VN Ren'Py The Seven Realms [R3 v1.01] [SeptCloudGames]

[Bob69]

If the game didn't run for more than 10 minutes it didn't download shit.

# Download the script if 10 minutes have passed since the first run

 

[Badjourasmix]

After this stuff started happening I just use sandboxie to play all the game I download from here. You can make it so anything running inside the sandbox can't connect to the internet so even if you download an infected game, you should be fine because it can not download the malware.

 

[DragonsFear]

After this stuff started happening I just use sandboxie to play all the game I download from here. You can make it so anything running inside the sandbox can't connect to the internet so even if you download an infected game, you should be fine because it can not download the malware.

thats what im going to do from now on
it happens to often ,and to bad (for now) it can't be detected easely

 

[mytest111]

bin folder is so the trojan can make a own path to get access to your files etc

If i don't have the bin folder it means I'm safe? Or the virus deleted the folder too?

 

[DragonsFear]

If i don't have the bin folder it means I'm safe? Or the virus deleted the folder too?

bin folder stays
but they rolled back to build4 what i have seen so no longer the latest

 

[Badjourasmix]

If i don't have the bin folder it means I'm safe? Or the virus deleted the folder too?

Doesn't hurt to do a full scan of your pc just to be safe.

 

[mytest111]

bin folder stays
but they rolled back to build4 what i have seen so no longer the latest

So I guess it never downloaded the virus for some reason?

 

[Bob69]

So I guess it never downloaded the virus for some reason?

Did you had the game run more than 10 minutes? Or your Antivir/Win Defender blocked it.

 

[DragonsFear]

Did you had the game run more than 10 minutes? Or your Antivir/Win Defender blocked it.

with me it actually responded in less than 1 minute, so woudn't count on the 10 minute rule imo

 

[Bob69]

with me it actually responded in less than 1 minute, so woudn't count on the 10 minute rule imo

Its in the script though.
Actually it creates a timestamp file. (thats prob what your antivir detected)
Then if the the timestamp file exist after another 10 minutes it downloads stuff.

 

[DragonsFear]

Its in the script though.
Actually it creates a timestamp file. (thats prob what your antivir detected)
Then if the the timestamp file exist after another 10 minutes it downloads stuff.

casn it be counting up, so lets say multiple runs of 1 or 2 minutes that triggers it ? (after 10 minutes in total ? )

 

[Bob69]

casn it be counting up, so lets say multiple runs of 1 or 2 minutes that triggers it ? (after 10 minutes in total ? )

10 minutes twice:

if datetime.now() - first_run < timedelta(minutes=10):

 

[mytest111]

10 minutes twice:

if datetime.now() - first_run < timedelta(minutes=10):

Which file has this script?
Maybe only R3 is affected? I played R1-R2

 

[HiHaHo]

Which file has this script?
Maybe only R3 is affected? I played R1-R2

it was the leaked latest update for r3, you can safely download the old r3 version

 

[Bob69]

Which file has this script?
Maybe only R3 is affected? I played R1-R2

Yes only R3 was affected.

it was the leaked latest update for r3, you can safely download the old r3 version

The links are now fine I cleaned it up and reuploaded PC (that was the only version affected).

Also my compression is and was fine.

 

[SonsOfLiberty]

Hmm. I used a Sandbox to test and check, got no warnings etc. It also list every try to connect to the internet, etc. Gonna inform Sam.

WELL MOTHER FUCKER

It can hide from VM"s and the like.

Trojan:Win32/Wacatac.H!ml can evade detection by performing checks to ensure it is not being executed in a debug environment, on a virtual machine, or in a banned country. While being present in nearly any malware, country checks are most commonly seen in malware that originates from ex-USSR countries.

Additionally, it establishes persistence in the attacked environment by creating a randomly named copy in a random directory in the AppData or LocalAppData folder of a user directory and adding a corresponding value to the Run entry of the system registry. By doing this, malware makes itself harder to stop and remove, ensuring that its execution will not be interrupted by restarts or file deletion.

Wacatac.H!ml is also a false positive in a lot of cases as well due to the nature of machine learning, it was the one that was going around during the last "big" outbreak and most, if not, all were false positives.

Machine Learning or Artificial Intelligence detection.

Machine Learning is a system at your antivirus developer that tries to identify features common to malware. It could be any kind of malware, could be a potentially unwanted program(ie. adware), could be a false positive.

 

[Badjourasmix]

It can hide from VM"s and the like.




Wacatac.H!ml is also a false positive in a lot of cases as well due to the nature of machine learning, it was the one that was going around during the last "big" outbreak and most, if not, all were false positives.

So as long as you're running the game on a sandbox or VM it won't activate?

 

[TheOriginalSchizo]

Full scan with Windows Defender said 0 threats found guess I'm safe now

 

[SonsOfLiberty]

So as long as you're running the game on a sandbox or VM it won't activate?

It can from what I've read, if you want to do a deep dive, just Google/Bing the name.

You will see it can be dangerous and as you can see on the A/V threads on Reddit be the worst pita false positive possible.

You can also use something like this and have more control of what access's the internet.

For firewall to monitor or allow connections (I've said and some others) some good add-on apps for Windows Firewall.

You must be registered to see the links

- Can watch everything and see where it goes to, free just has monitor.

You must be registered to see the links

- Gives more control and can allow/block as everything is blocked at first and you have to allow

You must be registered to see the links

- Same as above, both small and lightweight, basically zero footprint.

 

[Badjourasmix]

It can from what I've read, if you want to do a deep dive, just Google/Bing the name.

You will see it can be dangerous and as you can see on the A/V threads on Reddit be the worst pita false positive possible.

You can also use something like this and have more control of what access's the internet.

In sandboxie I have it so anything running in the sandbox can't connect to the internet. Would that be enough?