasing Sunsets-32.exe":
You must be registered to see the links
The last one was flagged by Jiangmin and SecureAge APEX (No idea about that one). That's 2 of 69, one of them well known for false positives.
This is a typical result for all the virus reports of Ren'Py games. Windows Defender can not be trusted when it says that something is malicious. You need "an alternative opinion", best to get 69 of them from Virustotal.
