VN Ren'Py Driven Affairs [v0.6] [Naughty Algorithm]

4.30 star(s) 53 Votes
Discussion Reviews (53)
Draakaap23

Draakaap23

Dying is always an option
Donor
Jul 5, 2017
1,166
2,713
Big Daddy said:
Follow up on my last comment. The download is indeed likely malware, and has an additional payload strapped to it. Details:
  • lib folder contains a windows-x86_64 folder, which is NOT found in any other Ren'py install.
    • this file contains a .vbs file, commonly used for launching malware, and a zsync file, a file transfer program (suspicious - trojan)
  • The renpy folder contains:
    • A folder called uguu. A tool for generating flexnet configs. No reason that should be there.
    • a python file named webloader.py - once again, not part of the base renpy installer. There is no reason this game should contain a webloader
I am currently running a malwarebytes scan across my PC. Nothing so far. Furthermore, I've scanned the zip file, the game's folder, and checked various files on virustotal. Virustotal has only throwed flags on the zsyncmake.exe. This is predictable, as I lot of the files I mentioned above are legitimate services, just no reason they should be bundled in with this game.

DO NOT DOWNLOAD THIS GAME. Anyone who has should delete the game files immediately and run a full system scan using their anti-virus of choice and then a second scan using malwarebytes/hitmanPro. Any moderator should immediately take down the links until more details can be provided. It would be highly useful to get a second source for this game, in order to determine if the files can from the developer or were introduced by the uploader/site the uploader ripped from. The uploader's account should also be suspended until the details are worked ouy.
Click to expand...
My Download has those files you mention, they are fine. M$ can detect and remove
You must be registered to see the links
So if if you are using a up to date Windows 7 or newer, you are fine.
You can run an extra manual scan if you have doubts. Always do your own due diligence!
Webloader.py also gets used by other ren'py games, I think they just use it for crap like clicking a (patreon) link on the main menu of a game to launch your browser towards the website.
I used the Nopy link, haven't bothered checking the rest. There is no malware, there is no virus!
You do not need to delete shit or have links taken down because 1 person got a virus, certainly not when they can't even point towards a likely source when tons of other people report NO problems using the same links.

P.s. the vbs script has like 10 lines of script that don't do anything remotely suspicious.
 
  • Like
Reactions: StaalTs and pizz009
JasmineLovesAnal

JasmineLovesAnal

Member
Jan 9, 2019
438
251
Draakaap23 said:
My Download has those files you mention, they are fine. M$ can detect and remove
You must be registered to see the links
So if if you are using a up to date Windows 7 or newer, you are fine.
You can run an extra manual scan if you have doubts. Always do your own due diligence!
Webloader.py also gets used by other ren'py games, I think they just use it for crap like clicking a (patreon) link on the main menu of a game to launch your browser towards the website.
I used the Nopy link, haven't bothered checking the rest. There is no malware, there is no virus!
You do not need to delete shit or have links taken down because 1 person got a virus, certainly not when they can't even point towards a likely source when tons of other people report NO problems using the same links.

P.s. the vbs script has like 10 lines of script that don't do anything remotely suspicious.
Click to expand...
i had panic attack, deleted game, uninstalled windows, destroyed computer and now i live in forest
 
  • Haha
  • Like
Reactions: Chrisdarock19 and STNGRAY
Big Daddy

Big Daddy

Member
Jul 17, 2017
407
936
Draakaap23 said:
My Download has those files you mention, they are fine. M$ can detect and remove
You must be registered to see the links
So if if you are using a up to date Windows 7 or newer, you are fine.
You can run an extra manual scan if you have doubts. Always do your own due diligence!
Webloader.py also gets used by other ren'py games, I think they just use it for crap like clicking a (patreon) link on the main menu of a game to launch your browser towards the website.
I used the Nopy link, haven't bothered checking the rest. There is no malware, there is no virus!
You do not need to delete shit or have links taken down because 1 person got a virus, certainly not when they can't even point towards a likely source when tons of other people report NO problems using the same links.

P.s. the vbs script has like 10 lines of script that don't do anything remotely suspicious.
Click to expand...
Good to get a second opinion. As you mentioned, Windows defender has Trojan:Win32/Tnega!ml in it's database, so that is not the concern here. Furthermore, webloader.py was only a tertiary concern, but your explanation of it's inclusion makes sense, and I should not have included it.

The thing that raised an alarm for me was the windows-x86_64 folder. I have never seen this in any other ren'py game I've worked with, and still can't find another instance of it. The vbs file wasn't the main concern in that folder (the vbs file itself looked harmless as you mentioned, I have deleted the files, but I recall it being a fairly simple and benign prompt. My concern was what it could launch, rather than what the file itself contained). My main concern was the zsyncmake.exe flagged by virustotal that popped up, and was trying to figure out why a remote file transfer package was included in the library. However, After examining the other libaries I found many of the files in the windows-x86_64 cross over with the files contained in the traditional windows-i686 folder expected in a ren'py install. No idea why this one has an extra unique folder, but it is likely perfectly safe. If someone could confirm that the folder is indeed a reference ren'py library that would put this issue to rest for good.

When I was writing the above post, I was jet lagged as all hell and a bit paranoid as my computer was behaving strangely, and I jumped to conclusions rather than digging deeper. I apologize for any panic I caused and undue concern/time it brought on for those involved. Always a good lesson in life to slow down before making an ass out of yourself with a post.
 
  • Like
Reactions: bobby125432
R

R2k22

Member
Jan 15, 2018
132
90
I must say, thats the No1 manga style game :) Thre could be more pictures of those girls, but overall im veeery pleased to play it. Picutresd are amazing. At least. Hope, that develop will take less time to see next chapter. :)
 
R

RedRicker

New Member
Jan 16, 2019
3
38
Don't want to leave a bad review since this game is just getting started. But I hope they add more meaningful dialogue choices. At present we always have 2 choices - one obviously bad, the other obviously good. Art is fantastic
 
  • Like
Reactions: Osamabeenfappin
Big Daddy

Big Daddy

Member
Jul 17, 2017
407
936
Big Daddy said:
Good to get a second opinion. As you mentioned, Windows defender has Trojan:Win32/Tnega!ml in it's database, so that is not the concern here. Furthermore, webloader.py was only a tertiary concern, but your explanation of it's inclusion makes sense, and I should not have included it.

The thing that raised an alarm for me was the windows-x86_64 folder. I have never seen this in any other ren'py game I've worked with, and still can't find another instance of it. The vbs file wasn't the main concern in that folder (the vbs file itself looked harmless as you mentioned, I have deleted the files, but I recall it being a fairly simple and benign prompt. My concern was what it could launch, rather than what the file itself contained). My main concern was the zsyncmake.exe flagged by virustotal that popped up, and was trying to figure out why a remote file transfer package was included in the library. However, After examining the other libaries I found many of the files in the windows-x86_64 cross over with the files contained in the traditional windows-i686 folder expected in a ren'py install. No idea why this one has an extra unique folder, but it is likely perfectly safe. If someone could confirm that the folder is indeed a reference ren'py library that would put this issue to rest for good.

When I was writing the above post, I was jet lagged as all hell and a bit paranoid as my computer was behaving strangely, and I jumped to conclusions rather than digging deeper. I apologize for any panic I caused and undue concern/time it brought on for those involved. Always a good lesson in life to slow down before making an ass out of yourself with a post.
Click to expand...
To close out my above post, windows-x86_64 is a legitimate Ren'py library. The reason it it not seen in other Ren'py downloads is because it was recently added in the newest major release of Ren'py, 7.4.0. Therefore most Ren'py games won't contain it, either because they are older games or the developer has not got around to updating their Ren'py version. As this game was just recently released, it is not surprising to find that it was built on the newest version of Ren'py.

Also obligatory yay, Ren'py supports 64-bit windows lets go!
 
xxxxdave

xxxxdave

Member
Feb 13, 2018
122
145
Art is 10/10, writing is solid. Looking forward to more.
Edited: No don't make me choose!
 
Last edited:
You must log in or register to reply here.
Top Bottom
4.30 star(s) 53 Votes