RPGM Partial NTR Gyaru: The Otaku-Friendly Gyaru Gets Stolen Away [RJ01524136] NTRギャル -オタクに優しいギャルは寝取られる-

skizzat93

skizzat93

Active Member
Apr 14, 2018
501
559
348
Hayle said:
I downloaded the game from the link and opened it once, am I cooked? I deleted it, but should I do anything else?
Click to expand...
it seems to be a coin miner but it did nothing on my system, I have cpu and gpu monitoring always up on an external display and the usage never increased when it was idle, I deleted the folder in local
C:\Users\<usr>\AppData\Local\syscacheapp\cacheapp64.exe
and the line in the registry
Computer\HKEY_USERS\<some_long_identifier>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
1767126960586.png
 
  • Like
Reactions: ktez
boulbi78

boulbi78

Member
May 5, 2024
429
496
200
skizzat93 said:
it seems to be a coin miner but it did nothing on my system, I have cpu and gpu monitoring always up on an external display and the usage never increased when it was idle, I deleted the folder in local
C:\Users\<usr>\AppData\Local\syscacheapp\cacheapp64.exe
and the line in the registry
Computer\HKEY_USERS\<some_long_identifier>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
View attachment 5580205
was something like this but on the right was pointing at the .exe
Click to expand...
In this post ; https://f95zone.to/threads/hidden-s...he-curtain-ntr-game-list.163925/post-18983115
He explain that he had to rename his process explorer to see it. Like if the coinminer turn off if u start a monitoring app. Since everything was deleted i can't test it.
 
skizzat93

skizzat93

Active Member
Apr 14, 2018
501
559
348
  • Like
Reactions: boulbi78
boulbi78

boulbi78

Member
May 5, 2024
429
496
200
skizzat93 said:
oh, ok maybe it never activated on mine because I have the monitoring 24/7, BTW I edited the op with what to do
Click to expand...
Great, thanks you ! It seems that it didn't work properly for everyone. Thing was maybe limited to some specifics environments/settings. So yes, maybe he never activated.
 
D

dongdd

Newbie
Dec 7, 2018
45
17
220
Is it always called cacheapp64?
I don't see it on my computer but I did download the game from this thread and ran it...
 
H

Hayle

Member
Jul 31, 2022
161
42
202
UPDATE: After doing full scans and reading the comments of boulbi and skizzat i can confirm that the miner thing never activated on my pc, no lines were added in my registry, nothing, maybe only activates in predetermined settings (?)
 
  • Like
Reactions: Viciousscorpion
boulbi78

boulbi78

Member
May 5, 2024
429
496
200
Hayle said:
UPDATE: After doing full scans and reading the comments of boulbi and skizzat i can confirm that the miner thing never activated on my pc, no lines were added in my registry, nothing, maybe only activates in predetermined settings (?)
Click to expand...
Thanks for the information, im more into the "activates in predetermined settings" idea.

dongdd said:
Is it always called cacheapp64?
I don't see it on my computer but I did download the game from this thread and ran it...
Click to expand...
For what i know it was cacheapp64.exe created in cacheapp folder when u run the game.
U got details about where u should look for the folder and what u should check on regedit for your winlogon path on the OP.
Let us know if u need more help
 
D

dongdd

Newbie
Dec 7, 2018
45
17
220
boulbi78 said:
Thanks for the information, im more into the "activates in predetermined settings" idea.


For what i know it was cacheapp64.exe created in cacheapp folder when u run the game.
U got details about where u should look for the folder and what u should check on regedit for your winlogon path on the OP.
Let us know if u need more help
Click to expand...
I didn't see the shell in the winlogon path or the folder anywhere.
Maybe my system didn't met the requirements for it?
I might do a fresh install of windows still.
 
skizzat93

skizzat93

Active Member
Apr 14, 2018
501
559
348
dongdd said:
I didn't see the shell in the winlogon path or the folder anywhere.
Maybe my system didn't met the requirements for it?
I might do a fresh install of windows still.
Click to expand...
from what I read in the diagnosis of this virus in the link it does only those 2 things, make the folder and modify the registry to start the miner when you power up the pc, so if you don't have the folder and the registry is ok, I don't think you need to format, but obviously do what you retain necessary for your security, I'm just synthesizing what I read nothing more
 
boulbi78

boulbi78

Member
May 5, 2024
429
496
200
dongdd said:
I didn't see the shell in the winlogon path or the folder anywhere.
Maybe my system didn't met the requirements for it?
I might do a fresh install of windows still.
Click to expand...
As skizzat93 said, he does 2 actions. So a fresh install of windows isn't really needed.
First the winlogon path it is on a long name thing, i will link u where it was for me ;
reg2.jpg
Second, if u can't find any cacheapp64.exe but want to be sure. just make a search for ".exe" files on the entire disk. Supposed C, it will take some time but u can search by size and search for a 500-750mb, u will be 100% sure. U will even be able to see if u don't have any weird .exe file on your disk.
 
boulbi78

boulbi78

Member
May 5, 2024
429
496
200
pirohiro said:
Restarted and bitdefender flagged this, I downloaded the original raw version from the initial japanese thread
Click to expand...
Seems like multiple versions of this game got that thing. I think we should just wait for proper updates about this game and the supposed "crypto-minor" .
 
pirohiro

pirohiro

Member
Feb 15, 2020
340
554
220
boulbi78 said:
Seems like multiple versions of this game got that thing. I think we should just wait for proper updates about this game and the supposed "crypto-minor" .
Click to expand...
Mine made the file but didn't manage to change the registry, so I am hoping that means bitdefender got it, I suppose this is a lesson learned about downloading from open links on the NTR general thread without anyone saying it is their own upload
 
boulbi78

boulbi78

Member
May 5, 2024
429
496
200
pirohiro said:
Mine made the file but didn't manage to change the registry, so I am hoping that means bitdefender got it, I suppose this is a lesson learned about downloading from open links on the NTR general thread without anyone saying it is their own upload
Click to expand...
Probably, and i also think that having the file deleted make the edited registry useless. And yea, wont rush into any new game before being certain that it is safe.
 
You must log in or register to reply here.
Top Bottom