- Jul 5, 2017
- 1,171
- 2,722
My Download has those files you mention, they are fine. M$ can detect and removeFollow up on my last comment. The download is indeed likely malware, and has an additional payload strapped to it. Details:
I am currently running a malwarebytes scan across my PC. Nothing so far. Furthermore, I've scanned the zip file, the game's folder, and checked various files on virustotal. Virustotal has only throwed flags on the zsyncmake.exe. This is predictable, as I lot of the files I mentioned above are legitimate services, just no reason they should be bundled in with this game.
- lib folder contains a windows-x86_64 folder, which is NOT found in any other Ren'py install.
- this file contains a .vbs file, commonly used for launching malware, and a zsync file, a file transfer program (suspicious - trojan)
- The renpy folder contains:
- A folder called uguu. A tool for generating flexnet configs. No reason that should be there.
- a python file named webloader.py - once again, not part of the base renpy installer. There is no reason this game should contain a webloader
DO NOT DOWNLOAD THIS GAME. Anyone who has should delete the game files immediately and run a full system scan using their anti-virus of choice and then a second scan using malwarebytes/hitmanPro. Any moderator should immediately take down the links until more details can be provided. It would be highly useful to get a second source for this game, in order to determine if the files can from the developer or were introduced by the uploader/site the uploader ripped from. The uploader's account should also be suspended until the details are worked ouy.
You must be registered to see the links
So if if you are using a up to date Windows 7 or newer, you are fine. You can run an extra manual scan if you have doubts. Always do your own due diligence!
Webloader.py also gets used by other ren'py games, I think they just use it for crap like clicking a (patreon) link on the main menu of a game to launch your browser towards the website.
I used the Nopy link, haven't bothered checking the rest. There is no malware, there is no virus!
You do not need to delete shit or have links taken down because 1 person got a virus, certainly not when they can't even point towards a likely source when tons of other people report NO problems using the same links.
P.s. the vbs script has like 10 lines of script that don't do anything remotely suspicious.