- Thread starter wynin
- Start date
People keep saying false positive, but I've never had false positive before and I got the same thing.
- Aug 7, 2016
- 87
- 224
I ran the .jar file through virustotal and got 0 hits. The .exe on the other hand got 4. Just to be safe on my end, I only ran the .jar and deleted the .exe.
I would advise caution on this one.
Went down a bit of a rabbit hole on this one. The exe file does show up as suspicious/malicious depending on the site. As Badlulu pointed out VT says 4 hits and hybrid analysis rated it malicious with a threat of 51/100. Sadly my malware analysis is rusty and I am not entirely sure what its doing but its said to be Trojan.Worgtop which is a credential stealer.
Results:
Went down a bit of a rabbit hole on this one. The exe file does show up as suspicious/malicious depending on the site. As Badlulu pointed out VT says 4 hits and hybrid analysis rated it malicious with a threat of 51/100. Sadly my malware analysis is rusty and I am not entirely sure what its doing but its said to be Trojan.Worgtop which is a credential stealer.
Results:
You must be registered to see the links
You must be registered to see the links
This antivirus (AV) discussion seems to be similar to when BannedHeresy™ uploaded newlife version 8.3. See posts #4,362 and #4,363.
Looking at the VirusTotal link in your post, the only two security vendor (out of 34 total security vendors listed) that flagged the file as having a trojan are
You must be registered to see the links
and
You must be registered to see the links
. For the Hybrid Analysis link, the only vendor that detected something was
You must be registered to see the links
which BannedHeresy™ explained in #4,363 that " [ sets-process-name | detect-debug-environment | long-sleeps | checks-user-input | contains-pe ] flags" might've set off the AV programs. I don't know what means exactly, but it seems relevant to a possible false detection by AV programs.All other vendors like MalwareBytes and Google in the VirusTotal link didn't detect anything, and I am hoping that they're more thorough/reliable than Bkav Pro, Skyhigh, and Zillya! because they're bigger names.
There are some other stuff for the Hybrid Analysis link's "Falcon SandboxReports." There, the malicious indicator is related to "writes data to a remote process" with the details being: "newlife.exe" wrote 00000004 bytes to a remote process "%PROGRAMFILES%\(x86)\Java\jre1.8.0_161\bin\javaw.exe" (Handle: 552)." HybridAnalysis also says in a blue banner that "Not all malicious and suspicious indicators are displayed. Get your own
You must be registered to see the links
or the
You must be registered to see the links
to view all details." No commentary on this from me here; just pointing it out in case anyone who knows better can explain.I'm not too worried about the alarm bells set off in the VirusTotal and HybridAnalysis links. I'm still a bit concerned about the two people who wrote that Microsoft Defender Antivirus detected a virus, but it could be for the same reasons that triggered the other security vendors in VirusTotal too.
I also ran a MalwareBytes rootkit scan on my computer after reading your post and nothing turned up. Not to say everything is fine, but it seems unlikely.
I use microsoft defender and got this flagged as sonbokli trojan and immediately deleted. I know people diss on defender but I've never had issues with it before. (I have been using this site more than 2 years I think)
- May 16, 2018
- 35
- 27
just checking if there were new updates then saw this wtf happened and is it safe downloading this game
Uh yeah Firefox nixed it mid-download with an alert which was something I didn't even know was a thing, let alone see before.
And I've spent moooooore than a bit of my life pirating shit lol
I'll put my hat in the "maybe something, maybe nothing, either way games just not worth it to deal with" pile.
And I've spent moooooore than a bit of my life pirating shit lol
I'll put my hat in the "maybe something, maybe nothing, either way games just not worth it to deal with" pile.
I have firefox and windows defender for W11. I downloaded the original link off firefox, no issues. Scanned it with Windows Defender before and after extracting, nothing detected. Ran the game, with both the .jar and .exe, it ran just like every other version before it. Same thing with the MEGA link.
So if you're getting an alert from windows defender, I can only imagine you're still on W7 where it's extra sensitive and hits any game cracks too.
So if you're getting an alert from windows defender, I can only imagine you're still on W7 where it's extra sensitive and hits any game cracks too.
A rootkit scanner is what you're probably looking for.
You must be registered to see the links
has one. You could also Google "rootkit scanner" and you'll see there a bunch of them for free from many vendors. I originally linked a
You must be registered to see the links
, but I think it might be too old but provided the link anyways.And the user BoosterBoards on this same page already used MalwareBytes' Rootkit scanner on the game and it found nothing. And honestly, after years of using different AV programs big and small, MalwareBytes is the only AV program I trust.
If you trust a random person on a porn forum is telling the truth. Better to verify yourself.
"This guy said there's a virus. I'm going to go by this complete stranger's word even though he only has verifiably bad AV programs to back it up. And then criticize someone else when they go by the word of someone who had good AV programs back up their claim that there is no virus, with links to his sources and everything.
And then do no homework to find out the person I'm criticizing for doing what I'm also doing has had this exact conversation in this exact thread on this exact game for years and has stated before he checks everything he downloads by default and has never had a virus detection from an AV worth mentioning.
I'm the smartest person in the room with all the information I never checked."
It feels like a 5th of all the posts I read on this entire site are people with bad AVs complaining about viruses. And those same posts make up a similarly sizeable chunk of the posts in this thread. Its so tiresome.
Bad AVs like Zillya that'll pick out an official update from Adobe as a virus, and then the actual spokesperson from Zillya will comment that its a false positive and Zillya itself will then do nothing to correct the issue in their actual code. Which is an actual thread I found on Reddit after 5 seconds of googling to see whether or not Zillya is legit, then checked to see if they actually fixed it or not and they didn't.
Can we please put an end to all this false-positive shit? Is it possible to get permission to just edit the OP to tell people to use MalwareBytes, Kaspersky, or BitDefender to check it if one of their shitty AVs is detecting NewLife as a false-positive? And if all three of them say there's nothing, there's definitely nothing.
Last edited:
You assumed a lot from my post. I was just saying if you're not sure, look into it yourself. I made no comment on whether one guy or the other was more trustworthy or who was more established on the porn forum.