Kum_And_Go

New Member
Apr 22, 2021
6
5
Not sure if this has been reported, but the linked file on the Wiki ("PedyTW_ENG_4.881_02-01-23) for the Pedy version has malware (identified by MalwareBytes).

1.jpg

The file "Emuera1824+v16+EMv17+EEv27test" gives you a pop-up that says "KILL YOURSELF CUM GUZZLING <removed>" and irreversibly deletes all desktop files that aren't in folders. It also messes with your Windows context menu - there's no more "Send to Desktop (Create Shortcut)" option available for me anymore. This happened even when it wasn't running with elevated/admin privileges.

Man, I just came to game and have fun, not need a fresh installation. Hope this helps others avoid the same issue.
 
Last edited:

Harglblah

Newbie
Apr 1, 2019
53
55
Not sure if this has been reported, but the linked file on the Wiki ("PedyTW_ENG_4.881_02-01-23) for the Pedy version has malware (identified by MalwareBytes).

View attachment 2740139

The file "Emuera1824+v16+EMv17+EEv27test" gives you a pop-up that says "KILL YOURSELF CUM GUZZLING <removed>" and irreversibly deletes all desktop files that aren't in folders. It also messes with your Windows context menu - there's no more "Send to Desktop (Create Shortcut)" option available for me anymore. This happened even when it wasn't running with elevated/admin privileges.

Man, I just came to game and have fun, not need a fresh installation. Hope this helps others avoid the same issue.
Thank you for the warning!
 

xRoguex

Active Member
Aug 2, 2021
954
1,109
Not sure if this has been reported, but the linked file on the Wiki ("PedyTW_ENG_4.881_02-01-23) for the Pedy version has malware (identified by MalwareBytes).

View attachment 2740139

The file "Emuera1824+v16+EMv17+EEv27test" gives you a pop-up that says "KILL YOURSELF CUM GUZZLING <removed>" and irreversibly deletes all desktop files that aren't in folders. It also messes with your Windows context menu - there's no more "Send to Desktop (Create Shortcut)" option available for me anymore. This happened even when it wasn't running with elevated/admin privileges.

Man, I just came to game and have fun, not need a fresh installation. Hope this helps others avoid the same issue.
We said it when pedy released his last update and that's why Anon's branch is born.
For every game you should always be concerned when the antivirus pops up and ask if someone can confirm if it's a virus or not...or at least check previus posts.
 

cheeky325

New Member
Aug 28, 2016
7
53
Not sure if this has been reported, but the linked file on the Wiki ("PedyTW_ENG_4.881_02-01-23) for the Pedy version has malware (identified by MalwareBytes).
1688353367209.png

Lol someone replaced the link which lead to a different file that apparently contained an actual very sloppy malware. Gotta do the crime yourself if the statistics don't match with what you're peddling, eh? That's a new low for the rent free team.
The wiki page now leads to the release page as it should.
 
  • Like
Reactions: FFFFFACK

Kum_And_Go

New Member
Apr 22, 2021
6
5
We said it when pedy released his last update and that's why Anon's branch is born.
For every game you should always be concerned when the antivirus pops up and ask if someone can confirm if it's a virus or not...or at least check previus posts.
Windows Defender didn't pick anything up, I only became suspicious after running the application and getting my stuff messed up. Ran a MBAM scan on it after that, but it was a bit too late. Also I did check the previous posts, but the replies seemed mixed. Just my luck for being the trial rabbit, I suppose.

View attachment 2741025

Lol someone replaced the link which lead to a different file that apparently contained an actual very sloppy malware. Gotta do the crime yourself if the statistics don't match with what you're peddling, eh? That's a new low for the rent free team.
The wiki page now leads to the release page as it should.
I appreciate that. Unfortunately that "very sloppy malware" still seems to be running even after a nuke of my boot drive and a fresh Windows installation.

Below is the Speed Dial 2 extension I was trying to set up:
1.jpg

Whatever's running in the background turned every radio button clicked or mouse-over'd to be re-centered it in the middle of the screen. The buttons are also all unusable.
2.jpg

I know the Wiki's been updated, but if you still have the exe running around, could you poke open the hood and tell me what other mischief the author wrote in? MBAM and Defender scans are turning up empty, but I'm still having this problem, so I wanna know if I'm dealing with a rootkit or it's just their idea of a prank.

Or if there's a hash of that file, that would be great, too.

Honestly, this is quite a bummer. Saw this mod and thought "Hey, that seems cool", but ended up with this shit. If that malware got its hooks anywhere other than the boot drive (which seems likely, given its persistence), the rebuild time is going to be insane.

Edit: Problem persists even when all non-boot drives have been disconnected. Problem persists even when using a freshly-installed boot drive.
On a separate system without logging to the browser, it worked fine. But when logged in on the browser, the problem recurred.
Anyone got any ideas?
 
Last edited:
  • Sad
Reactions: Harglblah

xRoguex

Active Member
Aug 2, 2021
954
1,109
Windows Defender didn't pick anything up, I only became suspicious after running the application and getting my stuff messed up. Ran a MBAM scan on it after that, but it was a bit too late. Also I did check the previous posts, but the replies seemed mixed. Just my luck for being the trial rabbit, I suppose.



I appreciate that. Unfortunately that "very sloppy malware" still seems to be running even after a nuke of my boot drive and a fresh Windows installation.

Below is the Speed Dial 2 extension I was trying to set up:
View attachment 2741858

Whatever's running in the background turned every radio button clicked or mouse-over'd to be re-centered it in the middle of the screen. The buttons are also all unusable.
View attachment 2741864

I know the Wiki's been updated, but if you still have the exe running around, could you poke open the hood and tell me what other mischief the author wrote in? MBAM and Defender scans are turning up empty, but I'm still having this problem, so I wanna know if I'm dealing with a rootkit or it's just their idea of a prank.

Or if there's a hash of that file, that would be great, too.

Honestly, this is quite a bummer. Saw this mod and thought "Hey, that seems cool", but ended up with this shit. If that malware got its hooks anywhere other than the boot drive (which seems likely, given its persistence), the rebuild time is going to be insane.

Edit: Problem persists even when all non-boot drives have been disconnected. Problem persists even when using a freshly-installed boot drive.
On a separate system without logging to the browser, it worked fine. But when logged in on the browser, the problem recurred.
Anyone got any ideas?
Usually if there is a program working and making issues you can try to open your Task Manager (Ctrl+Shift+Esc) and browse the active programs list. If you can trace it from there you should terminate the activity of that program and check if the same is active in the programs list at startup. After being isolated you need only to delete it manually from the computer.
It seems easy but it's freaking hard to do if it's you first time. It happened to me something like this whe I got scammed few years ago (got refunded fortunately) and it was a headache.
I hope this can be helpful with your situation.
 

mrme

Active Member
Nov 8, 2017
942
1,047
I guess anyone can edit the wiki?
Just another reason to always go direct to source.

View attachment 2741025

Lol someone replaced the link which lead to a different file that apparently contained an actual very sloppy malware. Gotta do the crime yourself if the statistics don't match with what you're peddling, eh? That's a new low for the rent free team.
The wiki page now leads to the release page as it should.
Is that you pedy?
 
  • Like
Reactions: FFFFFACK

Kum_And_Go

New Member
Apr 22, 2021
6
5
Usually if there is a program working and making issues you can try to open your Task Manager (Ctrl+Shift+Esc) and browse the active programs list. If you can trace it from there you should terminate the activity of that program and check if the same is active in the programs list at startup. After being isolated you need only to delete it manually from the computer.
It seems easy but it's freaking hard to do if it's you first time. It happened to me something like this whe I got scammed few years ago (got refunded fortunately) and it was a headache.
I hope this can be helpful with your situation.
Thanks, I'll try that. The troubleshooting I've done makes me wonder if it's a UEFI/firmware rootkit (since it survived OS reinstallations) or some browser-based sync persistence (since it resurfaced on another system that never touched the affected system). It's also possible those extensions are janked this way (and unfixed) since it's been some time I had to edit those settings, but the problem didn't occur on the separate system before I did that browser sync, so I think it's not meant to be this way.

Hate to turn this into a helpdesk situation, but my hope is that someone can dig into whatever that file was (though it's removed from the Wiki) and tell me how bad it is.
 

FFFFFACK

Newbie
Jun 22, 2022
64
22
Might be worth checking if the malware anon fucked with anything else on the wiki, also any other information on them that could be gathered.

I'm having a hard time believing the wiki file to be Pedys doing since that's a ridiculous net to trap for this supposed dev feud, especially since both dev "sides" primarily use git, so placing a contaminated file on the low chance that the other guy downloads it on a completely different site is a bit of a stretch, especially since that would be more likely to infect far more other people than the supposed intended target.
Their disagreements are clearly quite public at this point so any dipshit could be trying to take advantage of it and escalate things.

Just my 2 cents at least.
 
Last edited:

Kum_And_Go

New Member
Apr 22, 2021
6
5
Good news - I was just being overly paranoid. Apparently the browser extension itself is borked, so it wasn't caused by the malware.

I've recovered the deleted malware and uploaded it to VT. Here's the link for anyone curious:

Based on the behaviors in the sandbox, an OS reinstall should have solved the issue.
 
  • Like
Reactions: xRoguex

Yogballs

New Member
Sep 23, 2021
9
5
Not sure if this has been reported, but the linked file on the Wiki ("PedyTW_ENG_4.881_02-01-23) for the Pedy version has malware (identified by MalwareBytes).

View attachment 2740139

The file "Emuera1824+v16+EMv17+EEv27test" gives you a pop-up that says "KILL YOURSELF CUM GUZZLING <removed>" and irreversibly deletes all desktop files that aren't in folders. It also messes with your Windows context menu - there's no more "Send to Desktop (Create Shortcut)" option available for me anymore. This happened even when it wasn't running with elevated/admin privileges.

Man, I just came to game and have fun, not need a fresh installation. Hope this helps others avoid the same issue.
Do not at all use pedys version, he is a piece of shit and his version has significant malware.
 

joeys88

Member
Oct 10, 2017
273
389
good grief...is Pedy losing his sanity?
(I haven't return to F95 for awhile due to self-learning photoshop and Unity)
Earlier this year he removed all TH18 characters from his branch, and added code that targeted pops TW branch and deleted your save folder and wrote a bunch of garbage data.

Not a fan of his branch either(Horribly buggy even if you turn off all the weird fetish crap he has in it), but writing malware to target it is pretty messed up.

Also I don't think that wiki thing was pedy. Just an asshole. I would recommend you always go to the git to download the era games as the maintainer(s) have control over the code changes.
 
  • Like
Reactions: FFFFFACK

vnpt

Member
Jul 8, 2019
181
79
Earlier this year he removed all TH18 characters from his branch, and added code that targeted pops TW branch and deleted your save folder and wrote a bunch of garbage data.

Not a fan of his branch either(Horribly buggy even if you turn off all the weird fetish crap he has in it), but writing malware to target it is pretty messed up.

Also I don't think that wiki thing was pedy. Just an asshole. I would recommend you always go to the git to download the era games as the maintainer(s) have control over the code changes.
hm...things change in just a few month huh. Anyway, thanks for the information.
 

xRoguex

Active Member
Aug 2, 2021
954
1,109
I dont have the exe file for some reason, fix?
If your antivirus deletes the exe, there is no fix :sneaky:
I'm pretty sure this is what happened
The answer is yes... they are taking their time though.
Last update for eraTohoK was a few months ago
By the way here's the link for the and here the where you can find the last builds they have.
 
Last edited:
4.40 star(s) 26 Votes