Unity True Facials [v0.58b Pro] [HenryTaiwan]

[rev_10]

DO NOT RUN THIS GAME

UNTIL THE DEVELOPER / OP CAN EXPLAIN THESE DETECTIONS, AND FILE OPERATIONS.

You must be registered to see the links

You must be registered to see the links

Both do the same, both have different anti virus results.


The virus one, injects into C:\Program Files (x86)\Google1608_1329478733\bin\updater.exe

View attachment 3764914


Does this really look like something this forum shouldn't look into?

Do I need to manually reverse engineer this executable to prove the developer (OR ORIGINAL POSTER !! ! ) is doing something fishy.

View attachment 3764915

Related parents, aka shared file hashes. Why is it affiliated with keygens, and random zips???

It establishes connections to multiple external IP addresses. These connections are potentially command-and-control (C2) servers, indicating the malware's attempt to communicate with an external source for instructions or data exfiltration.

Spawns new processes and services, indicating the execution of its payload and attempts to maintain control over the infected system.

It modifies registry entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run to ensure it runs every time the system starts.

Changes in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to manipulate system services, often to disable security-related services or to create new malicious services.

Modifies the key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, potentially to affect browser behavior and user credential handling.

View attachment 3764941 View attachment 3764942

The malware creates numerous .tmp files in the user's temporary directory (AppData\Local\Temp). These files are likely used as intermediate stages in the malware's execution process.

The malware uses cmd.exe to execute batch files (.bat) located in the temporary directory. These batch files are used to execute the primary malicious payload.

The malware masquerades as the Google updater to blend in with legitimate processes. This is indicated by paths like C:\Program Files (x86)\Google\Update\.

By creating and executing multiple batch files, the malware ensures persistence and continuous execution, making it harder to remove.

Dude this is just stupid and nonsense. I don't even have the files that the game, which you blatantly claim as a virus, apparently generates. In fact, none of the TF files i have ever connect to the internet. Stop this paranoia please, this is 100% false positive stuff. And all of your "proof" is only based on what VirusTotal says, lmfao, but when you manually check any system, you will see that nothing of what is claimed in there ever happens, again, merely a false positive. Chill out and quit acting so stupid, learn how computer programs work, ffs. There are no "spawned" services on my system and each time i open the game, it has 0% of connection to the internet nor any sort of bandwith usage.

The registry keys you posted, again, only based on what a website says and blindly trusting it (and without keeping in mind that it's just running a simulation of what a program may do) have zero changes on my system as well. In fact, i can upload them all if you want just so you realize how wrong you are and how just DUMB your "info" is.

Full Malwarebytes scan reports zero malware on my system. Not that it's needed, but you are really misleading people here.

You must be registered to see the links

 

[gghhoosstt123]

DO NOT RUN THIS GAME

UNTIL THE DEVELOPER / OP CAN EXPLAIN THESE DETECTIONS, AND FILE OPERATIONS.

You must be registered to see the links

You must be registered to see the links

Both do the same, both have different anti virus results.


The virus one, injects into C:\Program Files (x86)\Google1608_1329478733\bin\updater.exe

View attachment 3764914


Does this really look like something this forum shouldn't look into?

Do I need to manually reverse engineer this executable to prove the developer (OR ORIGINAL POSTER !! ! ) is doing something fishy.

View attachment 3764915

Related parents, aka shared file hashes. Why is it affiliated with keygens, and random zips???

It establishes connections to multiple external IP addresses. These connections are potentially command-and-control (C2) servers, indicating the malware's attempt to communicate with an external source for instructions or data exfiltration.

Spawns new processes and services, indicating the execution of its payload and attempts to maintain control over the infected system.

It modifies registry entries in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run to ensure it runs every time the system starts.

Changes in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to manipulate system services, often to disable security-related services or to create new malicious services.

Modifies the key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE, potentially to affect browser behavior and user credential handling.

View attachment 3764941 View attachment 3764942

The malware creates numerous .tmp files in the user's temporary directory (AppData\Local\Temp). These files are likely used as intermediate stages in the malware's execution process.

The malware uses cmd.exe to execute batch files (.bat) located in the temporary directory. These batch files are used to execute the primary malicious payload.

The malware masquerades as the Google updater to blend in with legitimate processes. This is indicated by paths like C:\Program Files (x86)\Google\Update\.

By creating and executing multiple batch files, the malware ensures persistence and continuous execution, making it harder to remove.

forget about AV i don't even have windows defender and i had no issue so far with it lmao

 

[user0609]

yeah... + every file is always double-checked by moderators before posting

 

[CachedBaguette]

Normally I would probably consider this a false positive as mods are stating, but this game had spawned almost the same files like these in poopybutt77 post. One of the few differences was that "chromeupdate.exe", which in my case was the "operaupdate.exe". All files were blocked by antivirus, but I still will have to wipe out my entire second PC.

 

[rev_10]

forget about AV i don't even have windows defender and i had no issue so far with it lmao

The .exe file does NOTHING of what this guy believes only because a website simulates its "behavior". To begin with, the game has zero connection to the internet, you can check the reports in Task Manager and you could also check the current connections on your computer with a CMD command:

You must be registered to see the links

Secondly, the game's .exe doesn't "spawn" any extra services lmao, the guy just posts that idiotic BS, but provides no real info on that. I am always very aware of what runs on my computer, what services are running, background stuff, start up programs and such, i keep my system tweaked and i ALWAYS know what is running and what shouldn't be running, i use stuff such as Process Explorer for example. I can guarantee this game and none of its files are malicious or malware.

Don't trust someone that is literally pasting screenshots from a website that simulates malware behavior based on a false positive, if he knew what he was talking about, he'd run the files on a Virtual Machine and show us the amount of "bad" behavior the game would create in Windows. Then he tells people to wipe Windows .

 

[hieiyyh]

Has anyone had problems regarding the virus that this game brings? I remember downloading it last year and having quite a few problems. They even took money from me through PayPal. I don't know if it was a coincidence or it really has a virus. I await comments.

HOLY SHIT! Now i'm worried, last time i played it was version 0.42b, didn't downloaded the 5.0.

 

[rev_10]

Normally I would probably consider this a false positive as mods are stating, but this game had spawned almost the same files like these in poopybutt77 post. One of the few differences was that "chromeupdate.exe", which in my case was the "operaupdate.exe". All files were blocked by antivirus, but I still will have to wipe out my entire second PC.

Why do you have to wipe out your entire second PC? What happened? Which AV blocked those files? Did you use Malwarebytes to check for more stuff and let the program have a second opinion? Where are these viruses that now are making you re-install Windows again? What you are saying doesn't make any sense.

 

[lynch88]

Malwarebytes got the true facials exe file, Eset didn't. I started the game from the bin exe and additional files or etc problems occured

 

[rev_10]

Malwarebytes got the true facials exe file, Eset didn't. I started the game from the bin exe and additional files or etc problems occured

Literally don't know what else to do so people realize: 1) This is a false positive 2) Those who are claiming it's malware and that now believe they have malware (to the point another user in here now has to wipe Windows ) have no idea how this stuff works.

 

[CachedBaguette]

Why do you have to wipe out your entire second PC? What happened? Which AV blocked those files? Did you use Malwarebytes to check for more stuff and let the program have a second opinion? Where are these viruses that now are making you re-install Windows again? What you are saying doesn't make any sense.

Okay, let's start from the beginning:
1. I ran truefacials.exe and Bitdefeder imidiately blocked .exe files and launched the scan.
2. Scanning detected a dozen newly created .tmp files in Appdata alongside with truefacials.exe, bin.exe and other executables, one was strangely called "operaupdate.exe". All were created on the same time.
3. I tried to verify it with Malwarebytes and there wasn't anything after first scan. Probably because all the files were already in quarantine, but in a spurt of stupidity, I pulled out the bin.exe file from there and immediately Malwarebytes flagged it as unsafe.
I've used to dealt with a lot of false positives in my days as a...sailor, but I've never had anything like this. None of the cracked games I have ever played generated so much garbage, especially .exe files that were imitating real apps.

 

[rev_10]

All non-MS services in my system. I can identify any of them accordingly to what i have installed.

Where are the "extra" spawned services that TF created? @poopybutt77

 

[rev_10]

Okay, let's start from the beginning:
1. I ran truefacials.exe and Bitdefeder imidiately blocked .exe files and launched the scan.
2. Scanning detected a dozen newly created .tmp files in Appdata alongside with truefacials.exe, bin.exe and other executables, one was strangely called "operaupdate.exe". All were created on the same time.
3. I tried to verify it with Malwarebytes and there wasn't anything after first scan. Probably because all the files were already in quarantine, but in a spurt of stupidity, I pulled out the bin.exe file from there and immediately Malwarebytes flagged it as unsafe.
I've used to dealt with a lot of false positives in my days as a...sailor, but I've never had anything like this.

Temp files can't really do anything in your computer (look it up). They are created depending how many times you use a program, at times, it's sort of a way they purge their stuff and some may access them at times to function properly (like Fallout mod managers, but you can still delete the files, the program may create them again, some may have a few glitches). But that folder can be safely deleted at any moment and nothing will happen, heck, Windows won't even stop you from deleting it. Do you think a malware just installs itself in there and starts to operate from there, when anyone can just delete the folder?

I literally checked the game files with Malwarebytes and it shows zero issues, so i really don't know what to say or what happened to you other than all popular AV programs are malware to me themselves, they probably can look everything in your computer and other stuff, slowing Windows down and having rights over any other program, from an external company. All i can say is that your BitDefender just decided to shit on itself for no reason, making a mess. If you believe anything that a popular "antivirus" (which is just another form of massive bloatware) says (which are popular indeed for false positives) and now you are convinced you must reinstall Windows, i really don't know what to say.

Defender, having common sense and informing yourself on how malware truly works and manually working to remove it's what everyone should do.

Operaupdate.exe it's just what Opera browser uses for updates. Now idea what it may generate in Temp folder or for what reason it got formed in your files if you don't have it installed, but i'd check for other stuff and not blame this game's files only.

 

[ssbbssc]

this needs to be run on a separate clean machine

 

[The Grifter]

From the changelog:

Character Selection

• No limit of how many characters you can have in your scene, as long as your PC can handle it.

 

[Eldoween]

I run the 0.5 version one time.
I'm doomed?
Which antimalware to use?

 

[MavisFeatherlight]

Temp files can't really do anything in your computer (look it up). They are created depending how many times you use a program, at times, it's sort of a way they purge their stuff and some may access them at times to function properly (like Fallout mod managers, but you can still delete the files, the program may create them again, some may have a few glitches). But that folder can be safely deleted at any moment and nothing will happen, heck, Windows won't even stop you from deleting it. Do you think a malware just installs itself in there and starts to operate from there, when anyone can just delete the folder?

I literally checked the game files with Malwarebytes and it shows zero issues, so i really don't know what to say or what happened to you other than all popular AV programs are malware to me themselves, they probably can look everything in your computer and other stuff, slowing Windows down and having rights over any other program, from an external company. All i can say is that your BitDefender just decided to shit on itself for no reason, making a mess. If you believe anything that a popular "antivirus" (which is just another form of massive bloatware) says (which are popular indeed for false positives) and now you are convinced you must reinstall Windows, i really don't know what to say.

Defender, having common sense and informing yourself on how malware truly works and manually working to remove it's what everyone should do.

Operaupdate.exe it's just what Opera browser uses for updates. Now idea what it may generate in Temp folder or for what reason it got formed in your files if you don't have it installed, but i'd check for other stuff and not blame this game's files only.

Do you work in IT or cyber security?

 

[gghhoosstt123]

The .exe file does NOTHING of what this guy believes only because a website simulates its "behavior". To begin with, the game has zero connection to the internet, you can check the reports in Task Manager and you could also check the current connections on your computer with a CMD command:

You must be registered to see the links

Secondly, the game's .exe doesn't "spawn" any extra services lmao, the guy just posts that idiotic BS, but provides no real info on that. I am always very aware of what runs on my computer, what services are running, background stuff, start up programs and such, i keep my system tweaked and i ALWAYS know what is running and what shouldn't be running, i use stuff such as Process Explorer for example. I can guarantee this game and none of its files are malicious or malware.

Don't trust someone that is literally pasting screenshots from a website that simulates malware behavior based on a false positive, if he knew what he was talking about, he'd run the files on a Virtual Machine and show us the amount of "bad" behavior the game would create in Windows. Then he tells people to wipe Windows .

Yea i just extracted the game and it opens up normally just like version 42b used to, the game files also look really normal too so i don't think there is any malware to it. And i never use AV anyways once you yourself understand what to look for or what to not look for, just enough knowledge and experience is need with these kind of things. AV just slows the pc down and always being a nusance to anything that is installed into pc so i don't bother with AVs.

 

[JamCrumpet]

Ive ran the game before all of this drama kicked off and it seems fine, Ill do more digging but im pretty sure this is all just false positive fear posting

 

[Blacktearss]

I will only speak from my experience and without much computer knowledge. Last year I downloaded this game. Since that time some time passed and my PC stopped being the same. Even in the short period of time they withdrew 140 dollars from my bank account in my country through Paypal without authorizing or checking anything at the bank.

They added and removed my card like it was nothing. As if they knew all my details. In my experience I DO NOT RECOMMEND DOWNLOADING THIS GAME. Everyone is free to do as they please. It's a great game, really. But it's not worth the price xD

Luckily my bank recognized that it was an "attack" on my bank account and refunded me the money.

I am an active user and I try many games on this forum. This is the first time something similar has happened to me. True Facials has something very strange and dangerous in my opinion. Thank you for reading.

 

[JamCrumpet]

I will only speak from my experience and without much computer knowledge. Last year I downloaded this game. Since that time some time passed and my PC stopped being the same. Even in the short period of time they withdrew 140 dollars from my bank account in my country through Paypal without authorizing or checking anything at the bank.

They added and removed my card like it was nothing. As if they knew all my details. In my experience I DO NOT RECOMMEND DOWNLOADING THIS GAME.

How have you linked the two though? What direct evidence do you have?
Otherwise it seems like coincidental superstition, like, "hey I want to the bakers on the same day I got hacked I bet the bakers stole my card info when I paid for my buns!"
The mods always check the files, and the comment specifically calls it a "false positive"
Ive since checked some of the listed folders people mentioned here and... nada, they dont even exist.

Sounds like people are getting viruses from other sources, or just THINKING they have a virus and attributing to a false positive from the game. FYI, I didnt get any warning.
Though I have deleted the game because they removed all the fucking characters.