gghhoosstt123
Member
- Oct 9, 2022
- 358
- 438
- 177
WTF??????????? HE BACK BACK?????? FOR REAL?????? hopping in without any kind of AV or defender so wish my system32 best of luck!
Last edited:
MavisFeatherlight
Active Member
- Mar 17, 2019
- 569
- 692
- 236
gghhoosstt123
Member
- Oct 9, 2022
- 358
- 438
- 177
BigChonkems
Newbie
- Nov 8, 2021
- 40
- 59
- 111
tomas123
New Member
- Feb 6, 2019
- 12
- 18
- 41
Why the fuck it's a futa game now? FFS. Also runs like absolute dog shit, none of the settings works to lower graphics.
user0609
Member
- Dec 17, 2018
- 411
- 1,289
- 218
Blacktearss
Newbie
- Feb 18, 2020
- 42
- 33
- 132
Has anyone had problems regarding the virus that this game brings? I remember downloading it last year and having quite a few problems. They even took money from me through PayPal. I don't know if it was a coincidence or it really has a virus. I await comments.
DO NOT RUN THIS GAME
UNTIL THE DEVELOPER / OP CAN EXPLAIN THESE DETECTIONS, AND FILE OPERATIONS.
Both do the same, both have different anti virus results.
The virus one, injects into C:\Program Files (x86)\Google1608_1329478733\bin\updater.exe
Does this really look like something this forum shouldn't look into?
Do I need to manually reverse engineer this executable to prove the developer (OR ORIGINAL POSTER !! ! ) is doing something fishy.
Related parents, aka shared file hashes. Why is it affiliated with keygens, and random zips???
It establishes connections to multiple external IP addresses. These connections are potentially command-and-control (C2) servers, indicating the malware's attempt to communicate with an external source for instructions or data exfiltration.
Spawns new processes and services, indicating the execution of its payload and attempts to maintain control over the infected system.
It modifies registry entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run to ensure it runs every time the system starts.
Changes in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to manipulate system services, often to disable security-related services or to create new malicious services.
Modifies the key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, potentially to affect browser behavior and user credential handling.
The malware creates numerous .tmp files in the user's temporary directory (AppData\Local\Temp). These files are likely used as intermediate stages in the malware's execution process.
The malware uses cmd.exe to execute batch files (.bat) located in the temporary directory. These batch files are used to execute the primary malicious payload.
The malware masquerades as the Google updater to blend in with legitimate processes. This is indicated by paths like C:\Program Files (x86)\Google\Update\.
By creating and executing multiple batch files, the malware ensures persistence and continuous execution, making it harder to remove.
UNTIL THE DEVELOPER / OP CAN EXPLAIN THESE DETECTIONS, AND FILE OPERATIONS.
You must be registered to see the links
You must be registered to see the links
Both do the same, both have different anti virus results.
The virus one, injects into C:\Program Files (x86)\Google1608_1329478733\bin\updater.exe
Does this really look like something this forum shouldn't look into?
Do I need to manually reverse engineer this executable to prove the developer (OR ORIGINAL POSTER !! ! ) is doing something fishy.
Related parents, aka shared file hashes. Why is it affiliated with keygens, and random zips???
It establishes connections to multiple external IP addresses. These connections are potentially command-and-control (C2) servers, indicating the malware's attempt to communicate with an external source for instructions or data exfiltration.
Spawns new processes and services, indicating the execution of its payload and attempts to maintain control over the infected system.
It modifies registry entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run to ensure it runs every time the system starts.
Changes in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to manipulate system services, often to disable security-related services or to create new malicious services.
Modifies the key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, potentially to affect browser behavior and user credential handling.
The malware creates numerous .tmp files in the user's temporary directory (AppData\Local\Temp). These files are likely used as intermediate stages in the malware's execution process.
The malware uses cmd.exe to execute batch files (.bat) located in the temporary directory. These batch files are used to execute the primary malicious payload.
The malware masquerades as the Google updater to blend in with legitimate processes. This is indicated by paths like C:\Program Files (x86)\Google\Update\.
By creating and executing multiple batch files, the malware ensures persistence and continuous execution, making it harder to remove.
Last edited:
JhonLui
Well-Known Member
- Jan 13, 2020
- 1,180
- 1,173
- 284
Nothing of sorts happens on my pc...
But since I'm no expert, I propose a simple and quick solution to doublecheck these findings:
Install Sandboxie and run the game in the sandbox, than go to check the sandbox file structure if anithing of the above is actually there.. or if it's just another "you are in danger! gimme your money" thing.
Oh shit this sounds serious! Do you have anyway instructions to remove this thing from your PC?
MavisFeatherlight
Active Member
- Mar 17, 2019
- 569
- 692
- 236
people are fucking stupid here.... if only 2 or 3 engines on Virustotal were positive for potentially dangerous malware, I would have said "yep, that's a false positive" but over fucking 20???
from that point on there is something seriously wrong with the "game"
I will avoid this shit as long as no one can prove to me 100% that they are all just false positives
from that point on there is something seriously wrong with the "game"
I will avoid this shit as long as no one can prove to me 100% that they are all just false positives
i want to ask , did you download files from patreon directly or from some guy in this forums? , can we confirm if it is injected by strangers to the game or it is programmed by the developer in the game
thats why im ALSO accusing the original poster, and the "source" of this build.
im using the files ONLY found from here
I cannot 100% accuse the DEV when we are using this middleman for releases.
Last edited:
do not rely on 'removing' viruses.
just assume all your infomation is compromised.
Change your passwords, ON A DIFFERENT PC
If using a password manager, do this one first.
Wipe windows, using a bootable usb that was created from a DIFFERENT PC.
Malware can steal, and upload all your local cookies, passwords in less than 1 second, and then continue a keylogger for more information.
More complex rootkits can infect new window install USB drives Aswell.
user0609
Member
- Dec 17, 2018
- 411
- 1,289
- 218
punhetas
Active Member
- Nov 2, 2016
- 693
- 1,429
- 379
punhetas
Active Member
- Nov 2, 2016
- 693
- 1,429
- 379
It's still important to report. Most people will download and not check the thread.
The forum had had issues in the past with distribution of infected games, so best to make them aware.