- Jan 2, 2021
- 6,237
- 8,088
Yes. I do. I have a save for every version 1 through to 45.
I got bored with it at 17...Me too! Happy Days!
Yes. I do. I have a save for every version 1 through to 45.
I got bored with it at 17...Me too! Happy Days!
Yes. I do. I have a save for every version 1 through to 45.
#metooMe too! Happy Days!
First post FAQ/Saves and READ where you MAY find it !![]()
RPGmaker runs on javascript. So it attempting to do wonky stuff is "normal". Though no1 reported anything in ~4 years and 2 games. You either got some shady link or your PC is already corrupted. Might wanna check your junk and/or stop going to shadier places with dubious links (like this place isn't shady). There's also the "real" version of the game running a Unity launcher that tries to get into NLT's server/database to update itself. You might have found a new way to fuck the game even more than the 6+ we got in here alreadyWhilst the build on front page technically works is there any particular reason that the executable is attempting to check to see if it's running in a VM, create a scheduled task, modify windows services, modify firewall settings and dropping executables designed to look like Microsoft Edge into random folders?
You must be registered to see the links
I was running the executable from the mega on page 1 in a fresh sandbox, and the above link is dynamic analysis of the executables behaviour from VirusTotal. Running it in a stealthed VM the executable seems to be able to break the Windows Security app and disable Tamper Protection, that goes a little beyond "wonky behaviour."RPGmaker runs on javascript. So it attempting to do wonky stuff is "normal". Though no1 reported anything in ~4 years and 2 games. You either got some shady link or your PC is already corrupted. Might wanna check your junk and/or stop going to shadier places with dubious links (like this place isn't shady). There's also the "real" version of the game running a Unity launcher that tries to get into NLT's server/database to update itself. You might have found a new way to fuck the game even more than the 6+ we got in here already
It's your system that cause this behaviour not the game.I was running the executable from the mega on page 1 in a fresh sandbox, and the above link is dynamic analysis of the executables behaviour from VirusTotal. Running it in a stealthed VM the executable seems to be able to break the Windows Security app and disable Tamper Protection, that goes a little beyond "wonky behaviour."
My system, which I didn't run the executable on I might add, influenced the behaviour of the executable in completely fresh virtual machines controlled by both myself and VirusTotal? Seems legit.It's your system that cause this behaviour not the game.
When the same download causes no issue with other people but have problem on your VM, yes it's absolutely legit that it's not the downloaded executable.My system, which I didn't run the executable on I might add, influenced the behaviour of the executable in completely fresh virtual machines controlled by both myself and VirusTotal? Seems legit.
Either way I just wanted to highlight the above. I'm fine playing the pirated version somebody has dropped a sneaky lil bit of malware into in a VM.
What do you thing is more legit: A single dude saying the game has malware or approximate 500k people who are playing this and the previous games without a single issue?My system, which I didn't run the executable on I might add, influenced the behaviour of the executable in completely fresh virtual machines controlled by both myself and VirusTotal? Seems legit.
Either way I just wanted to highlight the above. I'm fine playing the pirated version somebody has dropped a sneaky lil bit of malware into in a VM.
If you just check the...the executable is attempting to check to see if it's running in a VM, create a scheduled task, modify windows services, modify firewall settings and dropping executables designed to look like Microsoft Edge into random folders?
game.exe
(and not the rest of the game),
game.exe
, it might try to "call home" and therefore your OS creates firewall rules, downloads outstanding Microsoft Edge updates etc., but that's just me guessing.game.exe
file (I checked mine as well, same hash code, same result), and I'm 99.9% sure that these are just false positives which you wouldn't see if you were able to check the whole game.www/movies
and www/img
You either got some shady link or your PC is already corrupted
Aren't you guys always "laughing out loud" about people who don't read?It's your system that cause this behaviour not the game
When the same download causes no issue with other people but have problem on your VM
Those are the most ridiculous and uneducated comments I've ever read when it comes to viruses/malicious code. Please learn how malicious code works before posting anything like that ever again! "Just because a million people downloaded the virus and nothing bad happened, this is safe!" -- ROFL!What do you thing is more legit: A single dude saying the game has malware in it or approximate 500k people who are playing this and previous games?
Uploading a zip unfortunately won't result in VirusTotal doing dynamic analysis of the behaviour of applications contained within said zip, although it would certainly be a neat feature if it did. I believe Joe Sandbox will let you do this if you really want to go ham on checking this file.If you just check thegame.exe
(and not the rest of the game),You must be registered to see the linksmight get weird results. The game will definitely not drop any "executables designed to look like Microsoft Edge" -- those are actual (digitally signed by Microsoft) original Edge files (I just checked them on my PC)! But without all the other game files, if you just rungame.exe
, it might try to "call home" and therefore your OS creates firewall rules, downloads outstanding Microsoft Edge updates etc., but that's just me guessing.
You definitely checked the correctgame.exe
file (I checked mine as well, same hash code, same result), and I'm 99.9% sure that these are just false positives which you wouldn't see if you were able to check the whole game.
And here's how you can check the full game if you're still concerned:
- download the full game from OP
- open the ZIP, and remove the folderswww/movies
andwww/img
- the remaining ZIP should now be ~180MB, which you can check on virustotal
Hope that helps!
Here's what you should do instead:...I will however be unwatching this thread as I'm not overly interested in doing a deep dive on a clearly suspect file.
game.exe
from any of those games -- if it's build with the same version of RPGMMaker, the game.exe
will have the exact same size as TGO's one (and the same MD5 code as well)game.exe
files (which has the same size) and put it into the TGO folder, then run it. Wow, it's loading TGO just fine! And no, that doesn't mean that every single RPGM based game is malicious. That's because the game.exe is a "general executable" from RPGMMaker.game.exe
file. The results will be shocking! ;-)Here's what you should do instead:
Fun fact: take any of those extracted
- download some RPGM games from "LATEST UPDATES" (filter for "Engine" = "RPGM")
- extract the
game.exe
from any of those games -- if it's build with the same version of RPGMMaker, thegame.exe
will have the exact same size as TGO's one (and the same MD5 code as well)- check with virustotal.com -- same results
game.exe
files (which has the same size) and put it into the TGO folder, then run it. Wow, it's loading TGO just fine! And no, that doesn't mean that every single RPGM based game is malicious. That's because the game.exe is a "general executable" from RPGMMaker.
If you still don't trust: Download a free trial of RPGMMaker, and create your own "game" (create a sample project, save and built) -- then check thegame.exe
file. The results will be shocking! ;-)
Good thing no sandboxes flagged this executable as malicious.You must be registered to see the links
calc.exe
from Microsoft -- you should never use this (or trust it's developers) again! It drops random files, and I mean
I would note that I explicitly ignored the malware detections on the first file and was looking purely at behaviours, automated dynamic analysis of malware isn't exactly great and will frequently result in false positives or false negatives so some manual review is required.Good thing no sandboxes flagged this executable as malicious.
// EDIT: I just checked thecalc.exe
from Microsoft -- you should never use this (or trust it's developers) again! It drops random files, and I meanYou must be registered to see the links! Oh hang on, those look very similar to those game.exe drops! Huh?
// EDIT #2: And now I will stop, sorry for being off-topic.
Context matters. We didn't get a virus from the download but this guy claims there is one from the very same download.Aren't you guys always "laughing out loud" about people who don't read?
Thanks for proving that you don't read as well, and just want to hassle everyone!
- the check wasn't executed on their own VM, but in a sandbox from an AV company/from virustotal.com
- the checked file was 100% the game.exe from the most recent downloads available in OP
(literally takes like 1 minute to check that yourself!)
Those are the most ridiculous and uneducated comments I've ever read when it comes to viruses/malicious code. Please learn how malicious code works before posting anything like that ever again! "Just because a million people downloaded the virus and nothing bad happened, this is safe!" -- ROFL!
But that's way to off-topic, so I will stop here...
Just like every noodle ever ..... Oh waitContext matters. We didn't get a virus from the download but this guy claims there is one from the very same download.
As someone who's worked in IT all my life, including specifically doing virus cleanup on a large scale, I'd like to think I know what I'm talking about here.
So get off your high horse and stop taking things out of context.