- Aug 16, 2017
- 325
- 860
Wait HenryTaiwan returned, no fucking way....
Last edited:
- Jun 19, 2017
- 149
- 226
"Male protagonist" tag should be removed. Only protagonists are chicks with dicks
- Oct 4, 2017
- 464
- 670
- Oct 9, 2022
- 264
- 266
WTF??????????? HE BACK BACK?????? FOR REAL?????? hopping in without any kind of AV or defender so wish my system32 best of luck!
Last edited:
- Mar 17, 2019
- 532
- 648
- Oct 9, 2022
- 264
- 266
- Nov 8, 2021
- 40
- 56
- Feb 6, 2019
- 12
- 17
Why the fuck it's a futa game now? FFS. Also runs like absolute dog shit, none of the settings works to lower graphics.
- Dec 17, 2018
- 409
- 1,263
- Feb 18, 2020
- 42
- 33
Has anyone had problems regarding the virus that this game brings? I remember downloading it last year and having quite a few problems. They even took money from me through PayPal. I don't know if it was a coincidence or it really has a virus. I await comments.
DO NOT RUN THIS GAME
UNTIL THE DEVELOPER / OP CAN EXPLAIN THESE DETECTIONS, AND FILE OPERATIONS.
Both do the same, both have different anti virus results.
The virus one, injects into C:\Program Files (x86)\Google1608_1329478733\bin\updater.exe
Does this really look like something this forum shouldn't look into?
Do I need to manually reverse engineer this executable to prove the developer (OR ORIGINAL POSTER !! ! ) is doing something fishy.
Related parents, aka shared file hashes. Why is it affiliated with keygens, and random zips???
It establishes connections to multiple external IP addresses. These connections are potentially command-and-control (C2) servers, indicating the malware's attempt to communicate with an external source for instructions or data exfiltration.
Spawns new processes and services, indicating the execution of its payload and attempts to maintain control over the infected system.
It modifies registry entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run to ensure it runs every time the system starts.
Changes in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to manipulate system services, often to disable security-related services or to create new malicious services.
Modifies the key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, potentially to affect browser behavior and user credential handling.
The malware creates numerous .tmp files in the user's temporary directory (AppData\Local\Temp). These files are likely used as intermediate stages in the malware's execution process.
The malware uses cmd.exe to execute batch files (.bat) located in the temporary directory. These batch files are used to execute the primary malicious payload.
The malware masquerades as the Google updater to blend in with legitimate processes. This is indicated by paths like C:\Program Files (x86)\Google\Update\.
By creating and executing multiple batch files, the malware ensures persistence and continuous execution, making it harder to remove.
UNTIL THE DEVELOPER / OP CAN EXPLAIN THESE DETECTIONS, AND FILE OPERATIONS.
You must be registered to see the links
You must be registered to see the links
Both do the same, both have different anti virus results.
The virus one, injects into C:\Program Files (x86)\Google1608_1329478733\bin\updater.exe
Does this really look like something this forum shouldn't look into?
Do I need to manually reverse engineer this executable to prove the developer (OR ORIGINAL POSTER !! ! ) is doing something fishy.
Related parents, aka shared file hashes. Why is it affiliated with keygens, and random zips???
It establishes connections to multiple external IP addresses. These connections are potentially command-and-control (C2) servers, indicating the malware's attempt to communicate with an external source for instructions or data exfiltration.
Spawns new processes and services, indicating the execution of its payload and attempts to maintain control over the infected system.
It modifies registry entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run to ensure it runs every time the system starts.
Changes in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to manipulate system services, often to disable security-related services or to create new malicious services.
Modifies the key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, potentially to affect browser behavior and user credential handling.
The malware creates numerous .tmp files in the user's temporary directory (AppData\Local\Temp). These files are likely used as intermediate stages in the malware's execution process.
The malware uses cmd.exe to execute batch files (.bat) located in the temporary directory. These batch files are used to execute the primary malicious payload.
The malware masquerades as the Google updater to blend in with legitimate processes. This is indicated by paths like C:\Program Files (x86)\Google\Update\.
By creating and executing multiple batch files, the malware ensures persistence and continuous execution, making it harder to remove.
Last edited:
- Jan 13, 2020
- 879
- 821
Nothing of sorts happens on my pc...
But since I'm no expert, I propose a simple and quick solution to doublecheck these findings:
Install Sandboxie and run the game in the sandbox, than go to check the sandbox file structure if anithing of the above is actually there.. or if it's just another "you are in danger! gimme your money" thing.
Oh shit this sounds serious! Do you have anyway instructions to remove this thing from your PC?
- Mar 17, 2019
- 532
- 648
people are fucking stupid here.... if only 2 or 3 engines on Virustotal were positive for potentially dangerous malware, I would have said "yep, that's a false positive" but over fucking 20???
from that point on there is something seriously wrong with the "game"
I will avoid this shit as long as no one can prove to me 100% that they are all just false positives
from that point on there is something seriously wrong with the "game"
I will avoid this shit as long as no one can prove to me 100% that they are all just false positives
i want to ask , did you download files from patreon directly or from some guy in this forums? , can we confirm if it is injected by strangers to the game or it is programmed by the developer in the game
thats why im ALSO accusing the original poster, and the "source" of this build.
im using the files ONLY found from here
I cannot 100% accuse the DEV when we are using this middleman for releases.
Last edited: