Tutorial How to protect yourself from viruses

[Fade]

Preamble:
F95Zone, as it stands, has become a large community. In a span of just 2 years, I have seen activity on this website that I never thought would be possible to achieve back when I first registered. There's more people online in a day now than there would be in a given month 2 years ago. Now that it has come to this, I have prepared a little guide on how to protect yourself, because just like how an increase in population most certainly brings an increase in danger, the risks of getting infected by a virus on a website such as this, although much of the content are checked and monitored properly, are not 0.

K, enough with your speech and tell us how to kill virus!
As much as I'd love to say that you can kill a virus with only a press of a button, there's much more to it than that. Below are steps where I will help you identify any telltale signs and how to deal with it.

Spoiler: Virus Detection

You don't have permission to view the spoiler content. Log in or register now.

Spoiler: Manual inspection and fixing

You don't have permission to view the spoiler content. Log in or register now.

Spoiler: Too lazy?

You don't have permission to view the spoiler content. Log in or register now.

Spoiler: Last Resort/Final Boss

You don't have permission to view the spoiler content. Log in or register now.

It seems like you can just remake the game and make your own executable for certain engines like Ren'Py and RPGM. The guide below is provided by pk2000 . anne O'nymous has also provided some additional insight into Ren'py's process

Spoiler: Recreate the game!

You don't have permission to view the spoiler content. Log in or register now.

If you feel like I forgot to mention something, just let me know and I'll add it in. These are mostly just the methods that I have used throughout my internet adventures in order to mitigate or prevent any damage to my computer when browsing or downloading some sketchy files.

 

[Rex8501]

This is a good guide. I usually do it from time to time. Except for the sandboxie part.

 

[Fade]

This is a good guide. I usually do it from time to time. Except for the sandboxie part.

Sandboxie's pretty cool, since it lets me use apps that I download from extremely shady places.

 

[Calyps0]

Crap. Are many of the games on here virus laden? I assumed they were checked...fail. I only DL from here.

 

[khumak]

I can't speak to the risk on other platforms but I'm actually satisfied with just Windows Defender plus an ad blocker. No false positives and as far as I know it's caught all of the threats I've run into since Windows 10 came out. IMO an ad blocker is actually more important for security reasons than security software is since that is more likely to protect you from exploits that don't require any action on the part of the user to trigger.

Before Windows 10 I was using Microsoft Security Essentials and that was dramatically less useful. I ran into several cases where I had to reformat my hard drive after a piece of malware/virus/whatever made it through what little protection Security Essentials provided. Unfortunately most of the other security software I had tried up until that point had so many false positives that it was less intrusive to just not use anything. I suspect a lot of people who are using 3rd party software for security just assume that Windows Defender is no better than Microsoft's nearly useless previous attempts at security, but they actually did a good job with it.

 

[Deleted member 865655]

Crap. Are many of the games on here virus laden? I assumed they were checked...fail. I only DL from here.

If you're getting your downloads from uploader ranks, I think you're fine. You should of course still scan anything and everything you download/put on to your PC, no matter if you trust the source or not.

 

[Fade]

I can't speak to the risk on other platforms but I'm actually satisfied with just Windows Defender plus an ad blocker. No false positives and as far as I know it's caught all of the threats I've run into since Windows 10 came out. IMO an ad blocker is actually more important for security reasons than security software is since that is more likely to protect you from exploits that don't require any action on the part of the user to trigger.

Before Windows 10 I was using Microsoft Security Essentials and that was dramatically less useful. I ran into several cases where I had to reformat my hard drive after a piece of malware/virus/whatever made it through what little protection Security Essentials provided. Unfortunately most of the other security software I had tried up until that point had so many false positives that it was less intrusive to just not use anything. I suspect a lot of people who are using 3rd party software for security just assume that Windows Defender is no better than Microsoft's nearly useless previous attempts at security, but they actually did a good job with it.

I just like using 3rd party software like Bitdefender or Kaspersky because they have very active communities that report any new viruses, which get patched almost immediately. Windows defender is fine for most use cases, but sometimes I dabble in things like game exploiting (or hacking, whatever you wanna call it), and microsoft just doesn't give me enough control over the protection that I want. Also, as a bonus, most third party security software provide some pretty neat features like encrypting files, sorta free vpn, etc.

Crap. Are many of the games on here virus laden? I assumed they were checked...fail. I only DL from here.

Any post by someone with the "Uploader" title shouldn't really be infected by a virus, but it's always good practice to check anyways. You can also just be lazy like me and run everything that your not sure about in Sandboxie or a similar program. If you want maximum protection, you can maybe use a virtual machine?

 

[pk2000]

Fade Another approach is to download a trial of the game creators engines (eg. rpgmaker),create a project, export it and save the files and exes needed (not the project's data).
then you can use your own files that you know that are clean and just copy/replace those of the downloaded game.
Personally I use sandboxie more for finding the location of the save files.

 

[Fade]

Fade Another approach is to download a trial of the game creators engines (eg. rpgmaker),create a project, export it and save the files and exes needed (not the project's data).
then you can use your own files that you know that are clean and just copy/replace those of the downloaded game.
Personally I use sandboxie more for finding the location of the save files.

Sounds pretty complicated. It also seems like it wouldn't apply to all game engines, since some (like UE4) would be too complicated. If you can compile a step by step guide that covers a majority of the game engines used here, that'd be pretty interesting to see.

 

[pk2000]

Sounds pretty complicated. It also seems like it wouldn't apply to all game engines, since some (like UE4) would be too complicated. If you can compile a step by step guide that covers a majority of the game engines used here, that'd be pretty interesting to see.

Actually is extremely easy to do (not worth making a visual guide for this)
examples :

Renpy (steps to perform)
press "Create New Project" -> press "continue" -> name your project eg "game1" -> press "continue" -> press "continue" -> press "continue"
After it finishes creating the project
press "Build Distributions" -> Select the platform under "build packages" eg "windows" -> press "Build"
When finished open the zip and delete the folder "game" (you will replace it with the one of the game that you downloaded).

RPG MAKER XP / VX / VX ACE (steps to perform)
press "File" -> press "New Project" -> press "OK"
After it finishes creating the project
press "File" -> press "Compress Game Data" -> press "OK"
extract the files from the projectname.exe and you delete the folders "graphics" and "data" and the "projectname.ini" (you will replace them with those of the game that you downloaded)

RPG MAKER MV (steps to perform)
press "File" -> press "New Project" -> press "OK"
After it finishes creating the project
press "File" -> press "Deployment" -> Select the OS you want e.g. windows -> press "OK"
from the folder of the deployed project delete the folder "www" (you will replace it with the one of the game that you downloaded)

 

[Fade]

Actually is extremely easy to do (not worth making a visual guide for this)
examples :

Renpy (steps to perform)
press "Create New Project" -> press "continue" -> name your project eg "game1" -> press "continue" -> press "continue" -> press "continue"
After it finishes creating the project
press "Build Distributions" -> Select the platform under "build packages" eg "windows" -> press "Build"
When finished open the zip and delete the folder "game" (you will replace it with the one of the game that you downloaded).

RPG MAKER XP / VX / VX ACE (steps to perform)
press "File" -> press "New Project" -> press "OK"
After it finishes creating the project
press "File" -> press "Compress Game Data" -> press "OK"
extract the files from the projectname.exe and you delete the folders "graphics" and "data" and the "projectname.ini" (you will replace them with those of the game that you downloaded)

RPG MAKER MV (steps to perform)
press "File" -> press "New Project" -> press "OK"
After it finishes creating the project
press "File" -> press "Deployment" -> Select the OS you want e.g. windows -> press "OK"
from the folder of the deployed project delete the folder "www" (you will replace it with the one of the game that you downloaded)

Added! Thanks for the insight.

 

[neekleer]

Do you have any insight on cracks that seem to be detecting a sandbox and deciding not to run?

Basically, I am trying to run The Sims 4, but I wondering if I just risk it because the crack is probably not doing anything too bad if you rely on user reports. However, I am paranoid so I am also considering if I should wait for someone to make a better crack or even "crack the crack" and remove the sandbox detection.

Spoiler: More details

You don't have permission to view the spoiler content. Log in or register now.

 

[pk2000]

Do you have any insight on cracks that seem to be detecting a sandbox and deciding not to run?

Basically, I am trying to run The Sims 4, but I wondering if I just risk it because the crack is probably not doing anything too bad if you rely on user reports. However, I am paranoid so I am also considering if I should wait for someone to make a better crack or even "crack the crack" and remove the sandbox detection.

Spoiler: More details

You don't have permission to view the spoiler content. Log in or register now.

I have never encountered a scene release crack/patch that use anti-vm and anti-sandbox technics.
As an advice, wait until you see a fix listed in GameCopyWorld.

 

[neekleer]

I have a frequently needed Sandboxie workaround. Some games like ren'py ones quit without ever showing on the screen when running in Sandboxie. I found out that it's a problem with finding DLL files that tucked away in a subdirectory.

Spoiler: start.bat

You don't have permission to view the spoiler content. Log in or register now.

This sets a path and starts some the named exe. For ren'py, the path is lib\windows-i686. For Being a DIK, the exe is BeingADIK.exe. Change those to fit a new game. Make sure you actually launch that bat file in the sandbox like you would with a regular executable.

I have never encountered a scene release crack/patch that use anti-vm and anti-sandbox technics.
As an advice, wait until you see a fix listed in GameCopyWorld.

I checked around. They do for The Sims 4.

 

[fffffffffffk]

This is a terrible guide on several levels.

First of all: Sandboxie is Russian malware.

Secondly: replacing the exe file from general purpose engines like RPG maker and ren'py does absolutely nothing because the actual coding happens in different, usually encrypted (in VX Ace's case) files.

Thirdly: Virustotal is pretty bad in this kind of scenario because all of these games are extremely niche, so any malware added to them will go undetected because of how antivirus software works (they don't actually "find" viruses, they just scan for specific sequences of code that a human spotted in the past and added to the malware database). It will also give false positives because of how antivirus software works. If an actual virus does get found, it will flag the entire game engine as a virus (and everything that's created with it) because they all use the same .exe file. Then after a while it will get removed because of the false positive and the entire cycle starts again.

The only good advice you can give: download from trusted sources, use a Virtual Machine (VMware or Virtualbox) and install an ad blocker and perhaps NoScript. Note that Virtualbox only has a basic graphics card adapter and can't run most Unity games and most definitely will not run Unreal Engine. It will also freeze a lot in RPG maker MV.

 

[pk2000]

First of all: Sandboxie is Russian malware.

Last time I checked "Sophos Inc" was a US antivirus/security company.
Sandboxie is now free for all and they will opensource it.

You must be registered to see the links

 

[neekleer]

fffffffffffk Every solution has tradeoffs. I wonder what you heard about Sandboxie that made you think it was OK to smear the name.

DARPA (US military) has used products from Invincea (makers of Sandboxie), and Sophos acquired the company recently. I guess they are letting the Russian malware run its course of my computer without warning me. Sure, there have been questionable management decisions and the product seems kinda crappy when looking closely, but it can't be easily replaced.

I noticed that you didn't bother recommending a good antivirus suite, and that may be because many of these home user products have become bloated and insecure or fall short in other ways. Shitting on other products isn't going to make me feel better about Sandboxie, but I know that I am at a happy medium. As you noted, a Virtual Machine has tradeoffs especially for gaming (even with VMWare Workstation Player {free} having 3D acceleration).

Metro apps in Windows 10 are sandboxed by default. That is the modern approach. Sandboxie gave us its take on lightweight sandboxing very early on, and, while it seems to continue to suffer from some poor implementation and / or packaging, it serves a purpose.

Also, while replacing the exe is probably not worth the effort, malicious code would rarely appear in the game files where the so-called actual coding happens (even when "encrypted" packages are used). These files are frequently seen by modders and the schemes for creating the packages are known, so it's not a great way to hide the payload unless there was some ingenious method in place. As for downloading from trusted sources, that is solid advice, but how far do you take it? Not a single game on F95 comes with any assurances or much of a reputation behind them. In fact, I wonder how little Steam cares nowadays because they have some of these indie porn games on their platform, but how exactly did they check if some random game developer is definitely not a scumbag and has something to lose if they are caught breaking the law?

 

[fffffffffffk]

fffffffffffk Every solution has tradeoffs. I wonder what you heard about Sandboxie that made you think it was OK to smear the name.

DARPA (US military) has used products from Invincea (makers of Sandboxie), and Sophos acquired the company recently. I guess they are letting the Russian malware run its course of my computer without warning me. Sure, there have been questionable management decisions and the product seems kinda crappy when looking closely, but it can't be easily replaced.

I noticed that you didn't bother recommending a good antivirus suite, and that may be because many of these home user products have become bloated and insecure or fall short in other ways. Shitting on other products isn't going to make me feel better about Sandboxie, but I know that I am at a happy medium. As you noted, a Virtual Machine has tradeoffs especially for gaming (even with VMWare Workstation Player {free} having 3D acceleration).

Metro apps in Windows 10 are sandboxed by default. That is the modern approach. Sandboxie gave us its take on lightweight sandboxing very early on, and, while it seems to continue to suffer from some poor implementation and / or packaging, it serves a purpose.

Also, while replacing the exe is probably not worth the effort, malicious code would rarely appear in the game files where the so-called actual coding happens (even when "encrypted" packages are used). These files are frequently seen by modders and the schemes for creating the packages are known, so it's not a great way to hide the payload unless there was some ingenious method in place. As for downloading from trusted sources, that is solid advice, but how far do you take it? Not a single game on F95 comes with any assurances or much of a reputation behind them. In fact, I wonder how little Steam cares nowadays because they have some of these indie porn games on their platform, but how exactly did they check if some random game developer is definitely not a scumbag and has something to lose if they are caught breaking the law?

I haven't used Sandboxie in at least 5 years and back then it was still run by apparently an Israeli dev. I don't remember exactly what it did, but it was noticably doing shady stuff to your system back then. Worse than for example Daemon Tools in the old days, if you remember that.

I don't recommend any antivirus other than the free one included with Windows. Everything boils down to using common sense when downloading files anyway. Not even the most expensive antivirus can help you there.

What you say about the engines isn't correct at all. If you take older RPG maker games, you have thousands of lines of code where you can hide your 5 lines of malicious code. No modder would find this, unless they go looking for it because the code editor is garbage and most modding work is done with plugins outside of the engine code. Then the code gets encrypted in 1 file (that has nothing to do with the .exe file which people upload to virustotal), so you can't properly scan for it without the editor. If you take Ren'py as an example, then you can easily make alterations to the engine core files, which are in bytecode and again, no modder would look there because it's part of the engine.

I agree on the trusted sources part though. No game in here or on Steam can be deemed safe. There's several examples of malicious software making it on Steam. My favourite one was the demo for a game that automatically upvoted it on Greenlight.

 

[neekleer]

Well, you are scaring me if you say the standards were lower than those of Demon Tools. Also, I take your other points, but I have to object and say I am sure what I said about the engines is correct even if it doesn't match your perspective. Anything non-standard added to the files you are talking about would stand out as cruft and make people suspicious. Also, encrypted isn't the right word with RPG Maker because it's fully decompilable to source without credentials / secrets by default. Editors facilitate some workflows, but they aren't a real barrier to examining nearly all of the editor-packaged code with other tools.

If you look at the entirety of a program and all of its libraries, there are what I would call much bigger haystacks and mazes with mazes that can end up in a compiled program. Custom code, a set of calls, data sources, and memory access don't stand out as much when they originate in these other areas (on the interior side of the asset loader) of the program. If it's known that hundreds of people unpackage game assets, wouldn't it be better to have no special or modified files exist as an artifact at all? If the criminal ever has to cover their tracks and remove the evidence, it would be better if nothing appeared to have changed at least in the files it's known people have a typical reason to track.

It's true that hardly anyone with the time and expertise is checking for these things, but all of the above discussion is getting away from my original, primary point. As it stands, a packaged game asset is not the first choice as a place to inject a virus, at least, for anyone that has access to the full build process of the game to a compiled program. On a related note, the big name engines that have community asset stores on the web are obviously wary of third-party contributors not meeting their standards. I imagine they are working on automated tools to alert them to hidden or suspicious code.

 

[anne O'nymous]

Renpy (steps to perform)
press "Create New Project" -> press "continue" -> name your project eg "game1" -> press "continue" -> press "continue" -> press "continue"
After it finishes creating the project
press "Build Distributions" -> Select the platform under "build packages" eg "windows" -> press "Build"
When finished open the zip and delete the folder "game" (you will replace it with the one of the game that you downloaded).

There a two (big) step mising :
Firstly you need to look at the version of Ren'py used by the game. Secondly you must perform all the following step with the exact same version if you want to be sure that you'll not have errors.

Ren'py have a long history of backward compatibility, but it was never a total compatibility. Anyway lately it start to throw errors for really strange things, so even the use of the last version isn't anymore a guaranty of success.