Unity True Facials [v0.5 Pro] [HenryTaiwan]

[Blacktearss]

It was not my intention to put on a drama, I do declare myself ignorant of computers. Chances are there are plenty of people here who know more than me. I am only telling my personal experience and my recommendation from my discretion. Everyone is free to do whatever you want! If someone is doing great and hasn't had a virus alarm go off, please comment here

the amount of tech illiterate people on this site is scary, there is nothing and never was anything wrong with the game, your opsec is just garbage and someone got into your account. reading this thread is actual torture, shit i've been using linux for 3 years now and i know more about windows than 90% of people here.

View attachment 3766001

 

[punhetas]

It was not my intention to put on a drama, I do declare myself ignorant of computers. Chances are there are plenty of people here who know more than me. I am only telling my personal experience and my recommendation from my discretion. Everyone is free to do whatever you want! If someone is doing great and hasn't had a virus alarm go off, please comment here

To be clear, you're talking about version .42 and not the new 0.5 that some are complaining.

The previous has been amply discussed before in the thread since they used a system translator because the programer is corean ( if I'm not mistaken).
The "trojan" was a script to run the translator on the .exe that most antivírus flagged as a generic trojan.

This new "situation" might be something of the sort, don't know.

 

[user0609]

I said, I won't touch the game until a specialist can assure me that I won't ruin my PC.

specialist? on a pirate forum? what's next? and if you missed

now either move on or play the game, but please stop posting nonsense

 

[Rizzla93]

The true facials are in the comments

 

[Eldoween]

specialist? on a pirate forum? what's next? and if you missed
View attachment 3766127
now either move on or play the game, but please stop posting nonsense

This admin's quote triggered me.
I see :
"You are stupid. LoL. Bye."

Tell us that for you (admin) it's a false positive or not?
We don't need your condescension.

 

[olie]

Personally I'm not tech literate enough to really know what half the stuff ya'll are talkin about means, but if this program has a chance of containing a virus, it should be re-checked to be virus free.

First of all, was it 0.5 or 0.4.2 that had the virus? Was it both? If it was 0.4.2, was it the 0.4.2 that was originally on the main page of this or was it the one that was posted by someone after 0.4.2 was removed from the main page? From what I can see, it seems like different people are seeing different things, which I think (as a non-tech expert mind you) it could just be that if the virus exists, it may only exist on one version.

 

[scoobydoo86]

DO NOT RUN THIS GAME

UNTIL THE DEVELOPER / OP CAN EXPLAIN THESE DETECTIONS, AND FILE OPERATIONS.

You must be registered to see the links

You must be registered to see the links

Both do the same, both have different anti virus results.


The virus one, injects into C:\Program Files (x86)\Google1608_1329478733\bin\updater.exe

View attachment 3764914


Does this really look like something this forum shouldn't look into?

Do I need to manually reverse engineer this executable to prove the developer (OR ORIGINAL POSTER !! ! ) is doing something fishy.

View attachment 3764915

Related parents, aka shared file hashes. Why is it affiliated with keygens, and random zips???

It establishes connections to multiple external IP addresses. These connections are potentially command-and-control (C2) servers, indicating the malware's attempt to communicate with an external source for instructions or data exfiltration.

Spawns new processes and services, indicating the execution of its payload and attempts to maintain control over the infected system.

It modifies registry entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run to ensure it runs every time the system starts.

Changes in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to manipulate system services, often to disable security-related services or to create new malicious services.

Modifies the key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, potentially to affect browser behavior and user credential handling.

View attachment 3764941 View attachment 3764942

The malware creates numerous .tmp files in the user's temporary directory (AppData\Local\Temp). These files are likely used as intermediate stages in the malware's execution process.

The malware uses cmd.exe to execute batch files (.bat) located in the temporary directory. These batch files are used to execute the primary malicious payload.

The malware masquerades as the Google updater to blend in with legitimate processes. This is indicated by paths like C:\Program Files (x86)\Google\Update\.

By creating and executing multiple batch files, the malware ensures persistence and continuous execution, making it harder to remove.

Downloaded via Gofile. (Original link on 22.06.24 before 12:32)
Kaspersky AV has nothing to complain about.
No files are generated in the TEMP folder when the exe file is executed. Cannot reproduce or confirm the behaviour described here. ‍♀

 

[anzug]

For whatever it's worth, Malwarebytes didn't seem to have an issue with it, at least not for me.

 

[scoobydoo86]

For whatever it's worth, Malwarebytes didn't seem to have an issue with it, at least not for me.

I have started the exe directly, without the batch file, and will leave it at that.

 

[Glockhemp]

Holy shit, its alive?!

 

[MavisFeatherlight]

Holy shit, its alive?!

yes and it comes with malware for free

 

[Blacktearss]

In conclusion, it is up to each individual, I loved the game and it is incredible what you can do in it. But I won't put my very expensive PC at risk for a fap. xD

 

[Dark_Templar]

DO NOT RUN THIS GAME

UNTIL THE DEVELOPER / OP CAN EXPLAIN THESE DETECTIONS, AND FILE OPERATIONS.

You must be registered to see the links

You must be registered to see the links

Both do the same, both have different anti virus results.


The virus one, injects into C:\Program Files (x86)\Google1608_1329478733\bin\updater.exe

View attachment 3764914


Does this really look like something this forum shouldn't look into?

Do I need to manually reverse engineer this executable to prove the developer (OR ORIGINAL POSTER !! ! ) is doing something fishy.

View attachment 3764915

Related parents, aka shared file hashes. Why is it affiliated with keygens, and random zips???

It establishes connections to multiple external IP addresses. These connections are potentially command-and-control (C2) servers, indicating the malware's attempt to communicate with an external source for instructions or data exfiltration.

Spawns new processes and services, indicating the execution of its payload and attempts to maintain control over the infected system.

It modifies registry entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run to ensure it runs every time the system starts.

Changes in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to manipulate system services, often to disable security-related services or to create new malicious services.

Modifies the key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, potentially to affect browser behavior and user credential handling.

View attachment 3764941 View attachment 3764942

The malware creates numerous .tmp files in the user's temporary directory (AppData\Local\Temp). These files are likely used as intermediate stages in the malware's execution process.

The malware uses cmd.exe to execute batch files (.bat) located in the temporary directory. These batch files are used to execute the primary malicious payload.

The malware masquerades as the Google updater to blend in with legitimate processes. This is indicated by paths like C:\Program Files (x86)\Google\Update\.

By creating and executing multiple batch files, the malware ensures persistence and continuous execution, making it harder to remove.

None of what you claim is actually happening, no reg keys modified, no temp files, nothing.

You're either intentionally misleading people or are just fucking stupid, not sure which. Yes there can be generic trojan warnings for this exe which relates to ntleas much like all previous versions but it's nothing to be concerned about, if you ran this, your PC is fine, don't worry.

 

[GucivYdglb]

None of what you claim is actually happening, no reg keys modified, no temp files, nothing.

You're either intentionally misleading people or are just fucking stupid, not sure which. Yes there can be generic trojan warnings for this exe which relates to ntleas much like all previous versions but it's nothing to be concerned about, if you ran this, your PC is fine, don't worry.

Same, i don't find a "Google1608_1329478733" folder anywhere

 

[Prick]

It all started when Henry received mass complaints that the game would not run on some systems. This was because some of the game code has Japanese characters, which requires Japanese system locality to run the game, or by running an emulator. Assuming the average genius on the internet would still complain that the game doesn't work, he packaged the game with ntleas (locale emulator) - a program which is well known for triggering anti-virus/malware programs. I can only assume this is where the actual red flags are coming from.

I recall the discussions on Hongfire ages ago when Custom Maid was really popular, ntleas was often used to run the game without changing system locality. And yes, the same discussions came up.

I do not remember which version introduced the new applocale emulator, but it was the first build to also have the "bin" executable packaged with the game.

If anyone among this thread has an archive of the older builds, it would prove the point to find the last build without ntleas, and scanning it.

 

[rev_10]

Do you work in IT or cyber security?

Just basic software and virus knowldge i've acquired over this years. The game's files and behavior are far from what malware is. I've had viruses and bad .exe's on my computer, their behavior, although it tries to be stealthy, always in some way will show up.

 

[DraKeoniS]

I tried to verify it with Malwarebytes and there wasn't anything after first scan. Probably because all the files were already in quarantine, but in a spurt of stupidity, I pulled out the bin.exe file from there and immediately Malwarebytes flagged it as unsafe.

Kinda strange, i do use Malwarebytes and it detected nothing even after doing a full scan with rootkit included.

 

[rev_10]

I will only speak from my experience and without much computer knowledge. Last year I downloaded this game. Since that time some time passed and my PC stopped being the same. Even in the short period of time they withdrew 140 dollars from my bank account in my country through Paypal without authorizing or checking anything at the bank.

They added and removed my card like it was nothing. As if they knew all my details. In my experience I DO NOT RECOMMEND DOWNLOADING THIS GAME. Everyone is free to do as they please. It's a great game, really. But it's not worth the price xD

Luckily my bank recognized that it was an "attack" on my bank account and refunded me the money.

I am an active user and I try many games on this forum. This is the first time something similar has happened to me. True Facials has something very strange and dangerous in my opinion. Thank you for reading.

How do you connect these 2 events? It doesn't even make sense, a game cannot make some user access your computer files, Internet or PayPal, like never at all, they would need an specific .exe that injects special stuff in your OS so they can hijack it.

Also what do you mean that your PC "stopped being the same"? Do you think it stopped being the same or what? Wdym, like slower, doing stuff that it didn't do before, suspicious programs installed? Since i have installed this game, i had literally zero problema, like NO drama at all. And my Credit Card data is on my browser and Xbox App for example, guess what? No one has ever extracted any money from me. And none of my social or Discord has ever been hacked.

I am sorry to say that you don't even know what caused your issue, which i very much doubt the game hacked anything and it was due to something else that you downloaded or clicked on some website that has malware in it or you entered your data on some fake version of PayPal's site. I proved the game has no malware with a screenshot from Malwarebytes itself and posting a few of my system's files, there is nothing else i can do to help people calm down.

 

[rev_10]

the amount of tech illiterate people on this site is scary, there is nothing and never was anything wrong with the game, your opsec is just garbage and someone got into your account. reading this thread is actual torture, shit i've been using linux for 3 years now and i know more about windows than 90% of people here.

View attachment 3766001

Yeah, from the guy that claimed the game is a super-duper malware, but only posted screenshots from Virus Total that simulates what the virus would do, but the actual game files do nothing, not even connect to the Internet, to like 3 users straight up buying the BS and saying they will reinstall Windows now instead of trying to investigate by themselves a bit, another guy claiming Malwarebytes says it's "malicious", but i used it myself and the game is clean, which means they probably had other sort of shit in their system and they blamed the game.

Some people here are downloading these games, but makes me wonder how they installed other games that aren't nsfw that have their files marked as false positive due to the crack (that if you use any garbage mainstream AV). I assume they just delete them every time.

 

[rev_10]

In my experience I couldn't do anything once installed. Maybe change the passwords on your computer and your accounts. But do it from another device. I have not formatted my PC because I have many important jobs... But I say again that installing this game was a before and after. Something really changed for the worse. And I don't care if they believe me or those who know a lot about computers give me shit. I'm just talking about my experience.

A computer get get slow due to corrupt Windows install over time that needs repair, a lot of temporal/cache files that you haven't cleaned, dust, bad bios settings, overheating and so many things. I do believe the suff that happened to you, but you are only trying to blame one thing for it and i really don't know what to say. I checked the game's files behavior and even use Malwarebytes to check the whole game folder itself and it reports nothing.

So for example, the dude that says Malwarebytes claim it's a virus, i don't believe that, what i do believe is that they had a mess on their system mixed with other things and their AV/Antimalware reported malware.