CREATE YOUR AI CUM SLUT ON CANDY.AI TRY FOR FREE
x
3.50 star(s) 36 Votes

badlulu

Newbie
Aug 7, 2016
87
224
People keep saying false positive, but I've never had false positive before and I got the same thing.
I ran the .jar file through virustotal and got 0 hits. The .exe on the other hand got 4. Just to be safe on my end, I only ran the .jar and deleted the .exe.
 

muoto8900

Newbie
Jul 7, 2018
69
49
I would advise caution on this one.

Went down a bit of a rabbit hole on this one. The exe file does show up as suspicious/malicious depending on the site. As Badlulu pointed out VT says 4 hits and hybrid analysis rated it malicious with a threat of 51/100. Sadly my malware analysis is rusty and I am not entirely sure what its doing but its said to be Trojan.Worgtop which is a credential stealer.

Results:
 
  • Wow
Reactions: quiboune

BoosterBoards

Newbie
Jun 4, 2021
27
66
I would advise caution on this one.

Went down a bit of a rabbit hole on this one. The exe file does show up as suspicious/malicious depending on the site. As Badlulu pointed out VT says 4 hits and hybrid analysis rated it malicious with a threat of 51/100. Sadly my malware analysis is rusty and I am not entirely sure what its doing but its said to be Trojan.Worgtop which is a credential stealer.

Results:
This antivirus (AV) discussion seems to be similar to when BannedHeresy™ uploaded newlife version 8.3. See posts #4,362 and #4,363.

Looking at the VirusTotal link in your post, the only two security vendor (out of 34 total security vendors listed) that flagged the file as having a trojan are and . For the Hybrid Analysis link, the only vendor that detected something was which BannedHeresy™ explained in #4,363 that " [ sets-process-name | detect-debug-environment | long-sleeps | checks-user-input | contains-pe ] flags" might've set off the AV programs. I don't know what means exactly, but it seems relevant to a possible false detection by AV programs.

All other vendors like MalwareBytes and Google in the VirusTotal link didn't detect anything, and I am hoping that they're more thorough/reliable than Bkav Pro, Skyhigh, and Zillya! because they're bigger names.

There are some other stuff for the Hybrid Analysis link's "Falcon SandboxReports." There, the malicious indicator is related to "writes data to a remote process" with the details being: "newlife.exe" wrote 00000004 bytes to a remote process "%PROGRAMFILES%\(x86)\Java\jre1.8.0_161\bin\javaw.exe" (Handle: 552)." HybridAnalysis also says in a blue banner that "Not all malicious and suspicious indicators are displayed. Get your own or the to view all details." No commentary on this from me here; just pointing it out in case anyone who knows better can explain.

I'm not too worried about the alarm bells set off in the VirusTotal and HybridAnalysis links. I'm still a bit concerned about the two people who wrote that Microsoft Defender Antivirus detected a virus, but it could be for the same reasons that triggered the other security vendors in VirusTotal too.

I also ran a MalwareBytes rootkit scan on my computer after reading your post and nothing turned up. Not to say everything is fine, but it seems unlikely.
 

Fleursdumal

New Member
Feb 25, 2019
6
5
This antivirus (AV) discussion seems to be similar to when BannedHeresy™ uploaded newlife version 8.3. See posts #4,362 and #4,363.

Looking at the VirusTotal link in your post, the only two security vendor (out of 34 total security vendors listed) that flagged the file as having a trojan are and . For the Hybrid Analysis link, the only vendor that detected something was which BannedHeresy™ explained in #4,363 that " [ sets-process-name | detect-debug-environment | long-sleeps | checks-user-input | contains-pe ] flags" might've set off the AV programs. I don't know what means exactly, but it seems relevant to a possible false detection by AV programs.

All other vendors like MalwareBytes and Google in the VirusTotal link didn't detect anything, and I am hoping that they're more thorough/reliable than Bkav Pro, Skyhigh, and Zillya! because they're bigger names.

There are some other stuff for the Hybrid Analysis link's "Falcon SandboxReports." There, the malicious indicator is related to "writes data to a remote process" with the details being: "newlife.exe" wrote 00000004 bytes to a remote process "%PROGRAMFILES%\(x86)\Java\jre1.8.0_161\bin\javaw.exe" (Handle: 552)." HybridAnalysis also says in a blue banner that "Not all malicious and suspicious indicators are displayed. Get your own or the to view all details." No commentary on this from me here; just pointing it out in case anyone who knows better can explain.

I'm not too worried about the alarm bells set off in the VirusTotal and HybridAnalysis links. I'm still a bit concerned about the two people who wrote that Microsoft Defender Antivirus detected a virus, but it could be for the same reasons that triggered the other security vendors in VirusTotal too.

I also ran a MalwareBytes rootkit scan on my computer after reading your post and nothing turned up. Not to say everything is fine, but it seems unlikely.
I use microsoft defender and got this flagged as sonbokli trojan and immediately deleted. I know people diss on defender but I've never had issues with it before. (I have been using this site more than 2 years I think)
 
  • Like
Reactions: doom9898

badlulu

Newbie
Aug 7, 2016
87
224
I would argue that with any single release of this game there's never enough new content to make it worth the risk.
 

lolik1234

New Member
Jun 22, 2021
2
13
Reading the follow up discussion on the game version that I uploaded in post 4,477 I just wanted to clarify:
I grabbed that version straight of SO's patreon (no 3rd party sites...). The archive was uploaded as is (didn't extract\recompess it).
 

Keldin

Member
Jun 7, 2017
261
352
Uh yeah Firefox nixed it mid-download with an alert which was something I didn't even know was a thing, let alone see before.

And I've spent moooooore than a bit of my life pirating shit lol

I'll put my hat in the "maybe something, maybe nothing, either way games just not worth it to deal with" pile.
 

kallabunga

Newbie
Sep 4, 2018
22
90
I have firefox and windows defender for W11. I downloaded the original link off firefox, no issues. Scanned it with Windows Defender before and after extracting, nothing detected. Ran the game, with both the .jar and .exe, it ran just like every other version before it. Same thing with the MEGA link.
So if you're getting an alert from windows defender, I can only imagine you're still on W7 where it's extra sensitive and hits any game cracks too.
 
  • Angry
Reactions: Nitan17

Culegik

New Member
Mar 26, 2019
2
2
I got an alert on Windows 11 but ignored it because everything alerts, then I roll into the back of the threat and see it's maybe an actual virus? If it is, what's the computer equivalent of taking a scalding shower and getting tested?
 
  • Sad
Reactions: quiboune

BoosterBoards

Newbie
Jun 4, 2021
27
66
what's the computer equivalent of taking a scalding shower and getting tested?
A rootkit scanner is what you're probably looking for. has one. You could also Google "rootkit scanner" and you'll see there a bunch of them for free from many vendors. I originally linked a , but I think it might be too old but provided the link anyways.
 

FrogFrozen

Member
Jan 9, 2018
478
616
If it is, what's the computer equivalent of taking a scalding shower and getting tested?
A rootkit scanner is what you're probably looking for. has one.
And the user BoosterBoards on this same page already used MalwareBytes' Rootkit scanner on the game and it found nothing. And honestly, after years of using different AV programs big and small, MalwareBytes is the only AV program I trust.
 
  • Like
Reactions: Culegik

FrogFrozen

Member
Jan 9, 2018
478
616
If you trust a random person on a porn forum is telling the truth. Better to verify yourself.
"This guy said there's a virus. I'm going to go by this complete stranger's word even though he only has verifiably bad AV programs to back it up. And then criticize someone else when they go by the word of someone who had good AV programs back up their claim that there is no virus, with links to his sources and everything.

And then do no homework to find out the person I'm criticizing for doing what I'm also doing has had this exact conversation in this exact thread on this exact game for years and has stated before he checks everything he downloads by default and has never had a virus detection from an AV worth mentioning.

I'm the smartest person in the room with all the information I never checked."

It feels like a 5th of all the posts I read on this entire site are people with bad AVs complaining about viruses. And those same posts make up a similarly sizeable chunk of the posts in this thread. Its so tiresome.

Bad AVs like Zillya that'll pick out an official update from Adobe as a virus, and then the actual spokesperson from Zillya will comment that its a false positive and Zillya itself will then do nothing to correct the issue in their actual code. Which is an actual thread I found on Reddit after 5 seconds of googling to see whether or not Zillya is legit, then checked to see if they actually fixed it or not and they didn't.

Can we please put an end to all this false-positive shit? Is it possible to get permission to just edit the OP to tell people to use MalwareBytes, Kaspersky, or BitDefender to check it if one of their shitty AVs is detecting NewLife as a false-positive? And if all three of them say there's nothing, there's definitely nothing.
 
Last edited:

JustaDudeMan

Newbie
Nov 1, 2023
44
95
You assumed a lot from my post. I was just saying if you're not sure, look into it yourself. I made no comment on whether one guy or the other was more trustworthy or who was more established on the porn forum.
 

Culegik

New Member
Mar 26, 2019
2
2
Thanks for the advice. For what it's worth I did three AV scans (AVG, Bitdefender, and Malwarebytes) including the Malwarebytes rootkit scanner. None of them found anything. Windows gives me alarm fatigue but it's a good reminder to be careful; I check this game so infrequently I kinda' forget to be suspicious.
 
  • Like
Reactions: BoosterBoards

BoosterBoards

Newbie
Jun 4, 2021
27
66
If you trust a random person on a porn forum is telling the truth. Better to verify yourself.
Agreed. That's what I was thinking too when I deep dived into the VirusTotal and Hybrid Analysis links that muoto8900 posted. Although I consider myself a trustworthy person, I agree with you that it's safer if everyone checks it themselves to examine the validity of statements. Fortunately, Malwarebytes' rootkit scanner is so anyone can check to see if there are any unsavory programs on their computers after downloading 8.5 themselves.

I don't claim that 8.5 is totally malware/virus-free, but I just wanted to say essentially that I've seen a similar conversation like this play out in the past on this forum about the possibility of false alerts by relatively unknown antivirus programs. It would be unfortunate for people to deprive themselves from playing a newer update (as scant as the updates are) of the game for a seemingly low likelihood that it has malware/viruses. But, by laying out what I've seen before and pointing out that most of the detections are by lesser known programs, I hope people can make a more educated choice on whether to download it or not.

For me, I downloaded 8.5 on January 4. It's been 11 days and my computer is still fine. I've logged into my bank account and my money is still there. None of my online passwords have been reset by another party. Maybe, if there is a trojan horse, it's playing the long game. I'll let you all know if something like that eventually happens -- even if it's months from now.

For anyone worried about their computers, I found this off of that lays out actions you can take.

Postscript: You can validate this further by downloading older versions of newlife and running them through VirusTotal to see if it trips anything. I have several versions of newlife on my computer still, procured from posters here on F95 or directly from Splendid Ostrich. Here's the VirusTotal results page for (I got from this thread I think) and (I downloaded from SO) newlife.exe file (not the newlife.jar file which seems to be consistently problem-free unlike the .exe version). For 7.19, McAfee-GW-Edition considers newlife.exe a malicious file. For 8.3, both Bkav Pro and Skyhigh say newlife.exe has a trojan just like with this current version 8.5.

Bad AVs like Zillya that'll pick out an official update from Adobe as a virus, and then the actual spokesperson from Zillya will comment that its a false positive and Zillya itself will then do nothing to correct the issue in their actual code. Which is an actual thread I found on Reddit after 5 seconds of googling to see whether or not Zillya is legit, then checked to see if they actually fixed it or not and they didn't.
I appreciate you. You're like my (even though JustaDudeMan clarified that he didn't mean ill by what he said).
 
Last edited:
3.50 star(s) 36 Votes