Post by SlushyAnimals in Royale Harem comments

Viewing post in Royale Harem comments

We would never include any harmful material in our game intentionally, and our partnership with itch.io has helped to keep our software secure. we speculate that this is either a false error, or the service you are using is intentionally giving a false read in order to incur a payment. in any case, thank you for bringing it to our attention, we will investigate carefully.

Im honestly the only person with access to the games code, and i don't know the first thing about viruses, but idk. could something have attached itself to the file without my knowledge?

Gregwilford17 days ago (2 edits) (+1)

Getting something attached to a compiled program without knowledge is possible but very unlikely.

Sites like virustotal should be used with some discernment. If 1 out of 70+ scanners indicates a problem, the likelihood of a false positive is high.

It's likely part of renpy itself being claimed. Nearly all programs (open source has it worse) have some rate of false detection, which is solved in various ways, like lodging an issue with the companies (https://github.com/renpy/renpy/issues/5314) . Renpy has had false positives a few times. Around 2021, the 32-bit exe was flagged because the mingw linux-to-windows compiler used had the style of calling in it's compiled output generally flagged by some scanners (made worse by a bug in the hash calculation for the compiled file renpy used).

Indeed, if you go to Renpy's download site: ( https://www.renpy.org/latest.html ) , download the latest .exe version, and immediately check that, it comes up with the exact detection you're seeing.

Hinsh17 days ago(-2)

I still have in my mind the situation with CurseForge, when there attackers gained access to the accounts of mod developers for Minecraft and uploaded "new mods versions" with a virus stuffed in it.

Gregwilford17 days ago(+1)

Perhaps.
I don't want to get too deep into a discussion on someone's game forum, heh. Ultimately, make your own call for what makes you feel comfortable.

For fun, I tested a few things on virus total in the last few minutes. The following are detected as viruses right now:

VLC media player (64bit) Windows- vlc-3.0.20-win64.exe
Firefox browser 64-bit Windows installer - Firefox Installer.exe
Drobbox 64-bit Windows desktop installer - DropboxInstaller.exe
7zip Windows 64-bit beta version installer - 7z2404-x64.exe
Winrar 32-bit Windows installer - winrar-x32-700.exe
GoG Galaxy installer for 64-bit Windows - GOG_Galaxy_2.0.exe
Notepad++ 32-bit installer - npp.8.6.5.Installer.exe

SlushyAnimals16 days ago

I thank you for your research on the matter! i may be the coder for this project, but as anyone who's seen my code would know, its far from my specialty. I thank you for your time and effort on this, its super helpful!